mirror of
https://github.com/QingdaoU/Judger.git
synced 2024-12-29 00:11:41 +00:00
update use_sandbox option
This commit is contained in:
parent
da1a446946
commit
7285a16ce2
2
judger.c
2
judger.c
@ -8,7 +8,7 @@ static PyObject *error;
|
||||
static PyObject *judger_run(PyObject *self, PyObject *args, PyObject *kwargs) {
|
||||
struct config config;
|
||||
struct result result = {0, 0, 0, 0, 0, 1};
|
||||
PyObject *args_list = NULL, *env_list = NULL, *use_sandbox, *next = NULL, *args_iter = NULL, *env_iter = NULL;
|
||||
PyObject *args_list = NULL, *env_list = NULL, *use_sandbox = NULL, *next = NULL, *args_iter = NULL, *env_iter = NULL;
|
||||
int count = 0;
|
||||
static char *kwargs_list[] = {"path", "in_file", "out_file", "max_cpu_time",
|
||||
"max_memory", "args", "env", "use_sandbox", NULL};
|
||||
|
41
runner.c
41
runner.c
@ -167,29 +167,30 @@ int run(struct config *config, struct result *result) {
|
||||
ERROR(DUP2_FAILED);
|
||||
}
|
||||
|
||||
// load seccomp rules
|
||||
ctx = seccomp_init(SCMP_ACT_KILL);
|
||||
if (!ctx) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
for(i = 0; i < syscalls_whitelist_length; i++) {
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls_whitelist[i], 0)) {
|
||||
if (config->use_sandbox) {
|
||||
// load seccomp rules
|
||||
ctx = seccomp_init(SCMP_ACT_KILL);
|
||||
if (!ctx) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
for (i = 0; i < syscalls_whitelist_length; i++) {
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls_whitelist[i], 0)) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
}
|
||||
// add extra rule for execve
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve), 1, SCMP_A0(SCMP_CMP_EQ, config->path))) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
// only fd 0 1 2 are allowed
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_LE, 2))) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
if (seccomp_load(ctx)) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
seccomp_release(ctx);
|
||||
}
|
||||
// add extra rule for execve
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve), 1, SCMP_A0(SCMP_CMP_EQ, config->path))) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
// only fd 0 1 2 are allowed
|
||||
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, SCMP_A0(SCMP_CMP_LE, 2))) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
if (seccomp_load(ctx)) {
|
||||
ERROR(LOAD_SECCOMP_FAILED);
|
||||
}
|
||||
seccomp_release(ctx);
|
||||
|
||||
execve(config->path, config->args, config->env);
|
||||
log("execve failed");
|
||||
ERROR(EXCEVE_FAILED);
|
||||
|
Loading…
Reference in New Issue
Block a user