What would the challenges be in building a Shiny app designed to asses a users' knowledge of R by prompting with questions and interactively typing and running R code? The Shiny app would need to allow the input of the code in a secure way (perhaps a restrictive syntax) and to execute the code, evaluate the result, and provide feedback and progress through the application content. To support multiple users, each instance would need to be sandboxed or independent of other user instances, but possibly retain and retrieve past results for each user.
This can go some way to letting users know about restrictions (warning: cannot access files outside of working directory), but it's definitely not enough. There are just too many ways to do things.
Instead, you should enclose the session in a virtual machine.
P.S.: I had thought a container would be fine, but it's not according to this thread on StackExchange's Information Security board.