Import order affects whether code is sandboxed.

[nedbat]

This code will run outside of a sandbox:

  import codejail.jail_code
  import codejail.safe_exec
  codejail.jail_code.configure('python', '/home/pmitros/jail/jailbox/bin/python')
  codejail.safe_exec.safe_exec("import os\nos.system('ls /etc')", {})

This code will run in a sandbox:

  import codejail.jail_code
  codejail.jail_code.configure('python', '/home/pmitros/jail/jailbox/bin/python')
  import codejail.safe_exec
  codejail.safe_exec.safe_exec("import os\nos.system('ls /etc')", {})

The only difference is the order of the calls.

The code which specifically breaks is:

UNSAFE = ALWAYS_BE_UNSAFE or not jail_code.is_configured("python")

This runs on import, and if UNSAFE is set, it overrides safe_exec with an unsafe version. The code attempts to log a warning, but fails unless loggers are configured the edX way (simply stating 'No handlers could be found for logger "codejail.safe_exec"').