Thanks for the responses folks. I will briefly summarize them:
> As you say, it is fundamentally not possible to make this work at
the Python level.
This is pretty effectively demonstrated by "Tav's admirable but failed attempt
to sandbox file IO":
* http://tav.espians.com/a-challenge-to-break-
I am writing a web service that accepts Python programs as input, runs the
provided program with some profiling hooks, and returns various information
about the program's runtime behavior. To do this in a safe manner, I need to be
able to create a sandbox that restricts what the submitted Python
