CI: install Pipfile into system interpreter

A virtual environment is redundant in the context of deployment. It
just increases the size and build time of the image.

* Replace venv with system interpreter
* Mount Python binaries in /usr/local/bin in NsJail
* Fix #61: Python symlink in venv not resolving
* Re-lock Pipfile because it wasn't up to date according to
  pipenv install --deploy

1 files changed, 22 insertions, 1 deletions

diff --git a/snekbox.cfg b/snekbox.cfg
index 968271c..2e8b2e0 100644
--- a/snekbox.cfg
+++ b/snekbox.cfg
@@ -81,6 +81,27 @@ mount {
     rw: false
 }
 
+mount {
+    src: "/usr/local/bin/python"
+    dst: "/usr/local/bin/python"
+    is_bind: true
+    rw: false
+}
+
+mount {
+    src: "/usr/local/bin/python3"
+    dst: "/usr/local/bin/python3"
+    is_bind: true
+    rw: false
+}
+
+mount {
+    src: "/usr/local/bin/python3.8"
+    dst: "/usr/local/bin/python3.8"
+    is_bind: true
+    rw: false
+}
+
 cgroup_mem_max: 52428800
 cgroup_mem_mount: "/sys/fs/cgroup/memory"
 cgroup_mem_parent: "NSJAIL"
@@ -92,6 +113,6 @@ cgroup_pids_parent: "NSJAIL"
 iface_no_lo: true
 
 exec_bin {
-    path: "/snekbox/.venv/bin/python3"
+    path: "/usr/local/bin/python"
     arg: "-Iqu"
 }