def build_virtual_root(self):
# build a virtual file system:
# * can access its own executable
# * can access the pure Python libraries
# * can access the temporary usession directory as /tmp
exclude = ['.pyc', '.pyo']
if self.tmpdir is None:
tmpdirnode = Dir({})
else:
tmpdirnode = RealDir(self.tmpdir, exclude=exclude)
libroot = str(LIB_ROOT)
return Dir({
'bin':
Dir({
'pypy3-c':
RealFile(self.executable), #, mode=0111),
'lib-python':
RealDir(os.path.join(libroot, 'lib-python'), exclude=exclude),
'lib_pypy':
RealDir(os.path.join(libroot, 'lib_pypy'), exclude=exclude),
}),
'tmp':
tmpdirnode,
'dev':
Dir({'urandom': RealFile("/dev/urandom")})
})
def build_virtual_root(tmppath, execpath, procdir):
exclude = ['.pyc', '.pyo']
if tmppath is None:
tmpdirnode = Dir({})
else:
tmpdirnode = RealDir(tmppath, exclude=exclude)
libroot = str(LIB_ROOT)
return Dir({
'usr':
Dir({
'include':
RealDir(os.path.join(os.sep, 'usr', 'include'),
exclude=exclude)
}),
'bin':
Dir({
'pypy-c':
RealFile(execpath),
'lib-python':
RealDir(os.path.join(libroot, 'lib-python'), exclude=exclude),
'lib_pypy':
RealDir(os.path.join(libroot, 'lib_pypy'), exclude=exclude),
}),
'tmp':
tmpdirnode,
'proc':
procdir if procdir is not None else Dir({}),
})
def build_virtual_root(self):
# build a virtual file system:
# * can access its own executable
# * can access the pure Python libraries
# * can access the temporary usession directory as /tmp
exclude = ['.pyc', '.pyo']
if self.tmpdir is None:
tmpdirnode = Dir({})
else:
tmpdirnode = RealDir(self.tmpdir, exclude=exclude)
libroot = str(LIB_ROOT)
try:
virtualPypy = RealFile(self.executable, mode=011)
except:
virtualPypy = RealFile(self.executable) # for backwards compat.
binDirData = {
'pypy-c': virtualPypy,
'lib-python': RealDir(os.path.join(libroot, 'lib-python'),
exclude=exclude),
'lib_pypy': RealDir(os.path.join(libroot, 'lib_pypy'),
exclude=exclude),
}
for vpath, realpath in self.extraPyPackages.items():
binDirData[vpath] = RealDir(os.path.abspath(realpath), exclude=exclude)
return Dir({
'bin': Dir(binDirData),
'tmp': tmpdirnode,
})
def jailed_expression(expr):
clean_jail()
if len(prisoners) >= JAIL_SIZE:
raise ValueError("Jail is full")
args = ['-c', expr]
exe = '/usr/bin/pypy-c-sandbox'
for i in xrange(JAIL_SIZE):
if i not in prisoners:
pid = i
break
new = JailedProc(args, exe, JAIL_UID, JAIL_GID, MAX_HEAP,
tmppath=TMP_DIR, chroot=CHROOT_DIR,
procdir=procdir, p_table=prisoners)
prisoners[pid] = new
procdir.entries[str(pid)] = Dir({"source":File(expr)})
clean_jail()
import urllib2
from rpython.translator.sandbox.vfs import Dir, File
from sandbox.jail import JailedProc
MAX_HEAP = 16777216
TMP_DIR = '/execbot/tmp'
CHROOT_DIR = '/execbot/chroot'
JAIL_SIZE = 16
JAIL_UID = 99
JAIL_GID = 99
prisoners = {}
procdir = Dir({})
def clean_jail():
to_delete = set()
for i, prisoner in prisoners.iteritems():
if prisoner.poll() is not None:
to_delete.add(i)
for i in to_delete:
del prisoners[i]
del procdir.entries[str(i)]
def jailed_script(url):
try:
response = urllib2.urlopen(url)
content = response.read()
def build_virtual_root(self):
return Dir({
'hi.txt': File("Hello, world!\n"),
'this.pyc': RealFile(__file__),
})