I'm developing a code executor with a docker, is there a law to block access to the system?

Asked 2 years ago, Updated 2 years ago, 112 views

You want to run Python code from Docker's container to Exec.

Implement until exec using Golang's dockerclient and pi You have reached the stage of executing the sun code.

But import os; os.system("sudo rm -rf /*") Entering the code that accesses the system in the same way as The container stops working.

So we want to prevent the use of system, network-related functions when executing code.

Is there a way to prevent system calls like an error at the bottom when you make an os-related call in the code executor of hashcode? (Like the Run option)

signal: bad system call (core dumped)

Note: The way to execute the code is to load the file and name the python3 file.Run the command with py .

I'd appreciate it if you could tell me how to prevent system calls!

code-runner

2022-09-22 18:38

1 Answers

I'm Park Sang-yeol, a software engineer at Grepp.

Hashcode's code executor uses seccomp included in the Linux kernel to restrict the code from accessing unusual system calls when the code is executed.

If the process that executed the code approaches a system call, it receives a SIGSYS(Bad system call) signal just before making the system call.

Therefore, it ends with an error message as shown below.

signal: bad system call (core dumped)


2022-09-22 18:38

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.