From 6ef0cdf7b4c96e71d49ae267dc905c177ede1d51 Mon Sep 17 00:00:00 2001 From: Omar Brikaa Date: Sat, 8 Feb 2025 15:10:50 +0200 Subject: [PATCH 1/2] Provide HOME in sandbox (#702) --- api/src/job.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/src/job.js b/api/src/job.js index d46120b..31f688d 100644 --- a/api/src/job.js +++ b/api/src/job.js @@ -156,6 +156,8 @@ class Job { '-s', '-c', '/box/submission', + '-E', + 'HOME=/tmp', '-e', `--dir=${this.runtime.pkgdir}`, `--dir=/etc:noexec`, From 1d55a41a2d563318388596b46d7da772027339ba Mon Sep 17 00:00:00 2001 From: Omar Brikaa Date: Sat, 8 Feb 2025 20:46:46 +0200 Subject: [PATCH 2/2] Explicitly provide env vars instead of inheriting them from parent (#703) --- api/src/job.js | 8 +++----- api/src/runtime.js | 10 +--------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/api/src/job.js b/api/src/job.js index 31f688d..8c3fa79 100644 --- a/api/src/job.js +++ b/api/src/job.js @@ -158,7 +158,9 @@ class Job { '/box/submission', '-E', 'HOME=/tmp', - '-e', + ...this.runtime.env_vars.flat_map(v => ['-E', v]), + '-E', + `PISTON_LANGUAGE=${this.runtime.language}`, `--dir=${this.runtime.pkgdir}`, `--dir=/etc:noexec`, `--processes=${this.runtime.max_process_count}`, @@ -177,10 +179,6 @@ class Job { ...args, ], { - env: { - ...this.runtime.env_vars, - PISTON_LANGUAGE: this.runtime.language, - }, stdio: 'pipe', } ); diff --git a/api/src/runtime.js b/api/src/runtime.js index 9a2adf4..90a2225 100644 --- a/api/src/runtime.js +++ b/api/src/runtime.js @@ -178,15 +178,7 @@ class Runtime { const env_file = path.join(this.pkgdir, '.env'); const env_content = fss.read_file_sync(env_file).toString(); - this._env_vars = {}; - - env_content - .trim() - .split('\n') - .map(line => line.split('=', 2)) - .forEach(([key, val]) => { - this._env_vars[key.trim()] = val.trim(); - }); + this._env_vars = env_content.trim().split('\n'); } return this._env_vars;