Remove the tmptmp directory as the sandbox user.

README.rst

@@ -93,6 +93,7 @@ Other details here that depend on your configuration:
     $ sudo visudo -f /etc/sudoers.d/01-sandbox
 
     <SANDBOX_CALLER> ALL=(sandbox) SETENV:NOPASSWD:<SANDENV>/bin/python
+    <SANDBOX_CALLER> ALL=(sandbox) SETENV:NOPASSWD:/usr/bin/find
     <SANDBOX_CALLER> ALL=(ALL) NOPASSWD:/usr/bin/pkill
 
 5. Edit an AppArmor profile.  This is a text file specifying the limits on the

codejail/jail_code.py

@@ -197,17 +197,20 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None,
                 extra.write(content)
 
         cmd = []
+        rm_cmd = []
 
         # Build the command to run.
         user = COMMANDS[command]['user']
         if user:
             # Run as the specified user
             cmd.extend(['sudo', '-u', user])
+            rm_cmd.extend(['sudo', '-u', user])
 
         # Point TMPDIR at our temp directory.
         cmd.extend(['TMPDIR=tmp'])
         # Start with the command line dictated by "python" or whatever.
         cmd.extend(COMMANDS[command]['cmdline_start'])
+
         # Add the code-specific command line pieces.
         cmd.extend(argv)
 
@@ -231,6 +234,19 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None,
         result.stdout, result.stderr = subproc.communicate(stdin)
         result.status = subproc.returncode
 
+        # Remove the tmptmp directory as the sandbox user
+        # since the sandbox user may have written files that
+        # the application user can't delete.
+        rm_cmd.extend([
+            '/usr/bin/find', tmptmp,
+            '-mindepth', '1', '-maxdepth', '1',
+            '-exec', 'rm', '-rf', '{}', ';'
+        ])
+
+        # Run the rm command subprocess.
+        subproc = subprocess.Popen(rm_cmd, cwd=homedir)
+        subproc.communicate()
+
     return result
 
 

codejail/tests/test_jail_code.py

@@ -132,6 +132,36 @@ class TestFeatures(JailCodeHelpers, unittest.TestCase):
             "['tmp', 'also.txt', 'run.py']\nalso here\xff\x00\xab\n"
         )
 
+    def test_we_can_remove_tmp_files(self):
+        # This test is meant to create a tmp file in a temp folder as the
+        # sandbox user that the application user can't delete.
+        # This is because the sandbox user has the ability to delete
+        # any toplevel files in the tmp directory but not the abilty
+        # to delete files in folders that are only owned by the sandbox
+        # user, such as the temp directory created below.
+        set_limit('FSIZE', 1000)
+        res = jailpy(
+            code="""\
+                import os, shutil, tempfile
+                temp_dir = tempfile.mkdtemp()
+                with open("{}/myfile.txt".format(temp_dir), "w") as f:
+                    f.write("This is my file!")
+                shutil.move("{}/myfile.txt".format(temp_dir),
+                            "{}/overthere.txt".format(temp_dir))
+                with open("{}/overthere.txt".format(temp_dir)) as f:
+                    print f.read()
+                with open("{}/.myfile.txt".format(temp_dir), "w") as f:
+                    f.write("This is my dot file!")
+                # Now make it secret!
+                os.chmod("{}/overthere.txt".format(temp_dir), 0)
+                print os.listdir(temp_dir)
+            """)
+        self.assertResultOk(res)
+        self.assertEqual(
+            res.stdout,
+            "This is my file!\n['overthere.txt', '.myfile.txt']\n"
+        )
+
 
 class TestLimits(JailCodeHelpers, unittest.TestCase):
     """Tests of the resource limits, and changing them."""