woj-sandbox/library.c

#include "resource.h"
#include "rules/lang.h"
#include "sandbox.h"
#include "utils/log.h"

#include <fcntl.h>
#include <unistd.h>

static __attribute__((constructor)) void inject(void) {
    char    comm[64];
    int     fd  = open("/proc/self/comm", O_RDONLY);
    ssize_t len = read(fd, comm, sizeof(comm));
    len         = len > 0 ? len - 1 : 0;
    comm[len]   = '\0';
    close(fd);

    LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());

    register_lang_c_cpp();
    setup_rlimit();
    setup_seccomp();
}
feat: add resource limit 2022-10-02 16:06:27 +08:00			`#include "resource.h"`
feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`#include "rules/lang.h"`
			`#include "sandbox.h"`
			`#include "utils/log.h"`

feat: log process name and pid on inject 2022-10-09 12:44:09 +08:00			`#include <fcntl.h>`
			`#include <unistd.h>`

feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`static __attribute__((constructor)) void inject(void) {`
fix: enhanced syscall list 2022-10-20 15:44:03 +08:00			`char comm[64];`
			`int fd = open("/proc/self/comm", O_RDONLY);`
			`ssize_t len = read(fd, comm, sizeof(comm));`
			`len = len > 0 ? len - 1 : 0;`
			`comm[len] = '\0';`
feat: log process name and pid on inject 2022-10-09 12:44:09 +08:00			`close(fd);`

			`LOG_INFO("Setting up sandbox for %s(%d)", comm, getpid());`

feat: sync language name with runner 2022-10-09 20:19:25 +08:00			`register_lang_c_cpp();`
feat: add resource limit 2022-10-02 16:06:27 +08:00			`setup_rlimit();`
feat: tiny sandbox 2022-10-02 14:09:25 +08:00			`setup_seccomp();`
			`}`