diff --git a/dockerfiles/judger/Dockerfile b/dockerfiles/judger/Dockerfile index 7718e06..6090728 100644 --- a/dockerfiles/judger/Dockerfile +++ b/dockerfiles/judger/Dockerfile @@ -18,4 +18,5 @@ RUN git clone https://github.com/quark-zju/lrun.git RUN cd lrun && make install RUN mkdir -p /var/judger/run/ && mkdir /var/judger/test_case/ && mkdir /var/judger/code/ RUN chmod -R 777 /var/judger/run/ +COPY policy /var/judger/run/ WORKDIR /var/judger/code/ \ No newline at end of file diff --git a/dockerfiles/judger/policy b/dockerfiles/judger/policy new file mode 100644 index 0000000..a057b21 --- /dev/null +++ b/dockerfiles/judger/policy @@ -0,0 +1,3 @@ +grant { + permission java.io.FilePermission "/tmp", "read"; +}; \ No newline at end of file diff --git a/dockerfiles/oj_web_server/mq.conf b/dockerfiles/oj_web_server/mq.conf index 9dbce3e..ae1797c 100644 --- a/dockerfiles/oj_web_server/mq.conf +++ b/dockerfiles/oj_web_server/mq.conf @@ -2,7 +2,7 @@ command=python manage.py runscript mq -directory=/code/qduoj/ +directory=/code/ user=root numprocs=1 stdout_logfile=/code/log/mq.log diff --git a/judge/judger/client.py b/judge/judger/client.py index 7740587..a5a1f47 100644 --- a/judge/judger/client.py +++ b/judge/judger/client.py @@ -62,6 +62,8 @@ class JudgeClient(object): " --max-real-time " + str(self._max_real_time / 1000.0 * 2) + \ " --max-memory " + str(self._max_memory * 1000 * 1000) + \ " --network false" + \ + " --syscalls '" + self._language["syscalls"] + "'" + \ + " --max-nprocess 20" + \ " --uid " + str(lrun_uid) + \ " --gid " + str(lrun_gid) diff --git a/judge/judger/language.py b/judge/judger/language.py index a61bd32..c7a14eb 100644 --- a/judge/judger/language.py +++ b/judge/judger/language.py @@ -6,6 +6,7 @@ languages = { "name": "c", "src_name": "main.c", "code": 1, + "syscalls": "!execve:k,flock:k,ptrace:k,sync:k,fdatasync:k,fsync:k,msync,sync_file_range:k,syncfs:k,unshare:k,setns:k,clone:k,query_module:k,sysinfo:k,syslog:k,sysfs:k", "compile_command": "gcc -DONLINE_JUDGE -O2 -w -std=c99 {src_path} -lm -o {exe_path}main", "execute_command": "{exe_path}main" }, @@ -13,6 +14,7 @@ languages = { "name": "cpp", "src_name": "main.cpp", "code": 2, + "syscalls": "!execve:k,flock:k,ptrace:k,sync:k,fdatasync:k,fsync:k,msync,sync_file_range:k,syncfs:k,unshare:k,setns:k,clone:k,query_module:k,sysinfo:k,syslog:k,sysfs:k", "compile_command": "g++ -DONLINE_JUDGE -O2 -w -std=c++11 {src_path} -lm -o {exe_path}main", "execute_command": "{exe_path}main" }, @@ -20,8 +22,9 @@ languages = { "name": "java", "src_name": "Main.java", "code": 3, + "syscalls": "!execve:k,flock:k,ptrace:k,sync:k,fdatasync:k,fsync:k,msync,sync_file_range:k,syncfs:k,unshare:k,setns:k,clone[a&268435456==268435456]:k,query_module:k,sysinfo:k,syslog:k,sysfs:k", "compile_command": "javac {src_path} -d {exe_path}", - "execute_command": "java -cp {exe_path} Main" + "execute_command": "java -cp {exe_path} -Djava.security.manager -Djava.security.policy==policy Main" } } diff --git a/judge/judger_controller/tasks.py b/judge/judger_controller/tasks.py index 4574982..2de71d7 100644 --- a/judge/judger_controller/tasks.py +++ b/judge/judger_controller/tasks.py @@ -32,7 +32,7 @@ def judge(submission_id, time_limit, memory_limit, test_case_id): passwd=submission_db["password"], host=submission_db["host"], port=submission_db["port"], - character="utf8") + charset="utf8") cur = conn.cursor() cur.execute("update submission set result=%s, info=%s where id=%s", diff --git a/mq/scripts/info.py b/mq/scripts/mq.py similarity index 100% rename from mq/scripts/info.py rename to mq/scripts/mq.py diff --git a/static/src/js/app/oj/problem/problem.js b/static/src/js/app/oj/problem/problem.js index 4817309..fe51417 100644 --- a/static/src/js/app/oj/problem/problem.js +++ b/static/src/js/app/oj/problem/problem.js @@ -120,12 +120,12 @@ require(["jquery", "codeMirror", "csrfToken", "bsAlert", "ZeroClipboard"], if (code.indexOf("using namespace std") > -1||code.indexOf("") > -1) { return "2"; } - if (code.indexOf("printf")) + if (code.indexOf("printf") > -1) { return "1"; } //java - if (code.indexOf("public class Main")) { + if (code.indexOf("public class Main") > -1) { return "3"; } } diff --git a/tools/run.py b/tools/run.py new file mode 100644 index 0000000..b98c02b --- /dev/null +++ b/tools/run.py @@ -0,0 +1,58 @@ +# coding=utf-8 +import os +import json + +os.system("docker rm -f redis") +os.system("docker rm -f mysql") +os.system("docker rm -f oj_web_server") + +if os.system("docker run --name mysql -v /root/data:/var/lib/mysql -v /root/data/my.cnf:/etc/my.cnf -e MYSQL_ROOT_PASSWORD=root -d mysql/mysql-server:latest"): + print "Error start mysql" + exit() + +if os.system("docker run --name redis -d redis"): + print "Error start redis" + exit() + +if os.system("docker run --name oj_web_server -e oj_env=server -v /root/qduoj:/code -v /root/test_case:/code/test_case -v /root/log:/code/log -v /root/upload:/code/upload -v /root/qduoj/dockerfiles/oj_web_server/supervisord.conf:/etc/supervisord.conf -v /root/qduoj/dockerfiles/oj_web_server/gunicorn.conf:/etc/gunicorn.conf -v /root/qduoj/dockerfiles/oj_web_server/mq.conf:/etc/mq.conf -d -p 127.0.0.1:8080:8080 --link mysql --link=redis oj_web_server"): + print "Erro start oj_web_server" + exit() + +inspect_redis = json.loads(os.popen("docker inspect redis").read()) + +if not inspect_redis: + print "Error when inspect redis ip" + exit() + +redis_ip = inspect_redis[0]["NetworkSettings"]["IPAddress"] +print "redis ip ", redis_ip + + +inspect_mysql = json.loads(os.popen("docker inspect mysql").read()) +if not inspect_mysql: + print "Error when inspect mysql ip" + exit() + +mysql_ip = inspect_mysql[0]["NetworkSettings"]["IPAddress"] +print "mysql ip ", mysql_ip + + +f = open("/etc/profile", "r") +content = "" +for line in f.readlines(): + if line.startswith("export REDIS_PORT_6379_TCP_ADDR"): + content += ("\nexport REDIS_PORT_6379_TCP_ADDR=" + redis_ip + "\n") + elif line.startswith("export submission_db_host"): + content += ("\nexport submission_db_host=" + mysql_ip + "\n") + else: + content += line + +f.close() + + +f = open("/etc/profile", "w") +f.write(content) +f.close() + +print "Please run source /etc/profile" +