Documentation
¶
Index ¶
- Variables
- func Fatal(output string)
- func GetPtrsFromCmd(cmd *exec.Cmd) (*os.File, error)
- func Info(output string)
- func IsPidRunning(pid int) bool
- func ProcessVmReadVStr(pid int, address uintptr) (string, error)
- func ReadPeekString(pid int, address uintptr) (string, error)
- func Warn(output string)
- type SandboxProfile
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // default profile SANDBOX_DEFAULT_PROFILE = SandboxProfile{ AllowRead: map[string]bool{ "/etc/ld.so.nohwcap": true, "/etc/ld.so.preload": true, "/etc/ld.so.cache": true, "/usr/lib/locale/locale-archive": true, "/proc/self/exe": true, "/etc/timezone": true, "/usr/share/zoneinfo": true, "/dev/random": true, "/dev/urandom": true, "/proc/meminfo": true, "/etc/localtime": true, "/usr/lib": true, "/usr/lib64": true, "/lib": true, "/usr/local/lib": true, "main.py": true, }, AllowWrite: map[string]bool{ "/dev/null": true, }, DisallowRead: map[string]bool{}, DisallowWrite: map[string]bool{}, SeccompPolicy: seccomp.Policy{ DefaultAction: seccomp.ActionErrno, Syscalls: []seccomp.SyscallGroup{ { Action: seccomp.ActionAllow, Names: []string{ "read", "readv", "pread64", "write", "writev", "statfs", "getpgrp", "restart_syscall", "select", "modify_ldt", "ppoll", "sched_getaffinity", "sched_getparam", "sched_getscheduler", "sched_get_priority_min", "sched_get_priority_max", "timerfd_create", "timer_create", "timer_settime", "timer_delete", "rt_sigreturn", "nanosleep", "sysinfo", "getrandom", "close", "dup", "dup2", "dup3", "fstat", "mmap", "mremap", "mprotect", "madvise", "munmap", "brk", "fcntl", "arch_prctl", "set_tid_address", "set_robust_list", "futex", "rt_sigaction", "rt_sigprocmask", "getrlimit", "ioctl", "getcwd", "geteuid", "getuid", "getegid", "getgid", "getdents", "getdents64", "lseek", "getrusage", "sigaltstack", "pipe", "pipe2", "clock_gettime", "clock_getres", "gettimeofday", "getpid", "getppid", "sched_yield", "clone", "exit", "exit_group", "gettid", "fadvise64", "msync", "mincore", "rt_sigpending", "times", "time", "set_thread_area", "uname", "setrlimit", }, }, { Action: seccomp.ActionTrace, Names: []string{ "execve", "execveat", "open", "openat", "unlink", "unlinkat", "readlink", "readlinkat", "lstat", "stat", "access", "faccessat", }, }, }, }, } // compiler profile SANDBOX_COMPILER_PROFILE = SandboxProfile{ AllowRead: map[string]bool{ ".": true, "../runtime": true, "/etc/oracle/java/usagetracker.properties": true, "/usr": true, "/lib": true, "/lib64": true, "/bin": true, "/sbin": true, "/sys/devices/system/cpu": true, "/proc": true, "/etc/timezone": true, "/etc/fpc-2.6.2.cfg.d": true, "/etc/fpc.cfg": true, }, AllowWrite: map[string]bool{ "/tmp": true, ".": true, }, DisallowRead: map[string]bool{ "/dev/null": true, "/dev/tty": true, "/dev/zero": true, }, DisallowWrite: map[string]bool{ "/etc/nsswitch.conf": true, "/etc/resolv.conf": true, "/etc/passwd": true, "/etc/malloc.conf": true, }, SeccompPolicy: seccomp.Policy{ DefaultAction: seccomp.ActionAllow, Syscalls: []seccomp.SyscallGroup{ { Action: seccomp.ActionTrace, Names: []string{ "open", "openat", "unlink", "unlinkat", "readlink", "readlinkat", "lstat", "stat", "access", "faccessat", }, }, }, }, } )
"inspired" by https://github.com/DMOJ/judge-server/blob/master/dmoj/cptbox/isolate.py and https://github.com/criyle/go-sandbox/tree/master/config ~~~ thx there's no way i'm going through all that ~~~
Functions ¶
func IsPidRunning ¶
func ReadPeekString ¶
grabs the string at the given address without process_vm_readv.
Types ¶
Source Files
Click to show internal directories.
Click to hide internal directories.