mirror of
https://github.com/engineer-man/piston.git
synced 2025-07-12 00:38:45 +02:00
v3 - Remove the use of unshare + privileged mode and instead (#195)
use seccomp to filter for socket syscalls
This commit is contained in:
parent
f6a4e67d5f
commit
552fb91c6b
8 changed files with 75 additions and 10 deletions
|
@ -70,7 +70,7 @@ class Job {
|
|||
|
||||
async safe_call(file, args, timeout) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const unshare = config.enable_unshare ? ['unshare','-n','-r'] : [];
|
||||
const nonetwork = config.disable_networking ? ['nosocket'] : [];
|
||||
|
||||
const prlimit = [
|
||||
'prlimit',
|
||||
|
@ -80,7 +80,7 @@ class Job {
|
|||
|
||||
const proc_call = [
|
||||
...prlimit,
|
||||
...unshare,
|
||||
...nonetwork,
|
||||
'bash',file,
|
||||
...args
|
||||
];
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue