Omar Brikaa
bd42fe3357
Improve isolation, execution limits and execution metrics by using Isolate ( #683 )
...
* Initial: use Isolate for isolation
* Continue: use Isolate for isolation
* Bug fixes
* timeout is wall-time for backward compatibility
* Documentation, signal names, reported time in ms
* Report memory usage in bytes
* Add privileged flags where needed
* Remove tmpfs
* Remove tmpfs
* Fix package installation
* Fix path, fix Zig: CRLF -> LF
2024-09-08 13:58:40 +12:00
Omar Brikaa
e1a1be7e4c
Permission mode 711
2022-06-30 13:35:35 +02:00
Omar Brikaa
07ec6b3f78
Don't include the tmpfs in the docker volume
2022-06-30 13:31:17 +02:00
Thomas Hobson
c355abc4a7
Fix #487
...
Permissions on the jobs directory allowed anyone to write into the directory - this commit simply allows only the `node` user to `rwx` on the jobs directory.
2022-06-12 16:19:02 +12:00
Thomas Hobson
5221cdc7f4
make /tmp executable
2021-04-29 13:57:29 +12:00
Thomas Hobson
724cbbaa9b
mount /tmp as tmpfs in container
2021-04-28 14:34:51 +12:00
Brian Seymour
b3575246bd
change urls, fix docker compose file
2021-04-22 18:43:21 -05:00
Thomas
7191bc063c
ghcr.io package
2021-04-17 16:41:27 +12:00
Victor Frazao
552fb91c6b
v3 - Remove the use of unshare + privileged mode and instead ( #195 )
...
use seccomp to filter for socket syscalls
2021-04-07 12:31:30 +12:00
Thomas Hobson
5044bfdfbb
split docker files into prod/dev
2021-03-29 21:41:47 +13:00
Brian Seymour
b31deaddbc
change port to match old piston, some formatting change, add env to fix debian warning/error
2021-03-28 14:01:46 -05:00
Thomas Hobson
2ccae29493
deploy: simplify
2021-03-20 21:28:13 +13:00
Thomas Hobson
4db97b005b
deploy: allow exec on jobs dir
2021-03-13 23:29:33 +13:00
Thomas Hobson
a65ecf7386
repo: mount files in build container differently
2021-03-13 19:51:38 +13:00
Thomas Hobson
2ca34bccad
deploy: update compose to match latest changes
2021-03-06 19:20:31 +13:00
Thomas Hobson
70262d8c4b
deploy: new repo container takes care of this
2021-02-28 18:29:20 +13:00
Thomas Hobson
3e6fac5c0e
deploy: enable automated repo add
2021-02-22 21:13:31 +13:00
Thomas Hobson
72e1eb1457
deploy: api privilege
2021-02-21 22:53:42 +13:00
Thomas Hobson
f957019710
deploy: docker compose file
2021-02-21 13:15:27 +13:00
Thomas Hobson
60c004eea9
api: lint **everything**
2021-02-21 11:39:03 +13:00