|
|
|
@ -9,6 +9,8 @@
|
|
|
|
|
#include <wait.h>
|
|
|
|
|
|
|
|
|
|
namespace sk {
|
|
|
|
|
runner::runner(runner_backend backend) : backend{backend} {}
|
|
|
|
|
|
|
|
|
|
run_result runner::run_blocking(const program &program) {
|
|
|
|
|
int in_pipe[2];
|
|
|
|
|
int out_pipe[2];
|
|
|
|
@ -28,7 +30,7 @@ run_result runner::run_blocking(const program &program) {
|
|
|
|
|
posix_spawn_file_actions_addclose(&actions, in_pipe[0]);
|
|
|
|
|
posix_spawn_file_actions_addclose(&actions, out_pipe[1]);
|
|
|
|
|
posix_spawn_file_actions_addclose(&actions, err_pipe[1]);
|
|
|
|
|
const char *const args[] = {"docker",
|
|
|
|
|
const char *const docker_args[] = {"docker",
|
|
|
|
|
"run",
|
|
|
|
|
"--rm",
|
|
|
|
|
"-i",
|
|
|
|
@ -40,6 +42,17 @@ run_result runner::run_blocking(const program &program) {
|
|
|
|
|
"--pids-limit=128",
|
|
|
|
|
program.image.c_str(),
|
|
|
|
|
nullptr};
|
|
|
|
|
const char *const bwrap_args[] = {
|
|
|
|
|
"bwrap", "--ro-bind", "/usr", "/usr", "--dir",
|
|
|
|
|
"/tmp", "--dir", "/var", "--proc", "/proc",
|
|
|
|
|
"--dev", "/dev", "--symlink", "usr/lib", "/lib",
|
|
|
|
|
"--symlink", "usr/lib64", "/lib64", "--symlink", "usr/bin",
|
|
|
|
|
"/bin", "--symlink", "usr/sbin", "/sbin", "--unshare-all",
|
|
|
|
|
"/bin/sh", nullptr};
|
|
|
|
|
const char *const *args = docker_args;
|
|
|
|
|
if (backend == runner_backend::BubbleWrap) {
|
|
|
|
|
args = bwrap_args;
|
|
|
|
|
}
|
|
|
|
|
pid_t pid;
|
|
|
|
|
int exit_code;
|
|
|
|
|
if (posix_spawnp(&pid, args[0], &actions, nullptr,
|
|
|
|
|