From: Marius Gavrilescu <marius@ieval.ro>
Date: Sat, 7 Feb 2015 11:47:09 +0000 (+0200)
Subject: Use sudo in VM
X-Git-Tag: 5999.000_005~50
X-Git-Url: http://git.ieval.ro/?p=gruntmaster-daemon.git;a=commitdiff_plain;h=6f7e6b072e24d3464b18d4768a3da52ee15b8565

Use sudo in VM
---

diff --git a/ex/makevm b/ex/makevm
index c054cf1..bf240c3 100755
--- a/ex/makevm
+++ b/ex/makevm
@@ -24,8 +24,12 @@ squashfs
 9pnet
 9pnet_virtio
 EOF
+cat >> vm/etc/sudoers <<EOF
+Defaults>nobody closefrom=5
+Defaults>nobody !env_check
+Defaults>nobody env_keep="ONLINE_JUDGE PATH HOME"
+EOF
 install gruntmaster-exec gruntmaster-compile vm/usr/bin/
-sed -i -e "s/USER => 65534/USER => $USER/" -e "s/GROUP => 65534/GROUP => $GROUP/" vm/usr/bin/gruntmaster-exec
 chroot vm update-initramfs -d -k 3.2.0-4-amd64
 chroot vm update-initramfs -c -k 3.2.0-4-amd64
 umount vm/proc
diff --git a/ex/vm.conf b/ex/vm.conf
index 05323ed..f2aab06 100644
--- a/ex/vm.conf
+++ b/ex/vm.conf
@@ -5,7 +5,7 @@ bootstrap=Debian
 aptsources=Debian
 
 [Debian]
-packages=linux-image-3.2.0-4-amd64 mawk libbsd-resource-perl libipc-signal-perl gcc g++ mono-gmcs default-jdk golang-go gccgo ghc fpc perl python
+packages=linux-image-3.2.0-4-amd64 mawk libbsd-resource-perl libipc-signal-perl gcc g++ mono-gmcs default-jdk golang-go gccgo ghc fpc perl python sudo
 source=http://ftp.ro.debian.org/debian
 keyring=debian-archive-keyring
 suite=wheezy
diff --git a/gruntmaster-exec b/gruntmaster-exec
index d8028b8..8ab857b 100755
--- a/gruntmaster-exec
+++ b/gruntmaster-exec
@@ -18,9 +18,6 @@ use constant +{
 	DIED => 5,
 	REJ => 10,
 };
-# These constants are changed by ex/makevm
-use constant USER => 65534;
-use constant GROUP => 65534;
 
 use BSD::Resource qw/setrlimit RLIMIT_AS RLIMIT_FSIZE RLIMIT_NPROC/;
 use IPC::Signal qw/sig_name sig_num/;
@@ -93,8 +90,6 @@ if ($ret) {
 	setrlimit RLIMIT_AS, $mlimit, $mlimit or die $! if $mlimit;
 	setrlimit RLIMIT_FSIZE, $olimit, $olimit or die $! if $olimit;
 	setrlimit RLIMIT_NPROC, $nproc, $nproc or die $! if $nobody;
-	POSIX::setgid $nobody ? 65534 : USER;
-	POSIX::setuid $nobody ? 65534 : GROUP;
 	unshift @ARGV, @sudo;
 	say STDERR "Executing: ", join ' ', map { "'$_'" } @ARGV if $debug;
 	exec @ARGV;