From 640a6d0392689e21c75b9a3040c1cccd00055cf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Freddy=20Rom=C3=A1n?= Date: Thu, 19 Jan 2023 09:19:18 -0800 Subject: [PATCH] Disable sandboxing for CI runs (#99) * Update sandbox.go * Update main.go * Update sandbox.go * gofmt * bump omegajail --- cmd/omegaup-runner/main.go | 2 ++ docker/Dockerfile | 2 +- runner/sandbox.go | 5 +++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/cmd/omegaup-runner/main.go b/cmd/omegaup-runner/main.go index 8372746..72200f0 100644 --- a/cmd/omegaup-runner/main.go +++ b/cmd/omegaup-runner/main.go @@ -730,6 +730,8 @@ func main() { if *oneshot == "ci" { // Allow sigsys to use the fallback detector when running in CI. oj.AllowSigsysFallback = true + // Disable sandboxing when running inside Docker. + oj.DisableSandboxing = true } sandbox = oj } diff --git a/docker/Dockerfile b/docker/Dockerfile index 4949db7..e0bce66 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.pkg.github.com/omegaup/omegajail/omegajail-builder-rootfs-runtime:v3.9.0 AS base +FROM docker.pkg.github.com/omegaup/omegajail/omegajail-builder-rootfs-runtime:v3.9.4 AS base FROM base AS builder diff --git a/runner/sandbox.go b/runner/sandbox.go index 2a48ec8..f7a9a4a 100644 --- a/runner/sandbox.go +++ b/runner/sandbox.go @@ -140,6 +140,8 @@ type OmegajailSandbox struct { // AllowSigsysFallback allows omegajail to use the previous implementation of // the sigsys detector if it's running on an older pre-5.13 kernel. AllowSigsysFallback bool + + DisableSandboxing bool } // NewOmegajailSandbox creates a new OmegajailSandbox. @@ -372,6 +374,9 @@ func (o *OmegajailSandbox) invokeOmegajail(ctx *common.Context, omegajailParams if o.AllowSigsysFallback { omegajailFullParams = append(omegajailFullParams, "--allow-sigsys-fallback") } + if o.DisableSandboxing { + omegajailFullParams = append(omegajailFullParams, "--disable-sandboxing") + } omegajailFullParams = append(omegajailFullParams, omegajailParams...) ctx.Log.Debug( "invoking",