fix: runner/nsjail: map some /dev/ devices into sandbox
This commit is contained in:
parent
f026300e4f
commit
a0d2b7b2eb
@ -117,6 +117,7 @@ func (s *service) JailRun(arg *RunArgs) (RuntimeStatus, error) {
|
|||||||
"--use_cgroupv2",
|
"--use_cgroupv2",
|
||||||
"--disable_rlimits",
|
"--disable_rlimits",
|
||||||
"-m", "none:/tmp:tmpfs:size=67108864", // 64MB tmpfs
|
"-m", "none:/tmp:tmpfs:size=67108864", // 64MB tmpfs
|
||||||
|
"-T", "/dev", "-R", "/dev/null", "-R", "/dev/zero", "-R", "/dev/full", "-R", "/dev/random", "-R", "/dev/urandom",
|
||||||
"-E", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
"-E", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||||||
// following envs must sync with resource/runner
|
// following envs must sync with resource/runner
|
||||||
"-E", "WOJ_LAUNCHER=/woj/framework/scripts/woj_launcher",
|
"-E", "WOJ_LAUNCHER=/woj/framework/scripts/woj_launcher",
|
||||||
|
Loading…
Reference in New Issue
Block a user