executable

package
v1.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultMemoryLimitInBytes int64 = 2 * 1024 * 1024 * 1024

DefaultMemoryLimitInBytes is the default memory limit (2GB)

Variables

View Source 
var (
	ErrSandboxMemoryExceeded = errors.New("sandbox: memory limit exceeded (RLIMIT_AS)")
	ErrSandboxCPUExceeded    = errors.New("sandbox: cpu time limit exceeded (RLIMIT_CPU)")
	ErrSandboxForkBlocked    = errors.New("sandbox: process count limit exceeded (RLIMIT_NPROC)")
	ErrSandboxSyscallBlocked = errors.New("sandbox: blocked syscall (seccomp)")
	ErrSandboxFileTooLarge   = errors.New("sandbox: file size limit exceeded (RLIMIT_FSIZE)")
)

Sandbox error sentinels — distinguishable from business logic errors.

View Source 
var ErrMemoryLimitExceeded = errors.New("process exceeded memory limit")

ErrMemoryLimitExceeded is returned when a process exceeds its memory limit

Functions

This section is empty.

Types

type Executable 

type Executable struct {
	// Path is the path to the executable.
	Path string

	// TimeoutInMilliseconds is the maximum time the process can run.
	TimeoutInMilliseconds int

	// MemoryLimitInBytes sets the maximum memory the process can use (Linux only).
	// If exceeded, the process will be killed and an error will be returned.
	// Defaults to 2GB. Set to 0 to disable memory limiting.
	MemoryLimitInBytes int64

	// ShouldUsePty controls whether the executable's standard streams should be set to PTY instead of pipes.
	ShouldUsePty bool

	// WorkingDir can be set before calling Start or Run to customize the working directory of the executable.
	WorkingDir string

	// Process is the os.Process object for the executable.
	// TODO: See if this actually needs to be exported?
	Process *os.Process
	// contains filtered or unexported fields
}

Executable represents a program that can be executed

func NewExecutable 

func NewExecutable(path string) *Executable

NewExecutable returns an Executable

func NewVerboseExecutable 

func NewVerboseExecutable(path string, loggerFunc func(string)) *Executable

NewVerboseExecutable returns an Executable struct with a logger configured

func (*Executable) Clone 

func (e *Executable) Clone() *Executable

func (*Executable) HasExited 

func (e *Executable) HasExited() bool

func (*Executable) Kill 

func (e *Executable) Kill() error

Kill terminates the program

func (*Executable) Run 

func (e *Executable) Run(args ...string) (ExecutableResult, error)

Run starts the specified command, waits for it to complete and returns the result.

func (*Executable) RunWithStdin 

func (e *Executable) RunWithStdin(stdin []byte, args ...string) (ExecutableResult, error)

RunWithStdin starts the specified command, sends input, waits for it to complete and returns the result.

func (*Executable) SendLine 

func (e *Executable) SendLine(line string) error

SendLine writes a line to the process's stdin (for interactive mode). Automatically appends a newline character.

func (*Executable) Start 

func (e *Executable) Start(args ...string) error

Start starts the specified command but does not wait for it to complete.

func (*Executable) Wait 

func (e *Executable) Wait() (ExecutableResult, error)

Wait waits for the program to finish and returns the result.

func (*Executable) WriteStdin 

func (e *Executable) WriteStdin(data []byte) error

WriteStdin writes data to the process's stdin (for interactive mode). The process must be started with Start() first.

type ExecutableResult 

type ExecutableResult struct {
	Stdout   []byte
	Stderr   []byte
	ExitCode int
	Meta     SandboxMeta // structured metadata; zero value when Sandbox == nil
}

ExecutableResult holds the result of an executable run

type SandboxConfig added in v1.19.0 

type SandboxConfig struct {

	// MaxMemoryBytes limits virtual address space via RLIMIT_AS (set to 3× this value).
	// 0 = unlimited. Recommended for tinyshop: 100MB.
	MaxMemoryBytes int64

	// MaxCPUTime limits cumulative CPU time via RLIMIT_CPU (not wall clock).
	// 0 = unlimited. Recommended for tinyshop: 3s.
	MaxCPUTime time.Duration

	// MaxProcesses limits child process count via RLIMIT_NPROC (includes threads).
	// 0 = unlimited. Recommended for tinyshop: 5 (allows Python internal threads).
	MaxProcesses int

	// MaxFileSize limits single file write size via RLIMIT_FSIZE.
	// 0 = unlimited. Recommended for tinyshop: 10MB.
	MaxFileSize int64

	// MaxOpenFiles limits simultaneously open file descriptors via RLIMIT_NOFILE.
	// 0 = unlimited. Recommended for tinyshop: 32.
	MaxOpenFiles int

	// EnvWhitelist restricts child process environment to only these variables.
	// nil = use v1 blacklist behavior (filter BYTEFORGE_SECRET* only).
	// Recommended for tinyshop: ["LANG", "LC_ALL", "PYTHONIOENCODING", "PATH"]
	EnvWhitelist []string

	// UseTempWorkDir creates a temporary directory, copies WorkingDir content into it,
	// and uses it as the child's cwd. Cleaned up after evaluation.
	UseTempWorkDir bool

	// SeccompProfile selects a preset syscall filter policy.
	SeccompProfile SeccompProfile

	// NoNewPrivs calls prctl(PR_SET_NO_NEW_PRIVS, 1) to prevent setuid privilege escalation.
	// Forced to true when SeccompProfile != SeccompOff.
	NoNewPrivs bool
}

SandboxConfig configures a process-level sandbox for the child process. A nil value means no sandbox — v1 behavior is completely unchanged. Linux only; other platforms are no-op (logs a warning on startup).

func DefaultSandboxConfig added in v1.19.0 

func DefaultSandboxConfig() *SandboxConfig

DefaultSandboxConfig returns the recommended defaults for tinyshop script-runner courses. All values can be individually overridden after construction. 

MaxMemoryBytes:  100MB (RLIMIT_AS safeguard + RSS polling)
MaxCPUTime:      3s (RLIMIT_CPU kernel safeguard)
MaxProcesses:    5 (allows Python internal threads, blocks fork bombs)
MaxFileSize:     10MB
MaxOpenFiles:    32
EnvWhitelist:    [LANG, LC_ALL, PYTHONIOENCODING, PATH]
UseTempWorkDir:  true
SeccompProfile:  SeccompScriptRunner
NoNewPrivs:      true

type SandboxMeta added in v1.19.0 

type SandboxMeta struct {
	// Trigger identifies what caused process termination.
	Trigger SandboxTrigger

	// CPUTime is the cumulative CPU time used.
	CPUTime time.Duration

	// WallTime is the wall-clock elapsed time.
	WallTime time.Duration

	// MaxRSSKB is the peak physical memory in KB (from /proc polling max).
	MaxRSSKB int64

	// Message is a human-friendly description for the student.
	Message string
}

SandboxMeta records structured metadata about a sandboxed execution, separated from the student's stdout/stderr. Zero value when Sandbox == nil (v1 behavior unchanged).

type SandboxTrigger added in v1.19.0 

type SandboxTrigger int

SandboxTrigger identifies the source of process termination. Zero value = SandboxTriggerNone (student code exited normally). 

const (
	SandboxTriggerNone           SandboxTrigger = iota // student code exited on its own
	SandboxTriggerMemoryExceeded                       // sandbox OOM kill
	SandboxTriggerCPUExceeded                          // RLIMIT_CPU hard limit
	SandboxTriggerTimeout                              // wall clock timeout
	SandboxTriggerSeccomp                              // blocked syscall (seccomp SIGSYS)
	SandboxTriggerForkBlocked                          // RLIMIT_NPROC (fork returned EAGAIN)
	SandboxTriggerFileTooLarge                         // RLIMIT_FSIZE (SIGXFSZ)
	SandboxTriggerOutputExceeded                       // output exceeded maxOutputBytes
)

func (SandboxTrigger) String added in v1.19.0 

func (t SandboxTrigger) String() string

type SeccompProfile added in v1.19.0 

type SeccompProfile int

SeccompProfile is a preset syscall filtering policy. 

const (
	// SeccompOff installs no seccomp filter.
	SeccompOff SeccompProfile = iota

	// SeccompScriptRunner for pure-compute + stdio courses (tinyshop/pyforge):
	//   Blocked: socket / fork / execve / chmod / setuid / ptrace / mount
	//   Allowed: file IO / mmap / clock / Python internal syscalls
	SeccompScriptRunner

	// SeccompCLITester for courses needing FS + fork (TinyGit):
	//   Blocked: socket / setuid / ptrace / mount / reboot
	//   Allowed: fork / exec / fcntl / open / write / most non-network syscalls
	SeccompCLITester
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.