commit
f9b5fe652f
51
lxc/execute
51
lxc/execute
|
@ -9,60 +9,47 @@ if [ -z "$1" ] || [ -z "$2" ]; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
lang=$1
|
language=$1
|
||||||
epoch=$(date +%s%N)
|
id=$2
|
||||||
basepath="/var/lib/lxc/piston/rootfs"
|
|
||||||
filepath="/tmp/$epoch/code.code"
|
|
||||||
argpath="/tmp/$epoch/args.args"
|
|
||||||
stdinpath="/tmp/$epoch/stdin.stdin"
|
|
||||||
arg=$(basename $argpath)
|
|
||||||
|
|
||||||
# write arg file
|
basepath="/var/lib/lxc/piston/rootfs"
|
||||||
mkdir -p $basepath/tmp/$epoch
|
|
||||||
chmod 777 $basepath/tmp/$epoch
|
|
||||||
cat $2 > $basepath$filepath
|
|
||||||
echo $3 > $basepath$stdinpath
|
|
||||||
echo -n "${@:4}" > $basepath$argpath
|
|
||||||
|
|
||||||
# process incrementor
|
# process incrementor
|
||||||
exec 200>$dir/lockfile
|
exec 200>$dir/lockfile
|
||||||
flock -x 200
|
flock 200
|
||||||
oldinc=$(cat $dir/i | awk '{$1=$1};1')
|
|
||||||
newinc=$(expr $oldinc + 1)
|
|
||||||
|
|
||||||
if (( newinc >= 151 )); then
|
touch $dir/i
|
||||||
newinc=1
|
runner=$(cat $dir/i)
|
||||||
echo 1 > $dir/i
|
let 'runner = runner % 150 + 1'
|
||||||
else
|
|
||||||
echo $newinc > $dir/i
|
echo $runner > $dir/i
|
||||||
fi
|
|
||||||
exec 200>&-
|
exec 200>&-
|
||||||
|
|
||||||
# prevent users from spying on each other
|
# prevent users from spying on each other
|
||||||
lxc-attach --clear-env -n piston -- \
|
lxc-attach --clear-env -n piston -- \
|
||||||
/bin/bash -l -c "
|
/bin/bash -l -c "
|
||||||
chown runner$newinc: -R /tmp/$epoch
|
chown runner$runner: -R /tmp/$id
|
||||||
chmod 700 /tmp/$epoch
|
chmod 700 /tmp/$id
|
||||||
" > /dev/null 2>&1
|
" > /dev/null 2>&1
|
||||||
|
|
||||||
# runner
|
# runner
|
||||||
timeout -s KILL 20 \
|
timeout -s KILL 20 \
|
||||||
lxc-attach --clear-env -n piston -- \
|
lxc-attach --clear-env -n piston -- \
|
||||||
/bin/bash -l -c "runuser runner$newinc /exec/$lang $newinc $epoch"
|
/bin/bash -l -c "runuser runner$runner /exec/$language runner$runner $id"
|
||||||
|
|
||||||
# process janitor
|
# process janitor
|
||||||
lxc-attach --clear-env -n piston -- \
|
lxc-attach --clear-env -n piston -- \
|
||||||
/bin/bash -l -c "
|
/bin/bash -l -c "
|
||||||
for i in {1..100}
|
for i in {1..100}
|
||||||
do
|
do
|
||||||
pkill -u runner$newinc --signal SIGKILL
|
pkill -u runner$runner --signal SIGKILL
|
||||||
done
|
done
|
||||||
|
|
||||||
find /tmp -user runner$newinc -delete
|
find /tmp -user runner$runner -delete
|
||||||
find /var/tmp -user runner$newinc -delete
|
find /var/tmp -user runner$runner -delete
|
||||||
find /var/lock -user runner$newinc -delete
|
find /var/lock -user runner$runner -delete
|
||||||
find /dev/shm -user runner$newinc -delete
|
find /dev/shm -user runner$runner -delete
|
||||||
find /run/lock -user runner$newinc -delete
|
find /run/lock -user runner$runner -delete
|
||||||
" > /dev/null 2>&1 &
|
" > /dev/null 2>&1 &
|
||||||
|
|
||||||
rm -rf $basepath/tmp/$epoch
|
rm -rf $basepath/tmp/$id
|
||||||
|
|
|
@ -1,20 +1,21 @@
|
||||||
const { writeFileSync, unlinkSync } = require('fs');
|
const { writeFileSync, unlinkSync, mkdirSync } = require('fs');
|
||||||
const { spawn } = require('child_process');
|
const { spawn } = require('child_process');
|
||||||
|
|
||||||
const OUTPUT_LIMIT = 65535;
|
const OUTPUT_LIMIT = 65535;
|
||||||
|
const LXC_ROOT = '/var/lib/lxc/piston/rootfs';
|
||||||
|
|
||||||
function execute(language, source, stdin = '', args = []) {
|
function execute(language, source, stdin = '', args = []) {
|
||||||
return new Promise(resolve => {
|
return new Promise(resolve => {
|
||||||
const stamp = new Date().getTime();
|
const id = new Date().getTime() + '_' + Math.floor(Math.random() * 10000000);
|
||||||
const sourceFile = `/tmp/${stamp}.code`;
|
|
||||||
|
|
||||||
writeFileSync(sourceFile, source);
|
mkdirSync(`${LXC_ROOT}/tmp/${id}`);
|
||||||
|
writeFileSync(`${LXC_ROOT}/tmp/${id}/code.code`, source);
|
||||||
|
writeFileSync(`${LXC_ROOT}/tmp/${id}/stdin.stdin`, stdin);
|
||||||
|
writeFileSync(`${LXC_ROOT}/tmp/${id}/args.args`, args.join('\n'));
|
||||||
|
|
||||||
const process = spawn(__dirname + '/../lxc/execute', [
|
const process = spawn(__dirname + '/../lxc/execute', [
|
||||||
language.name,
|
language.name,
|
||||||
sourceFile,
|
id,
|
||||||
stdin,
|
|
||||||
args.join('\n'),
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
let stdout = '';
|
let stdout = '';
|
||||||
|
@ -36,8 +37,6 @@ function execute(language, source, stdin = '', args = []) {
|
||||||
});
|
});
|
||||||
|
|
||||||
process.on('exit', code => {
|
process.on('exit', code => {
|
||||||
unlinkSync(sourceFile);
|
|
||||||
|
|
||||||
stderr = stderr.trim().substring(0, OUTPUT_LIMIT);
|
stderr = stderr.trim().substring(0, OUTPUT_LIMIT);
|
||||||
stdout = stdout.trim().substring(0, OUTPUT_LIMIT);
|
stdout = stdout.trim().substring(0, OUTPUT_LIMIT);
|
||||||
output = output.trim().substring(0, OUTPUT_LIMIT);
|
output = output.trim().substring(0, OUTPUT_LIMIT);
|
||||||
|
|
Loading…
Reference in New Issue