code prettyfing
This commit is contained in:
parent
4e0711fe8c
commit
538cd56a01
4 changed files with 75 additions and 84 deletions
4
main.go
4
main.go
|
@ -1,10 +1,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
//"os"
|
|
||||||
//"fmt"
|
|
||||||
//"log"
|
|
||||||
//exec "os/exec"
|
|
||||||
runner "runner/runner"
|
runner "runner/runner"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
package runner
|
package runner
|
||||||
|
|
||||||
import (
|
import (
|
||||||
//"errors"
|
|
||||||
"bytes"
|
"bytes"
|
||||||
"io"
|
"io"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
@ -75,18 +74,14 @@ func IsolatedRun(command []string,limits Limits) {
|
||||||
var runId string
|
var runId string
|
||||||
for i := 0; i < runIdLength; i++ {runId += string('a' + byte(rand.Int31n(26)))}
|
for i := 0; i < runIdLength; i++ {runId += string('a' + byte(rand.Int31n(26)))}
|
||||||
os.Mkdir("starter/" + runId, 0777)
|
os.Mkdir("starter/" + runId, 0777)
|
||||||
//log.Printf("%d",limits.Core)
|
|
||||||
//exec.Command("starter/starter", string(limits.Core),string(limits.Memory),string(limits.Time),runId,command...);
|
|
||||||
args := []string{string(limits.Core), string(limits.Memory), string(limits.Time), runId}
|
args := []string{string(limits.Core), string(limits.Memory), string(limits.Time), runId}
|
||||||
args = append(args, command...)
|
args = append(args, command...)
|
||||||
cmd:=exec.Command("/root/runner/starter/starter",args...)
|
cmd := exec.Command("starter/starter", args...)
|
||||||
//cmd:=exec.Command("/usr/bin/echo","123")
|
|
||||||
var stdBuffer bytes.Buffer
|
var stdBuffer bytes.Buffer
|
||||||
mw := io.MultiWriter(os.Stdout, &stdBuffer)
|
mw := io.MultiWriter(os.Stdout, &stdBuffer)
|
||||||
cmd.Stdout = mw
|
cmd.Stdout = mw
|
||||||
err := cmd.Run();
|
err := cmd.Run();
|
||||||
if err != nil { log.Fatal(err) }
|
if err != nil { log.Fatal(err) }
|
||||||
//log.Println(stdBuffer.String())
|
|
||||||
os.RemoveAll("starter/" + runId)
|
os.RemoveAll("starter/" + runId)
|
||||||
cmd.Wait()
|
cmd.Wait()
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,6 +39,7 @@ char read_buf[READ_SIZE+1];
|
||||||
#include "ns_exec.c"
|
#include "ns_exec.c"
|
||||||
#include "cgroup_prepare.c"
|
#include "cgroup_prepare.c"
|
||||||
|
|
||||||
|
//time limit realisation
|
||||||
static int killafter(void *arg) {
|
static int killafter(void *arg) {
|
||||||
//die when parent dies
|
//die when parent dies
|
||||||
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
if (prctl(PR_SET_PDEATHSIG, SIGKILL)) die("cannot PR_SET_PDEATHSIG for child process: %m\n");
|
||||||
|
@ -49,7 +50,6 @@ static int killafter(void *arg) {
|
||||||
kill(params->pid, SIGKILL);
|
kill(params->pid, SIGKILL);
|
||||||
}
|
}
|
||||||
|
|
||||||
//const size_t STACK_SIZE=1000000;
|
|
||||||
#define STACK_SIZE 1000000
|
#define STACK_SIZE 1000000
|
||||||
static char nmstack[STACK_SIZE];
|
static char nmstack[STACK_SIZE];
|
||||||
static char killstack[STACK_SIZE];
|
static char killstack[STACK_SIZE];
|
||||||
|
@ -72,17 +72,18 @@ static void parse_args(int argc, char **argv, struct params *params,struct limit
|
||||||
params->argv = argv;
|
params->argv = argv;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//setup user namespace
|
||||||
static void prepare_userns(int pid) {
|
static void prepare_userns(int pid) {
|
||||||
char path[100];
|
char path[100];
|
||||||
char line[100];
|
char line[100];
|
||||||
|
|
||||||
int uid = 0;
|
int uid = 0;//root
|
||||||
int gid = 0;
|
int gid = 0;//root
|
||||||
int unprivileged_uid=66534;
|
int unprivileged_uid = 66534;//nobody
|
||||||
int unprivileged_gid=65534;
|
int unprivileged_gid = 65534;//nogroup
|
||||||
|
|
||||||
sprintf(path, "/proc/%d/uid_map", pid);
|
sprintf(path, "/proc/%d/uid_map", pid);
|
||||||
sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid);
|
sprintf(line, "0 %d 1\n1 %d 1000\n", uid, unprivileged_uid);//map root to uid 0,nobody to uid 1000
|
||||||
write_file(path, line);
|
write_file(path, line);
|
||||||
|
|
||||||
sprintf(path, "/proc/%d/setgroups", pid);
|
sprintf(path, "/proc/%d/setgroups", pid);
|
||||||
|
@ -90,35 +91,34 @@ static void prepare_userns(int pid) {
|
||||||
write_file(path, line);
|
write_file(path, line);
|
||||||
|
|
||||||
sprintf(path, "/proc/%d/gid_map", pid);
|
sprintf(path, "/proc/%d/gid_map", pid);
|
||||||
sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid);
|
sprintf(line, "0 %d 1\n1 %d 1000\n", gid, unprivileged_gid);//map root to gid 0,nogroup to gid 1000
|
||||||
write_file(path, line);
|
write_file(path, line);
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(int argc,char** argv) {
|
int main(int argc,char** argv) {
|
||||||
if(setuid(0)) die("need to be run as root");
|
if(setuid(0)) die("need to be run as root");
|
||||||
if(setgid(0)) die("need to be run as root");
|
if(setgid(0)) die("need to be run as root");
|
||||||
//getting binary folder
|
//get binary folder
|
||||||
char bin_path[PATH_MAX];
|
char bin_path[PATH_MAX];
|
||||||
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");
|
if (realpath (argv[0], bin_path) == 0) die("unable to resolve real path: %m");//get absolute path to executable
|
||||||
for(int i = strlen(bin_path);i>0 && bin_path[i]!='/';i--) bin_path[i]=0;
|
for(int i = strlen(bin_path); i > 0 && bin_path[i] != '/';i--) bin_path[i]=0;//cut filename to get directory name
|
||||||
if(chdir(bin_path)) die("unable to chdir to binary path: %m");
|
if(chdir(bin_path)) die("unable to chdir to binary path: %m");
|
||||||
//setting random seed
|
//set random seed
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
|
//setup parameters
|
||||||
struct params params;
|
struct params params;
|
||||||
memset(¶ms, 0, sizeof(struct params));
|
memset(¶ms, 0, sizeof(struct params));
|
||||||
struct limits limits;
|
struct limits limits;
|
||||||
memset(&limits, 0, sizeof(struct limits));
|
memset(&limits, 0, sizeof(struct limits));
|
||||||
parse_args(argc, argv, ¶ms, &limits);
|
parse_args(argc, argv, ¶ms, &limits);
|
||||||
prepare_cgroup(&limits);
|
prepare_cgroup(&limits);
|
||||||
if (pipe(params.fd) < 0) die("can't open pipe: %m");
|
if (pipe(params.fd) < 0) die("can't open pipe: %m");//a pipe to report readiness
|
||||||
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP/* | CLONE_NEWTIME*/;
|
int clone_flags = SIGCHLD | CLONE_NEWUTS | CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWCGROUP;
|
||||||
int nsrun_pid=clone(nsrun,nmstack+STACK_SIZE,clone_flags,¶ms);
|
int nsrun_pid = clone(nsrun, nmstack + STACK_SIZE, clone_flags, ¶ms);//make new namespace
|
||||||
int pipe = params.fd[1];
|
int pipe = params.fd[1];
|
||||||
//sleep(1);
|
|
||||||
prepare_userns(nsrun_pid);
|
prepare_userns(nsrun_pid);
|
||||||
if (nsrun_pid<0) {die("faled to clone");}
|
if (nsrun_pid < 0) die("faled to clone");
|
||||||
add_to_cgroup(nsrun_pid);
|
add_to_cgroup(nsrun_pid);
|
||||||
//dup2(STDOUT_FILENO,params.out[0]);
|
|
||||||
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
|
if (write(pipe, "OK", 2) != 2) die("Failed to write to pipe: %m");//report readiness
|
||||||
struct killparams killparams;
|
struct killparams killparams;
|
||||||
killparams.time = limits.time;
|
killparams.time = limits.time;
|
||||||
|
|
Loading…
Reference in a new issue