{ writeTextFile, nsjail }:

let
  inner = writeTextFile {
    name = "ocamlStudentModuleInner";
    executable = true;
    text = ''
      #!/bin/sh
      INTERFACE_FILE=$1
      STUDENT_FILE=$2
      DRIVER_FILE=$3

      ocamlc -o student.cmi $INTERFACE_FILE
      ocamlc -o student.cmo $STUDENT_FILE
      ocaml student.cmo $DRIVER_FILE
    '';
  };
in
writeTextFile {
  name = "ocamlStudentModule";
  executable = true;
  text = ''
    JAIL=$(mktemp -d)
    mkdir -p $JAIL/bin
    cp ${inner} $JAIL/bin/ocamlStudentModule
    ${nsjail}/bin/nsjail \
      -Mo \
      --chroot $JAIL \
      -R /bin/sh \
      -R /bin/ls \
      /bin/ls
      # /bin/ocamlStudentModule
  '';
}