Documentation ¶
Index ¶
- Constants
- type ForkExecContext
- type RLimit
- type RunnerResult
- type RunnerSession
- func (session *RunnerSession) CheckRestrictedCall(pid int, pregs *unix.PtraceRegs)
- func (session *RunnerSession) CreateSeccompFilter() error
- func (session *RunnerSession) ForkExec() error
- func (session *RunnerSession) ForkExecChild(context ForkExecContext)
- func (session *RunnerSession) ForkExecParent(context ForkExecContext) error
- func (session *RunnerSession) InitRLimits()
- func (session *RunnerSession) Kill()
- func (session *RunnerSession) SetRlimits() error
- func (session *RunnerSession) Start()
- func (session *RunnerSession) Timeout()
- func (session *RunnerSession) Trace()
- func (session *RunnerSession) TraceCheckOpen(pid int, name string, flags uint64, pregs *unix.PtraceRegs)
- func (session *RunnerSession) TraceCheckRead(pid int, name string, pregs *unix.PtraceRegs)
- func (session *RunnerSession) TraceCheckStat(pid int, name string, pregs *unix.PtraceRegs)
- func (session *RunnerSession) TraceCheckWrite(pid int, name string, pregs *unix.PtraceRegs)
- func (session *RunnerSession) WaitForStatus()
- func (session *RunnerSession) WaitProcState()
- type RunnerSessionResult
Constants ¶
View Source
const ( RunnerStatusOK = iota // successful run RunnerStatusTLE // time limit exceeded RunnerStatusMLE // memory limit exceeded RunnerStatusOLE // output limit exceeded RunnerStatusILL // illegal syscall RunnerStatusRTE // runtime error RunnerStatusISE // internal server error )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ForkExecContext ¶
type RunnerResult ¶
type RunnerSession ¶
type RunnerSession struct { // Channel to stream result back (init) ResultChan chan RunnerSessionResult // Internal result stream (init) InternalResultChan chan RunnerResult // Pid of child Pid int Pgid int // Execveat (init) ExecFile uintptr ExecArgs []string ExecEnv []string // Seccomp profile Seccomp *unix.SockFprog // Whether or not the initial exec was called ExecUsed bool // Whether or not the process has exited ProcExited bool // File descriptors to set: [newfd]oldfd (init) Files map[int]uintptr // Folder where file is executed Workspace string // Resource limits with rlimit RLimits []RLimit // Hard timeout, includes time spent preparing sandbox, done by goroutine -> kill (init) HardTimeout time.Duration // Soft timeout, done by process (init) TimeLimit time.Duration // Maximum memory, in bytes (init) MemoryLimit uint64 // Maximum size of new files a process can create (init) FSizeLimit int64 // Maximum number of processes that can be created (init) NProcLimit int64 // Whether or not the process should be sandboxed with seccomp + ptrace (init) SandboxWithSeccomp bool // Seccomp profile (init) SeccompProfile util.SandboxProfile // Exit code ExitCode int // Start time StartTime time.Time // Max memory allocated at a point (kb) MemoryUsed int64 }
func (*RunnerSession) CheckRestrictedCall ¶
func (session *RunnerSession) CheckRestrictedCall(pid int, pregs *unix.PtraceRegs)
restrict call if necessary
func (*RunnerSession) CreateSeccompFilter ¶
func (session *RunnerSession) CreateSeccompFilter() error
from go-seccomp-bpf/seccomp_linux
func (*RunnerSession) ForkExec ¶
func (session *RunnerSession) ForkExec() error
func (*RunnerSession) ForkExecChild ¶
func (session *RunnerSession) ForkExecChild(context ForkExecContext)
func (*RunnerSession) ForkExecParent ¶
func (session *RunnerSession) ForkExecParent(context ForkExecContext) error
func (*RunnerSession) InitRLimits ¶
func (session *RunnerSession) InitRLimits()
init rlimit https://linux.die.net/man/2/setrlimit
func (*RunnerSession) Kill ¶
func (session *RunnerSession) Kill()
func (*RunnerSession) SetRlimits ¶
func (session *RunnerSession) SetRlimits() error
func (*RunnerSession) Start ¶
func (session *RunnerSession) Start()
func (*RunnerSession) Trace ¶
func (session *RunnerSession) Trace()
status checker when sandbox is on
func (*RunnerSession) TraceCheckOpen ¶
func (session *RunnerSession) TraceCheckOpen(pid int, name string, flags uint64, pregs *unix.PtraceRegs)
func (*RunnerSession) TraceCheckRead ¶
func (session *RunnerSession) TraceCheckRead(pid int, name string, pregs *unix.PtraceRegs)
func (*RunnerSession) TraceCheckStat ¶
func (session *RunnerSession) TraceCheckStat(pid int, name string, pregs *unix.PtraceRegs)
func (*RunnerSession) TraceCheckWrite ¶
func (session *RunnerSession) TraceCheckWrite(pid int, name string, pregs *unix.PtraceRegs)
func (*RunnerSession) WaitForStatus ¶
func (session *RunnerSession) WaitForStatus()
func (*RunnerSession) WaitProcState ¶
func (session *RunnerSession) WaitProcState()
status checker when sandbox is off
Click to show internal directories.
Click to hide internal directories.