Mascali/piston
1
0
Fork 0
mirror of https://github.com/engineer-man/piston.git synced 2025-07-12 00:38:45 +02:00
Code Issues Projects Releases Wiki Activity

v3 - Remove the use of unshare + privileged mode and instead (#195)

Browse source 
use seccomp to filter for socket syscalls
This commit is contained in:
Victor Frazao 2021-04-06 20:31:30 -04:00 committed by GitHub
parent f6a4e67d5f
commit 552fb91c6b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 75 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/src/executor/job.js
View file

@ -70,7 +70,7 @@ class Job {
async safe_call(file, args, timeout) {
return new Promise((resolve, reject) => {
const unshare = config.enable_unshare ? ['unshare','-n','-r'] : [];
const nonetwork = config.disable_networking ? ['nosocket'] : [];
const prlimit = [
'prlimit',
@ -80,7 +80,7 @@ class Job {
const proc_call = [
...prlimit,
...unshare,
...nonetwork,
'bash',file,
...args
];