From 6ef0cdf7b4c96e71d49ae267dc905c177ede1d51 Mon Sep 17 00:00:00 2001
From: Omar Brikaa <brikaaomar@gmail.com>
Date: Sat, 8 Feb 2025 15:10:50 +0200
Subject: [PATCH 1/2] Provide HOME in sandbox (#702)
---
api/src/job.js | 2 ++
1 file changed, 2 insertions(+)
diff --git a/api/src/job.js b/api/src/job.js
index d46120b..31f688d 100644
--- a/api/src/job.js
+++ b/api/src/job.js
@@ -156,6 +156,8 @@ class Job {
'-s',
'-c',
'/box/submission',
+ '-E',
+ 'HOME=/tmp',
'-e',
`--dir=${this.runtime.pkgdir}`,
`--dir=/etc:noexec`,
From 1d55a41a2d563318388596b46d7da772027339ba Mon Sep 17 00:00:00 2001
From: Omar Brikaa <brikaaomar@gmail.com>
Date: Sat, 8 Feb 2025 20:46:46 +0200
Subject: [PATCH 2/2] Explicitly provide env vars instead of inheriting them
from parent (#703)
---
api/src/job.js | 8 +++-----
api/src/runtime.js | 10 +---------
2 files changed, 4 insertions(+), 14 deletions(-)
diff --git a/api/src/job.js b/api/src/job.js
index 31f688d..8c3fa79 100644
--- a/api/src/job.js
+++ b/api/src/job.js
@@ -158,7 +158,9 @@ class Job {
'/box/submission',
'-E',
'HOME=/tmp',
- '-e',
+ ...this.runtime.env_vars.flat_map(v => ['-E', v]),
+ '-E',
+ `PISTON_LANGUAGE=${this.runtime.language}`,
`--dir=${this.runtime.pkgdir}`,
`--dir=/etc:noexec`,
`--processes=${this.runtime.max_process_count}`,
@@ -177,10 +179,6 @@ class Job {
...args,
],
{
- env: {
- ...this.runtime.env_vars,
- PISTON_LANGUAGE: this.runtime.language,
- },
stdio: 'pipe',
}
);
diff --git a/api/src/runtime.js b/api/src/runtime.js
index 9a2adf4..90a2225 100644
--- a/api/src/runtime.js
+++ b/api/src/runtime.js
@@ -178,15 +178,7 @@ class Runtime {
const env_file = path.join(this.pkgdir, '.env');
const env_content = fss.read_file_sync(env_file).toString();
- this._env_vars = {};
-
- env_content
- .trim()
- .split('\n')
- .map(line => line.split('=', 2))
- .forEach(([key, val]) => {
- this._env_vars[key.trim()] = val.trim();
- });
+ this._env_vars = env_content.trim().split('\n');
}
return this._env_vars;