Improve isolation, execution limits and execution metrics by using Isolate (#683)

* Initial: use Isolate for isolation * Continue: use Isolate for isolation * Bug fixes * timeout is wall-time for backward compatibility * Documentation, signal names, reported time in ms * Report memory usage in bytes * Add privileged flags where needed * Remove tmpfs * Remove tmpfs * Fix package installation * Fix path, fix Zig: CRLF -> LF
2025-04-21 04:26:28 +02:00 · 2024-09-08 04:58:40 +03:00 · 2024-09-08 04:58:40 +03:00 · bd42fe3357
commit bd42fe3357
parent 59338eee33
22 changed files with 508 additions and 454 deletions
--- a/builder/build.sh
+++ b/builder/build.sh
@ -23,20 +23,20 @@ fetch_packages(){
    mkdir build
    # Start a piston container
    docker run \
+        --privileged \
        -v "$PWD/build":'/piston/packages' \
-        --tmpfs /piston/jobs \
        -dit \
        -p $port:2000 \
        --name builder_piston_instance \
        ghcr.io/engineer-man/piston
-    
+
    # Ensure the CLI is installed
    cd ../cli
    npm i
    cd -

    # Evalulate the specfile
-    ../cli/index.js -u "http://127.0.0.1:$port" ppman spec $1   
+    ../cli/index.js -u "http://127.0.0.1:$port" ppman spec $1
 }

 build_container(){
@ -61,4 +61,4 @@ fetch_packages $SPEC_FILE
 build_container $TAG

 echo "Start your custom piston container with"
-echo "$ docker run --tmpfs /piston/jobs -dit -p 2000:2000 $TAG"
+echo "$ docker run --privileged -dit -p 2000:2000 $TAG"