We are still, slowly, moving towards using jobeinabox as the back-end for our CodeRunner setup. (It is progressing slowly, because we have a bit of an 'if it ain't broke ...' with our existing setup.)
We have just got to consiering the 'network' bit of 'Notes on security' at https://hub.docker.com/r/trampgeek/jobeinabox.
Reading between the lines there, I guess you have a server of your own where the Docker containers run.
We are trying to set this up in a container service (AWS Fargate) and therefore the specific suggestion does not directly apply.
I don't know very much about these things, but with my limited understanding of Docker, I am wondering why we are not using the docker configuration to prevent outgoing Network requests.
We are probably going to try that ourselves, but before we do, I thought I would ask to see if anyone knew more, or had more experience than me. Thanks in advance for any suggestsions anyone has.