Commit Graph

20 Commits

Author SHA1 Message Date
Omar Brikaa bd42fe3357
Improve isolation, execution limits and execution metrics by using Isolate (#683)
* Initial: use Isolate for isolation

* Continue: use Isolate for isolation

* Bug fixes

* timeout is wall-time for backward compatibility

* Documentation, signal names, reported time in ms

* Report memory usage in bytes

* Add privileged flags where needed

* Remove tmpfs

* Remove tmpfs

* Fix package installation

* Fix path, fix Zig: CRLF -> LF
2024-09-08 13:58:40 +12:00
Omar Brikaa e1a1be7e4c Permission mode 711 2022-06-30 13:35:35 +02:00
Omar Brikaa 07ec6b3f78 Don't include the tmpfs in the docker volume 2022-06-30 13:31:17 +02:00
Thomas Hobson c355abc4a7
Fix #487
Permissions on the jobs directory allowed anyone to write into the directory - this commit simply allows only the `node` user to `rwx` on the jobs directory.
2022-06-12 16:19:02 +12:00
Thomas Hobson 5221cdc7f4
make /tmp executable 2021-04-29 13:57:29 +12:00
Thomas Hobson 724cbbaa9b
mount /tmp as tmpfs in container 2021-04-28 14:34:51 +12:00
Brian Seymour b3575246bd change urls, fix docker compose file 2021-04-22 18:43:21 -05:00
Thomas 7191bc063c
ghcr.io package 2021-04-17 16:41:27 +12:00
Victor Frazao 552fb91c6b
v3 - Remove the use of unshare + privileged mode and instead (#195)
use seccomp to filter for socket syscalls
2021-04-07 12:31:30 +12:00
Thomas Hobson 5044bfdfbb
split docker files into prod/dev 2021-03-29 21:41:47 +13:00
Brian Seymour b31deaddbc change port to match old piston, some formatting change, add env to fix debian warning/error 2021-03-28 14:01:46 -05:00
Thomas Hobson 2ccae29493
deploy: simplify 2021-03-20 21:28:13 +13:00
Thomas Hobson 4db97b005b
deploy: allow exec on jobs dir 2021-03-13 23:29:33 +13:00
Thomas Hobson a65ecf7386
repo: mount files in build container differently 2021-03-13 19:51:38 +13:00
Thomas Hobson 2ca34bccad
deploy: update compose to match latest changes 2021-03-06 19:20:31 +13:00
Thomas Hobson 70262d8c4b
deploy: new repo container takes care of this 2021-02-28 18:29:20 +13:00
Thomas Hobson 3e6fac5c0e
deploy: enable automated repo add 2021-02-22 21:13:31 +13:00
Thomas Hobson 72e1eb1457
deploy: api privilege 2021-02-21 22:53:42 +13:00
Thomas Hobson f957019710
deploy: docker compose file 2021-02-21 13:15:27 +13:00
Thomas Hobson 60c004eea9
api: lint **everything** 2021-02-21 11:39:03 +13:00