Browse Source

Run subprocesses as unprivileged user

main
Mattéo Delabre 2 years ago
parent
commit
f2abe9dcf6
Signed by: matteo GPG Key ID: AE3FBD02DC583ABB
  1. 9
      Dockerfile
  2. 2
      README.md
  3. 10
      autogolf/__init__.py

9
Dockerfile

@ -1,8 +1,7 @@
FROM alpine
RUN apk add --no-cache bash python3
RUN adduser -D user
USER user
WORKDIR /home/user
ADD autogolf /home/user/autogolf
ADD run.py /home/user
RUN adduser -D -H -u 1337 user
WORKDIR /root
ADD autogolf /root/autogolf
ADD run.py /root
CMD ["python3", "run.py"]

2
README.md

@ -5,5 +5,5 @@ How to run:
```
docker image build --quiet --tag runall-image .
mkdir output
docker container run --tty --rm --mount type=bind,src="$(realpath output)",dst=/home/user/output --memory=128m runall-image
docker container run --tty --rm --mount type=bind,src="$(realpath output)",dst=/root/output --memory=128m runall-image
```

10
autogolf/__init__.py

@ -2,6 +2,7 @@ from enum import Enum, auto
from functools import partial
from itertools import product
from multiprocessing import Pool
import os
from subprocess import DEVNULL, PIPE, Popen, TimeoutExpired
from time import time
from typing import List
@ -17,6 +18,12 @@ class Status(Enum):
Timeout = auto() # ran for more time than allowed by the timeout value
def demote():
"""Drop root privileges."""
os.setgid(1337)
os.setuid(1337)
def check_pair(script, instr, outstr, timeout) -> Status:
"""
Check that a Bash script outputs a given string when given a input string.
@ -29,13 +36,14 @@ def check_pair(script, instr, outstr, timeout) -> Status:
"""
process = Popen(
[
"/bin/bash", "--restricted", "-c", "--",
"/bin/bash", "-c", "--",
"trap 'kill -9 $(jobs -p) && wait' SIGINT SIGTERM EXIT;\n"
+ script,
],
stdin=PIPE,
stdout=PIPE,
stderr=DEVNULL,
preexec_fn=demote,
)
try:

Loading…
Cancel
Save