From 83e450482f0f4aecb90a1b83260b66ade2d738d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?= Date: Wed, 27 Jul 2016 15:57:10 +0800 Subject: [PATCH 1/8] log clone errno --- runner.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runner.c b/runner.c index 69183b6..d7aab60 100644 --- a/runner.c +++ b/runner.c @@ -213,7 +213,7 @@ void run(struct config *config, struct result *result) { pid = clone(child_process, stack + STACK_SIZE, SIGCHLD, (void *)(&clone_args)); if (pid < 0) { - LOG_FATAL(log_fp, "fork failed"); + LOG_FATAL(log_fp, "fork failed, errno: %d", errno); result->flag = SYSTEM_ERROR; log_close(log_fp); return; From 6af0a0d462102977a469c720c8b9f8a28c688593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?= Date: Sun, 21 Aug 2016 19:34:13 +0800 Subject: [PATCH 2/8] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=BC=96=E8=AF=91?= =?UTF-8?q?=E5=99=A8=E8=AD=A6=E5=91=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- runner.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runner.c b/runner.c index d7aab60..dadb53d 100644 --- a/runner.c +++ b/runner.c @@ -148,7 +148,7 @@ int child_process(void *clone_args){ } } // add extra rule for execve - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve), 1, SCMP_A0(SCMP_CMP_EQ, config->path)) != 0) { + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(execve), 1, SCMP_A0(SCMP_CMP_EQ, (scmp_datum_t)(config->path))) != 0) { LOG_FATAL(log_fp, "load execve rule failed"); ERROR(log_fp, LOAD_SECCOMP_FAILED); } From e0d3c529c51d32e435c8f2822b7f70493aa88938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?= Date: Fri, 14 Oct 2016 13:21:41 +0800 Subject: [PATCH 3/8] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b836549..7b61339 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ OnlineJudge 判题沙箱 +本项目属于历史项目,最新代码请看`newnew`分支,相关文档请看 http://docs.onlinejudge.me + ##Python api 使用方法 见 demo From 4c130b473beb3048689543635fed838244259843 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?= Date: Wed, 7 Jun 2017 19:12:42 +0800 Subject: [PATCH 4/8] support writev --- runner.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/runner.c b/runner.c index dadb53d..a5e5d31 100644 --- a/runner.c +++ b/runner.c @@ -157,6 +157,10 @@ int child_process(void *clone_args){ LOG_FATAL(log_fp, "load dup2 rule failed"); ERROR(log_fp, LOAD_SECCOMP_FAILED); } + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 1, SCMP_A0(SCMP_CMP_LE, 2)) != 0) { + LOG_FATAL(log_fp, "load dup2 rule failed"); + ERROR(log_fp, LOAD_SECCOMP_FAILED); + } if (seccomp_load(ctx) != 0) { LOG_FATAL(log_fp, "seccomp load failed"); ERROR(log_fp, LOAD_SECCOMP_FAILED); From 7e98a5e1ce3f18b363abc71bb1867435bce95853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E6=89=AC?= Date: Thu, 15 Jun 2017 11:22:34 +0800 Subject: [PATCH 5/8] more whitelist --- runner.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/runner.c b/runner.c index a5e5d31..1572881 100644 --- a/runner.c +++ b/runner.c @@ -49,7 +49,8 @@ int child_process(void *clone_args){ SCMP_SYS(munmap), SCMP_SYS(open), SCMP_SYS(arch_prctl), SCMP_SYS(brk), SCMP_SYS(access), SCMP_SYS(exit_group), - SCMP_SYS(close)}; + SCMP_SYS(close), SCMP_SYS(readlink), + SCMP_SYS(sysinfo), SCMP_SYS(lseek)}; int syscalls_whitelist_length = sizeof(syscalls_whitelist) / sizeof(int); scmp_filter_ctx ctx = NULL; #endif From 0bf5aa57dd51a0709d04bc3950e91365144664c4 Mon Sep 17 00:00:00 2001 From: Harry-zklcdc <1269158832@qq.com> Date: Sun, 24 Nov 2019 09:51:46 +0800 Subject: [PATCH 6/8] upgrade --- README.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/README.md b/README.md index a6b5ad6..08b2357 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,3 @@ Judger for OnlineJudge [Document](https://docs.onlinejudge.me/#/judger/api) - -<<<<<<< HEAD -[JudgeServer](https://github.com/QingdaoU/JudgeServer) -======= -本项目属于历史项目,最新代码请看`newnew`分支,相关文档请看 http://docs.onlinejudge.me - -##Python api 使用方法 ->>>>>>> upstream/master - -[OnlineJudge](https://github.com/QingdaoU/OnlineJudge) From a86de576382ba6634d2c5dafb31c53d31cfec121 Mon Sep 17 00:00:00 2001 From: Harry-zklcdc <1269158832@qq.com> Date: Sat, 8 Feb 2020 11:04:40 +0800 Subject: [PATCH 7/8] fix dup2\dup3 bug --- src/rules/c_cpp.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/src/rules/c_cpp.c b/src/rules/c_cpp.c index dc92453..df439c7 100644 --- a/src/rules/c_cpp.c +++ b/src/rules/c_cpp.c @@ -44,16 +44,7 @@ int _c_cpp_seccomp_rules(struct config *_config, bool allow_write_file) { return LOAD_SECCOMP_FAILED; } } else { - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) != 0) { - return LOAD_SECCOMP_FAILED; - } - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup), 0) != 0) { - return LOAD_SECCOMP_FAILED; - } - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0) != 0) { - return LOAD_SECCOMP_FAILED; - } - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 0) != 0) { + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) != 0 && seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup), 0) != 0 && seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0) != 0 && seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 0) != 0) { return LOAD_SECCOMP_FAILED; } } From 55d916263489efa28cb37911d0a06db61dc371e3 Mon Sep 17 00:00:00 2001 From: Harry-zklcdc <1269158832@qq.com> Date: Fri, 17 Jul 2020 09:51:47 +0800 Subject: [PATCH 8/8] [Fix] FileOI problem --- src/rules/c_cpp.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/rules/c_cpp.c b/src/rules/c_cpp.c index df439c7..b64bc49 100644 --- a/src/rules/c_cpp.c +++ b/src/rules/c_cpp.c @@ -44,7 +44,19 @@ int _c_cpp_seccomp_rules(struct config *_config, bool allow_write_file) { return LOAD_SECCOMP_FAILED; } } else { - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) != 0 && seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup), 0) != 0 && seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0) != 0 && seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 0) != 0) { + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) != 0) { + return LOAD_SECCOMP_FAILED; + } + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0) != 0) { + return LOAD_SECCOMP_FAILED; + } + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup), 0) != 0) { + return LOAD_SECCOMP_FAILED; + } + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0) != 0) { + return LOAD_SECCOMP_FAILED; + } + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup3), 0) != 0) { return LOAD_SECCOMP_FAILED; } }