sandbox

package module

v0.0.0-...-a146e0a Latest Latest Go to latest Published: Nov 26, 2020 License: GPL-3.0 Imports: 19 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/BayviewComputerClub/smoothie-runner

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	RunnerStatusOK = iota // successful run

	RunnerStatusTLE // time limit exceeded
	RunnerStatusMLE // memory limit exceeded
	RunnerStatusOLE // output limit exceeded

	RunnerStatusILL // illegal syscall
	RunnerStatusRTE // runtime error
	RunnerStatusISE // internal server error
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ForkExecContext ¶

type ForkExecContext struct {
	Pid  uintptr
	Pipe [2]int

	ArgV []*byte
	EnvV []*byte
}

type RLimit ¶

type RLimit struct {
	Type int
	Cur  uint64
	Max  uint64
}

type RunnerResult ¶

type RunnerResult struct {
	Status int
	Error  string
}

type RunnerSession ¶

type RunnerSession struct {
	// Channel to stream result back (init)
	ResultChan chan RunnerSessionResult

	// Internal result stream (init)
	InternalResultChan chan RunnerResult

	// Pid of child
	Pid  int
	Pgid int

	// Execveat (init)
	ExecFile uintptr
	ExecArgs []string
	ExecEnv  []string

	// Seccomp profile
	Seccomp *unix.SockFprog

	// Whether or not the initial exec was called
	ExecUsed bool

	// Whether or not the process has exited
	ProcExited bool

	// File descriptors to set: [newfd]oldfd (init)
	Files map[int]uintptr

	// Folder where file is executed
	Workspace string

	// Resource limits with rlimit
	RLimits []RLimit

	// Hard timeout, includes time spent preparing sandbox, done by goroutine -> kill (init)
	HardTimeout time.Duration

	// Soft timeout, done by process (init)
	TimeLimit time.Duration

	// Maximum memory, in bytes (init)
	MemoryLimit uint64

	// Maximum size of new files a process can create (init)
	FSizeLimit int64

	// Maximum number of processes that can be created (init)
	NProcLimit int64

	// Whether or not the process should be sandboxed with seccomp + ptrace (init)
	SandboxWithSeccomp bool

	// Seccomp profile (init)
	SeccompProfile util.SandboxProfile

	// Exit code
	ExitCode int

	// Start time
	StartTime time.Time

	// Max memory allocated at a point (kb)
	MemoryUsed int64
}

func (*RunnerSession) CheckRestrictedCall ¶

func (session *RunnerSession) CheckRestrictedCall(pid int, pregs *unix.PtraceRegs)

restrict call if necessary

func (*RunnerSession) CreateSeccompFilter ¶

func (session *RunnerSession) CreateSeccompFilter() error

from go-seccomp-bpf/seccomp_linux

func (*RunnerSession) ForkExec ¶

func (session *RunnerSession) ForkExec() error

func (*RunnerSession) ForkExecChild ¶

func (session *RunnerSession) ForkExecChild(context ForkExecContext)

func (*RunnerSession) ForkExecParent ¶

func (session *RunnerSession) ForkExecParent(context ForkExecContext) error

func (*RunnerSession) InitRLimits ¶

func (session *RunnerSession) InitRLimits()

init rlimit https://linux.die.net/man/2/setrlimit

func (*RunnerSession) Kill ¶

func (session *RunnerSession) Kill()

func (*RunnerSession) SetRlimits ¶

func (session *RunnerSession) SetRlimits() error

func (*RunnerSession) Start ¶

func (session *RunnerSession) Start()

func (*RunnerSession) Timeout ¶

func (session *RunnerSession) Timeout()

enforce a hard timeout

func (*RunnerSession) Trace ¶

func (session *RunnerSession) Trace()

status checker when sandbox is on

func (*RunnerSession) TraceCheckOpen ¶

func (session *RunnerSession) TraceCheckOpen(pid int, name string, flags uint64, pregs *unix.PtraceRegs)

func (*RunnerSession) TraceCheckRead ¶

func (session *RunnerSession) TraceCheckRead(pid int, name string, pregs *unix.PtraceRegs)

func (*RunnerSession) TraceCheckStat ¶

func (session *RunnerSession) TraceCheckStat(pid int, name string, pregs *unix.PtraceRegs)

func (*RunnerSession) TraceCheckWrite ¶

func (session *RunnerSession) TraceCheckWrite(pid int, name string, pregs *unix.PtraceRegs)

func (*RunnerSession) WaitForStatus ¶

func (session *RunnerSession) WaitForStatus()

func (*RunnerSession) WaitProcState ¶

func (session *RunnerSession) WaitProcState()

status checker when sandbox is off

type RunnerSessionResult ¶

type RunnerSessionResult struct {
	Status     int
	ExitCode   int
	Error      string
	TimeUsed   time.Duration
	MemoryUsed int64
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL