diff --git a/api/Dockerfile b/api/Dockerfile index 686ff02..7388afa 100644 --- a/api/Dockerfile +++ b/api/Dockerfile @@ -10,10 +10,7 @@ RUN for i in $(seq 1001 1500); do \ RUN apt-get update && \ apt-get install -y libxml2 gnupg tar coreutils util-linux libc6-dev \ binutils build-essential locales libpcre3-dev libevent-dev libgmp3-dev \ - libncurses6 libncurses5 libedit-dev libseccomp-dev rename procps python3 \ - libreadline-dev libblas-dev liblapack-dev libpcre3-dev libarpack2-dev \ - libfftw3-dev libglpk-dev libqhull-dev libqrupdate-dev libsuitesparse-dev \ - libsundials-dev && \ + libncurses6 libncurses5 libedit-dev libseccomp-dev rename procps python3 && \ rm -rf /var/lib/apt/lists/* RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen diff --git a/api/src/api/v2.js b/api/src/api/v2.js index f961913..4d8713a 100644 --- a/api/src/api/v2.js +++ b/api/src/api/v2.js @@ -1,13 +1,14 @@ const express = require('express'); const router = express.Router(); +const config = require('../config'); const runtime = require('../runtime'); const {Job} = require("../job"); const package = require('../package') const logger = require('logplease').create('api/v1'); router.post('/execute', async function(req, res){ - const {language, version, files, stdin, args, run_timeout, compile_timeout} = req.body; + const {language, version, files, stdin, args, run_timeout, compile_timeout, max_memory_usage} = req.body; if(!language || typeof language !== "string") { @@ -37,7 +38,7 @@ router.post('/execute', async function(req, res){ } for (const [i,file] of files.entries()) { - if(typeof file.content !== "string"){ + if(!file.content || typeof file.content !== "string"){ return res .status(400) .send({ @@ -46,6 +47,21 @@ router.post('/execute', async function(req, res){ } } + if (max_memory_usage) { + if (typeof max_memory_usage !== "number" || max_memory_usage < 0) { + return res + .status(400) + .send({ + message: "if specified, max_memory_usage must be a non-negative number" + }) + } else if (max_memory_usage > config.max_memory_usage) { + return res + .status(400) + .send({ + message: "max_memory_usage cannot exceed the configured limit of " + config.max_memory_usage + }) + } + } @@ -68,7 +84,8 @@ router.post('/execute', async function(req, res){ timeouts: { run: run_timeout || 3000, compile: compile_timeout || 10000 - } + }, + max_memory_usage: max_memory_usage || config.max_memory_usage }); await job.prime(); diff --git a/api/src/config.js b/api/src/config.js index c97b64c..12da1c6 100644 --- a/api/src/config.js +++ b/api/src/config.js @@ -108,6 +108,12 @@ const options = [ default: 1000000, //1MB validators: [] }, + { + key: 'max_memory_usage', + desc: 'Max memory usage in bytes', + default: 256000000, //256MB + validators: [] + }, { key: 'repo_url', desc: 'URL of repo index', diff --git a/api/src/job.js b/api/src/job.js index b711ac1..258300a 100644 --- a/api/src/job.js +++ b/api/src/job.js @@ -19,7 +19,7 @@ let gid = 0; class Job { - constructor({ runtime, files, args, stdin, timeouts }) { + constructor({ runtime, files, args, stdin, timeouts, max_memory_usage }) { this.uuid = uuidv4(); this.runtime = runtime; this.files = files.map((file,i) => ({ @@ -30,6 +30,7 @@ class Job { this.args = args; this.stdin = stdin; this.timeouts = timeouts; + this.max_memory_usage = max_memory_usage; this.uid = config.runner_uid_min + uid; this.gid = config.runner_gid_min + gid; @@ -75,7 +76,8 @@ class Job { 'prlimit', '--nproc=' + config.max_process_count, '--nofile=' + config.max_open_files, - '--fsize=' + config.max_file_size + '--fsize=' + config.max_file_size, + '--as=' + this.max_memory_usage ]; const proc_call = [ @@ -161,7 +163,8 @@ class Job { compile = await this.safe_call( path.join(this.runtime.pkgdir, 'compile'), this.files.map(x => x.name), - this.timeouts.compile + this.timeouts.compile, + config.max_memory_usage ); } @@ -170,7 +173,8 @@ class Job { const run = await this.safe_call( path.join(this.runtime.pkgdir, 'run'), [this.files[0].name, ...this.args], - this.timeouts.run + this.timeouts.run, + this.max_memory_usage ); this.state = job_states.EXECUTED; diff --git a/packages/octave/6.2.0/build.sh b/packages/octave/6.2.0/build.sh deleted file mode 100755 index 48a9853..0000000 --- a/packages/octave/6.2.0/build.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -# Build octave from source -PREFIX=$(realpath $(dirname $0)) - -mkdir -p build - -cd build - -curl -L "https://ftpmirror.gnu.org/octave/octave-6.2.0.tar.gz" -o octave.tar.gz - -tar xzf octave.tar.gz --strip-components=1 - -# === autoconf based === -# Disable support for GUI, HDF5 and Java -./configure --prefix "$PREFIX" --without-opengl --without-qt --without-x --without-hdf5 --disable-java - -make -j$(nproc) -make install -j$(nproc) - -cd ../ -rm -rf build diff --git a/packages/octave/6.2.0/environment b/packages/octave/6.2.0/environment deleted file mode 100644 index fcbc1e3..0000000 --- a/packages/octave/6.2.0/environment +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash - -# Path to octave binary -export PATH=$PWD/bin:$PATH diff --git a/packages/octave/6.2.0/metadata.json b/packages/octave/6.2.0/metadata.json deleted file mode 100644 index 5c37dc9..0000000 --- a/packages/octave/6.2.0/metadata.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "language": "octave", - "version": "6.2.0", - "aliases": [] -} diff --git a/packages/octave/6.2.0/run b/packages/octave/6.2.0/run deleted file mode 100644 index b3e4e73..0000000 --- a/packages/octave/6.2.0/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash - -# Run octave scripts without gui, history, init scripts and initial message -octave --no-gui --no-window-system --no-history --no-init-file --no-site-file --norc --quiet "$@" diff --git a/packages/octave/6.2.0/test.octave b/packages/octave/6.2.0/test.octave deleted file mode 100644 index a94310b..0000000 --- a/packages/octave/6.2.0/test.octave +++ /dev/null @@ -1 +0,0 @@ -disp('OK') \ No newline at end of file diff --git a/readme.md b/readme.md index f1d0f2e..21d152d 100644 --- a/readme.md +++ b/readme.md @@ -210,6 +210,7 @@ This endpoint requests execution of some arbitrary code. - `args` (*optional*) The arguments to pass to the program. Must be an array or left out. Defaults to `[]`. - `compile_timeout` (*optional*) The maximum time allowed for the compile stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to `10000` (10 seconds). - `run_timeout` (*optional*) The maximum time allowed for the run stage to finish before bailing out in milliseconds. Must be a number or left out. Defaults to `3000` (3 seconds). +- `max_memory_usage` (*optional*) The maximum amount of memory the run stage is allowed to use. Must be a number or left out. Defaults to `256000000` (256 MB) ```json { @@ -228,7 +229,8 @@ This endpoint requests execution of some arbitrary code. "3" ], "compile_timeout": 10000, - "run_timeout": 3000 + "run_timeout": 3000, + "max_memory_usage": 256000000 } ``` A typical response upon successful execution will contain 1 or 2 keys `run` and `compile`. diff --git a/repo/Dockerfile b/repo/Dockerfile index 106fef4..fb4a315 100644 --- a/repo/Dockerfile +++ b/repo/Dockerfile @@ -6,9 +6,8 @@ RUN apt-get update && apt-get install -y unzip autoconf build-essential libssl-d linux-headers-amd64 perl xz-utils python3 python3-pip gnupg jq zlib1g-dev \ cmake cmake-doc extra-cmake-modules build-essential gcc binutils bash coreutils \ util-linux pciutils usbutils coreutils binutils findutils grep libncurses5-dev \ - libncursesw5-dev python3-pip libgmp-dev libmpfr-dev python2 libffi-dev gfortran\ - libreadline-dev libblas-dev liblapack-dev libpcre3-dev libarpack2-dev libfftw3-dev \ - libglpk-dev libqhull-dev libqrupdate-dev libsuitesparse-dev libsundials-dev && \ + libncursesw5-dev python3-pip libgmp-dev libmpfr-dev python2 libffi-dev \ + libreadline-dev && \ ln -sf /bin/bash /bin/sh && \ rm -rf /var/lib/apt/lists/* && \ update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2 @@ -17,4 +16,3 @@ ADD entrypoint.sh mkindex.sh / ENTRYPOINT ["bash","/entrypoint.sh"] CMD ["--no-build"] -