Skip to content

Commit

Permalink
fix(iris): enforce sandbox child process belongs to nobody-user(65534…
Browse files Browse the repository at this point in the history 
…)-group
  • Loading branch information
@jspark2000
jspark2000 committed Dec 7, 2024
1 parent 59d1673 commit 3d1bb20
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
3 changes: 3 additions & 0 deletions apps/iris/src/common/constants/constants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,3 +53,6 @@ const (
EXCHANGE = "judger-exchange"
RESULT_KEY = "result"
)

const DEFAULT_UID = 65534 // nobody user
const DEFAULT_GID = 65534 // nobody group
2 changes: 2 additions & 0 deletions apps/iris/src/service/sandbox/langConfig.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,8 @@ func (l *langConfig) ToRunExecArgs(dir string, language Language, order int, lim
ErrorPath: errorPath, // byte buffer로
LogPath: constants.RUN_LOG_PATH,
SeccompRuleName: c.SeccompRule,
Uid: constants.DEFAULT_UID,
Gid: constants.DEFAULT_GID,
Args: argSlice,
}, nil
}
Expand Down

0 comments on commit 3d1bb20

Please sign in to comment.