From ad1a0e0f450c3b96018a99420b2c1bf44d18558a Mon Sep 17 00:00:00 2001
From: Petr Stefan <ptr.stef@gmail.com>
Date: Thu, 24 Nov 2016 14:39:58 +0100
Subject: [PATCH] Add last part to worker architecture

---
 Worker.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Worker.md b/Worker.md
index 79b8667..23e24fe 100644
--- a/Worker.md
+++ b/Worker.md
@@ -75,8 +75,12 @@ program that should be set up to run periodically.
 
 ### Running student submissions
 
-- killing isolate
-- sandboxing requirements
+Student submissions are executed inside sandboxing environment to prevent damage of host system and also to restrict amount of used resources. Now only the Isolate sandbox support is implemented in worker, but there is a possibility of easy extending list of supported sandboxes.
+
+Isolated is executed in separate Linux process created by `fork` and `exec` system calls. Communication between processes is performed through unnamed pipe with standard input and output descriptors redirection. To prevent Isolate failure there is another safety guard -- whole sandbox is killed when it does not end in `(time + 300) * 1.2` seconds for `time` as original maximum time allowed for the task. However, Isolate should allways end itself in time, so this additional safety should never be used.
+
+Sandbox in general has to be command line application taking parameters with arguments, standard input or file. Outputs should be written to file or standard output. There no other requirements, worker design is very versatile and can be adapted to different needs.
+
 
 ## Installation