From: Marius Gavrilescu Date: Mon, 2 Feb 2015 21:56:57 +0000 (+0200) Subject: Add support for sudo X-Git-Tag: 5999.000_005~66 X-Git-Url: http://git.ieval.ro/?p=gruntmaster-daemon.git;a=commitdiff_plain;h=65ab2558b0c9ddd6690ee9e08319913a2ea8ef22 Add support for sudo --- diff --git a/gruntmaster-exec b/gruntmaster-exec index 319671e..c824b20 100755 --- a/gruntmaster-exec +++ b/gruntmaster-exec @@ -28,6 +28,7 @@ use sigtrap qw/XFSZ/; use Getopt::Long; use POSIX qw//; +use Text::ParseWords qw/shellwords/; use Time::HiRes qw/alarm/; my (@fds, $timeout, $mlimit, $olimit, $nobody); @@ -42,13 +43,29 @@ GetOptions( "nobody!" => \$nobody, ); +my $killuser = $ENV{GRUNTMASTER_KILL_USER}; +my @sudo; +@sudo = (shellwords ($ENV{GRUNTMASTER_SUDO}), '--') if $ENV{GRUNTMASTER_SUDO}; +$mlimit = 1_000_000_000 if @sudo; # sudo wants a lot of address space + my $ret = fork // die 'Cannot fork'; if ($ret) { my $tle; - local $SIG{ALRM} = sub { kill KILL => $ret; $tle = 1}; + local $SIG{ALRM} = sub { + if ($killuser) { + system @sudo, 'pkill', '-KILL', '-u', $killuser; + } else { + kill KILL => $ret + } + $tle = 1 + }; alarm ($timeout || 5); waitpid $ret, 0; alarm 0; + if (@sudo) { + $? = $? >> 8; + $? = $? < 128 ? ($? << 8) : $? - 128; + } my $sig = $? & 127; my $signame = sig_name $sig; exit !say TLE, "\nTime Limit Exceeded" if $tle; @@ -70,12 +87,14 @@ if ($ret) { POSIX::close $oldfd or die $!; } } + my $nproc = $killuser ? 5 : 1; %ENV = (ONLINE_JUDGE => 1, PATH => $ENV{PATH}, HOME => $ENV{HOME}); setrlimit RLIMIT_AS, $mlimit, $mlimit or die $! if $mlimit; setrlimit RLIMIT_FSIZE, $olimit, $olimit or die $! if $olimit; - setrlimit RLIMIT_NPROC, 1, 1 or die $! if $nobody; + setrlimit RLIMIT_NPROC, $nproc, $nproc or die $! if $nobody; POSIX::setgid $nobody ? 65534 : USER; POSIX::setuid $nobody ? 65534 : GROUP; + unshift @ARGV, @sudo if $nobody; exec @ARGV; } diff --git a/lib/Gruntmaster/Daemon.pm b/lib/Gruntmaster/Daemon.pm index f222500..07b6fb6 100644 --- a/lib/Gruntmaster/Daemon.pm +++ b/lib/Gruntmaster/Daemon.pm @@ -161,7 +161,6 @@ sub got_job{ } sub run{ - warn "No GRUNTMASTER_VM environment variable. Running without a VM is a security risk.\n" unless $ENV{GRUNTMASTER_VM}; require Gruntmaster::Data; $db = Gruntmaster::Data->connect($ENV{GRUNTMASTER_DSN} // 'dbi:Pg:'); Log::Log4perl->init('/etc/gruntmasterd/gruntmasterd-log.conf');