def build_virtual_root(self): # build a virtual file system: # * can access its own executable # * can access the pure Python libraries # * can access the temporary usession directory as /tmp exclude = ['.pyc', '.pyo'] if self.tmpdir is None: tmpdirnode = Dir({}) else: tmpdirnode = RealDir(self.tmpdir, exclude=exclude) libroot = str(LIB_ROOT) return Dir({ 'bin': Dir({ 'pypy3-c': RealFile(self.executable), #, mode=0111), 'lib-python': RealDir(os.path.join(libroot, 'lib-python'), exclude=exclude), 'lib_pypy': RealDir(os.path.join(libroot, 'lib_pypy'), exclude=exclude), }), 'tmp': tmpdirnode, 'dev': Dir({'urandom': RealFile("/dev/urandom")}) })
def build_virtual_root(tmppath, execpath, procdir): exclude = ['.pyc', '.pyo'] if tmppath is None: tmpdirnode = Dir({}) else: tmpdirnode = RealDir(tmppath, exclude=exclude) libroot = str(LIB_ROOT) return Dir({ 'usr': Dir({ 'include': RealDir(os.path.join(os.sep, 'usr', 'include'), exclude=exclude) }), 'bin': Dir({ 'pypy-c': RealFile(execpath), 'lib-python': RealDir(os.path.join(libroot, 'lib-python'), exclude=exclude), 'lib_pypy': RealDir(os.path.join(libroot, 'lib_pypy'), exclude=exclude), }), 'tmp': tmpdirnode, 'proc': procdir if procdir is not None else Dir({}), })
def build_virtual_root(self): # build a virtual file system: # * can access its own executable # * can access the pure Python libraries # * can access the temporary usession directory as /tmp exclude = ['.pyc', '.pyo'] if self.tmpdir is None: tmpdirnode = Dir({}) else: tmpdirnode = RealDir(self.tmpdir, exclude=exclude) libroot = str(LIB_ROOT) try: virtualPypy = RealFile(self.executable, mode=011) except: virtualPypy = RealFile(self.executable) # for backwards compat. binDirData = { 'pypy-c': virtualPypy, 'lib-python': RealDir(os.path.join(libroot, 'lib-python'), exclude=exclude), 'lib_pypy': RealDir(os.path.join(libroot, 'lib_pypy'), exclude=exclude), } for vpath, realpath in self.extraPyPackages.items(): binDirData[vpath] = RealDir(os.path.abspath(realpath), exclude=exclude) return Dir({ 'bin': Dir(binDirData), 'tmp': tmpdirnode, })
def jailed_expression(expr): clean_jail() if len(prisoners) >= JAIL_SIZE: raise ValueError("Jail is full") args = ['-c', expr] exe = '/usr/bin/pypy-c-sandbox' for i in xrange(JAIL_SIZE): if i not in prisoners: pid = i break new = JailedProc(args, exe, JAIL_UID, JAIL_GID, MAX_HEAP, tmppath=TMP_DIR, chroot=CHROOT_DIR, procdir=procdir, p_table=prisoners) prisoners[pid] = new procdir.entries[str(pid)] = Dir({"source":File(expr)}) clean_jail()
import urllib2 from rpython.translator.sandbox.vfs import Dir, File from sandbox.jail import JailedProc MAX_HEAP = 16777216 TMP_DIR = '/execbot/tmp' CHROOT_DIR = '/execbot/chroot' JAIL_SIZE = 16 JAIL_UID = 99 JAIL_GID = 99 prisoners = {} procdir = Dir({}) def clean_jail(): to_delete = set() for i, prisoner in prisoners.iteritems(): if prisoner.poll() is not None: to_delete.add(i) for i in to_delete: del prisoners[i] del procdir.entries[str(i)] def jailed_script(url): try: response = urllib2.urlopen(url) content = response.read()
def build_virtual_root(self): return Dir({ 'hi.txt': File("Hello, world!\n"), 'this.pyc': RealFile(__file__), })