增加 clone 地址范围限制，否则 Java 无法运行

2025-01-04 03:22:06 +00:00 · 2015-09-18 11:18:16 +08:00 · 2015-09-18 11:18:16 +08:00 · 482a537ce0
commit 482a537ce0
parent 054536a72e
1 changed files with 1 additions and 1 deletions
--- a/judge/judger/client.py
+++ b/judge/judger/client.py
@ -63,7 +63,7 @@ class JudgeClient(object):
                  " --max-memory " + str(self._max_memory * 1000 * 1000) + \
                  " --network false" + \
                  " --syscalls '!execve:k,flock:k,ptrace:k,sync:k,fdatasync:k,fsync:k,msync,sync_file_range:k,syncfs:k" \
-                  ",unshare:k,setns:k,clone:k,query_module:k,sysinfo:k,syslog:k,sysfs:k'" + \
+                  ",unshare:k,setns:k,clone[a&268435456==268435456]:k,query_module:k,sysinfo:k,syslog:k,sysfs:k'" + \
                  " --uid " + str(lrun_uid) + \
                  " --gid " + str(lrun_gid)