How do you set up a virtual environment or sandbox for ruby without removing access to external API's?

I am running a bit of code that looks like this:

result = system("ruby " + filename_random_ruby_script)
if result
  save_to_disk(random_ruby_script)
else
  # Do Nothing
end

The variable "random_ruby_script" represents any .rb file.

This code is the first of many calls to system() and runs a ruby file that may also contain calls to system(), disk reads/writes, HTTP requests, and so on.

The ruby file must be run to find out what it does, but it might try to read/write/execute something other than itself and I don't want it deleting my HDD开发者_如何学编程 or posting lewd tweets.

I want to make a space where this program can run with no permission to write/execute anything in it's parent directories, but access to read anything locally and via any network protocol.

I also want to know if it tries to write/execute anything locally or on the net.

There is probably a gem or software that does something similar, but I am very green to sand-boxing my code, so pretty much any suggestion will be helpful.

Use safe level and don't run the script with system

http://ruby-doc.org/docs/ProgrammingRuby/html/taint.html

This was used, for instance, in the old github gem builder (gemspecs being normal executable ruby code).