update java runtime security policy

dockerfiles/judger/Dockerfile

@@ -18,4 +18,5 @@ RUN git clone https://github.com/quark-zju/lrun.git
 RUN cd lrun && make install
 RUN mkdir -p /var/judger/run/ && mkdir /var/judger/test_case/ && mkdir /var/judger/code/
 RUN chmod -R 777 /var/judger/run/
+COPY policy /var/judger/run/
 WORKDIR /var/judger/code/

dockerfiles/judger/policy

@@ -0,0 +1,3 @@
+grant {
+    permission java.io.FilePermission "/tmp", "read";
+};

judge/judger/client.py

@@ -64,6 +64,7 @@ class JudgeClient(object):
                   " --network false" + \
                   " --syscalls '!execve:k,flock:k,ptrace:k,sync:k,fdatasync:k,fsync:k,msync,sync_file_range:k,syncfs:k" \
                   ",unshare:k,setns:k,clone[a&268435456==268435456]:k,query_module:k,sysinfo:k,syslog:k,sysfs:k'" + \
+                  " --max-nprocess 20" + \
                   " --uid " + str(lrun_uid) + \
                   " --gid " + str(lrun_gid)
 

judge/judger/language.py

@@ -21,7 +21,7 @@ languages = {
         "src_name": "Main.java",
         "code": 3,
         "compile_command": "javac {src_path} -d {exe_path}",
-        "execute_command": "java -cp {exe_path} Main"
+        "execute_command": "java -cp {exe_path} -Djava.security.manager -Djava.security.policy==policy Main"
     }
 }