code prettyfing

This commit is contained in:
root 2024-06-22 21:29:19 +05:00
parent 4e0711fe8c
commit 538cd56a01
4 changed files with 75 additions and 84 deletions

View file

@ -1,10 +1,6 @@
package main package main
import ( import (
//"os"
//"fmt"
//"log"
//exec "os/exec"
runner "runner/runner" runner "runner/runner"
) )

View file

@ -1,7 +1,6 @@
package runner package runner
import ( import (
//"errors"
"bytes" "bytes"
"io" "io"
"fmt" "fmt"
@ -75,18 +74,14 @@ func IsolatedRun(command []string,limits Limits) {
var runId string var runId string
for i := 0; i < runIdLength; i++ {runId += string('a' + byte(rand.Int31n(26)))} for i := 0; i < runIdLength; i++ {runId += string('a' + byte(rand.Int31n(26)))}
os.Mkdir("starter/" + runId, 0777) os.Mkdir("starter/" + runId, 0777)
//log.Printf("%d",limits.Core)
//exec.Command("starter/starter", string(limits.Core),string(limits.Memory),string(limits.Time),runId,command...);
args := []string{string(limits.Core), string(limits.Memory), string(limits.Time), runId} args := []string{string(limits.Core), string(limits.Memory), string(limits.Time), runId}
args = append(args, command...) args = append(args, command...)
cmd:=exec.Command("/root/runner/starter/starter",args...) cmd := exec.Command("starter/starter", args...)
//cmd:=exec.Command("/usr/bin/echo","123")
var stdBuffer bytes.Buffer var stdBuffer bytes.Buffer
mw := io.MultiWriter(os.Stdout, &stdBuffer) mw := io.MultiWriter(os.Stdout, &stdBuffer)
cmd.Stdout = mw cmd.Stdout = mw
err := cmd.Run(); err := cmd.Run();
if err != nil { log.Fatal(err) } if err != nil { log.Fatal(err) }
//log.Println(stdBuffer.String())
os.RemoveAll("starter/" + runId) os.RemoveAll("starter/" + runId)
cmd.Wait() cmd.Wait()
} }

View file

@ -39,6 +39,7 @@ char read_buf[READ_SIZE+1];
#include "ns_exec.c" #include "ns_exec.c"
#include "cgroup_prepare.c" #include "cgroup_prepare.c"
//time limit realisation
static int killafter(void *arg) { static int killafter(void *arg) {
//die when parent dies //die when parent dies
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n"); if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
@ -49,7 +50,6 @@ static int killafter(void *arg) {
kill(params->pid, SIGKILL); kill(params->pid, SIGKILL);
} }
//const size_t STACK_SIZE=1000000;
#define STACK_SIZE 1000000 #define STACK_SIZE 1000000
static char nmstack[STACK_SIZE]; static char nmstack[STACK_SIZE];
static char killstack[STACK_SIZE]; static char killstack[STACK_SIZE];
@ -72,17 +72,18 @@ static void parse_args(int argc, char **argv, struct params *params,struct limit
params->argv = argv; params->argv = argv;
} }
//setup user namespace
static void prepare_userns(int pid) { static void prepare_userns(int pid) {
char path[100]; char path[100];
char line[100]; char line[100];
int uid = 0; int uid = 0;//root
int gid = 0; int gid = 0;//root
int unprivileged_uid=66534; int unprivileged_uid = 66534;//nobody
int unprivileged_gid=65534; int unprivileged_gid = 65534;//nogroup
sprintf(path, "/proc/%d/uid_map", pid); sprintf(path, "/proc/%d/uid_map", pid);
sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid); sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid);//map root to uid 0,nobody to uid 1000
write_file(path, line); write_file(path, line);
sprintf(path, "/proc/%d/setgroups", pid); sprintf(path, "/proc/%d/setgroups", pid);
@ -90,35 +91,34 @@ static void prepare_userns(int pid) {
write_file(path, line); write_file(path, line);
sprintf(path, "/proc/%d/gid_map", pid); sprintf(path, "/proc/%d/gid_map", pid);
sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid); sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid);//map root to gid 0,nogroup to gid 1000
write_file(path, line); write_file(path, line);
} }
int main(int argc,char** argv) { int main(int argc,char** argv) {
if(setuid(0)) die("need to be run as root"); if(setuid(0)) die("need to be run as root");
if(setgid(0)) die("need to be run as root"); if(setgid(0)) die("need to be run as root");
//getting binary folder //get binary folder
char bin_path[PATH_MAX]; char bin_path[PATH_MAX];
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m"); if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");//get absolute path to executable
for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0; for(int i = strlen(bin_path); i > 0 && bin_path[i] != '/';i--) bin_path[i]=0;//cut filename to get directory name
if(chdir(bin_path)) die("unable to chdir to binary path: %m"); if(chdir(bin_path)) die("unable to chdir to binary path: %m");
//setting random seed //set random seed
srand(time(NULL)); srand(time(NULL));
//setup parameters
struct params params; struct params params;
memset(&params, 0, sizeof(struct params)); memset(&params, 0, sizeof(struct params));
struct limits limits; struct limits limits;
memset(&limits, 0, sizeof(struct limits)); memset(&limits, 0, sizeof(struct limits));
parse_args(argc, argv, &params, &limits); parse_args(argc, argv, &params, &limits);
prepare_cgroup(&limits); prepare_cgroup(&limits);
if (pipe(params.fd) < 0) die("can't open pipe: %m"); if (pipe(params.fd) < 0) die("can't open pipe: %m");//a pipe to report readiness
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/; int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP;
int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,&params); int nsrun_pid = clone(nsrun, nmstack + STACK_SIZE, clone_flags, &params);//make new namespace
int pipe = params.fd[1]; int pipe = params.fd[1];
//sleep(1);
prepare_userns(nsrun_pid); prepare_userns(nsrun_pid);
if (nsrun_pid<0) {die("faled to clone");} if (nsrun_pid < 0) die("faled to clone");
add_to_cgroup(nsrun_pid); add_to_cgroup(nsrun_pid);
//dup2(STDOUT_FILENO,params.out[0]);
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
struct killparams killparams; struct killparams killparams;
killparams.time = limits.time; killparams.time = limits.time;