Documentation
¶
Overview ¶
Package envexec provides utility function to run program in restricted environments through container and cgroup.
Cmd ¶
Cmd defines single program to run, including copyin files before exec, run the program and copy out files after exec
Single ¶
Single defines single Cmd with Environment and Cgroup Pool ¶
Group ¶
Group defines multiple Cmd with Environment and Cgroup Pool, together with Pipe mapping between different Cmd
Index ¶
- func FileToReader(f File) (io.ReadCloser, error)
- type Cmd
- type CmdCopyOutFile
- type Environment
- type ExecveParam
- type File
- type FileCollector
- type FileError
- type FileErrorType
- type FileInput
- type FileOpened
- type FileReader
- type FileWriter
- type Group
- type Limit
- type NewStoreFile
- type Pipe
- type PipeIndex
- type Process
- type ReaderTTY
- type Result
- type RunnerResult
- type Single
- type Size
- type Status
- type Usage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FileToReader ¶ added in v1.1.0
func FileToReader(f File) (io.ReadCloser, error)
FileToReader get a Reader from underlying file the reader need to be closed by caller explicitly
Types ¶
type Cmd ¶
type Cmd struct {
Environment Environment
// file contents to copyin before exec
CopyIn map[string]File
// symbolic link to be created before exec
SymLinks map[string]string
// exec argument, environment
Args []string
Env []string
// Files for the executing command
Files []File
TTY bool // use pty as input / output
// resource limits
TimeLimit time.Duration
MemoryLimit Size
StackLimit Size
ExtraMemoryLimit Size
OutputLimit Size
ProcLimit uint64
OpenFileLimit uint64
CPURateLimit uint64
CPUSetLimit string
// Waiter is called after cmd starts and it should return
// once time limit exceeded.
// return true to as TLE and false as normal exits (context finished)
Waiter func(context.Context, Process) bool
// file names to copyout after exec
CopyOut []CmdCopyOutFile
CopyOutMax Size // file size limit
// CopyOutDir specifies a dir to dump all /w contnet
CopyOutDir string
// additional memory option
AddressSpaceLimit bool
DataSegmentLimit bool
}
Cmd defines instruction to run a program in container environment
type CmdCopyOutFile ¶ added in v1.2.0
type CmdCopyOutFile struct {
Name string // Name is the file out to copyOut
Optional bool // Optional ignores the file if not exists
}
CmdCopyOutFile defines the file to be copy out after cmd execution
type Environment ¶
type Environment interface {
Execve(context.Context, ExecveParam) (Process, error)
WorkDir() *os.File // WorkDir returns opened work directory, should not close after
// Open open file at work dir with given relative path and flags
Open(path string, flags int, perm os.FileMode) (*os.File, error)
// Make dir creates directory inside the container
MkdirAll(path string, perm os.FileMode) error
// Make symbolic link for a file / directory
Symlink(oldName, newName string) error
}
Environment defines the interface to access container execution environment
type ExecveParam ¶
type ExecveParam struct {
// Args holds command line arguments
Args []string
// Env specifies the environment of the process
Env []string
// Files specifies file descriptors for the child process
Files []uintptr
// ExecFile specifies file descriptor for executable file using fexecve
ExecFile uintptr
// TTY specifies whether to use TTY
TTY bool
// Process Limitations
Limit Limit
}
ExecveParam is parameters to run process inside environment
type File ¶ added in v1.1.0
type File interface {
// contains filtered or unexported methods
}
File defines interface of envexec files
func NewFileCollector ¶ added in v1.3.1
NewFileCollector creates file output which will be collected through pipe
func NewFileInput ¶ added in v1.1.0
NewFileInput creates file input which will be opened in read-only mode
func NewFileOpened ¶ added in v1.1.0
NewFileOpened creates file that contains already opened file and it will be closed
func NewFileReader ¶ added in v1.1.0
NewFileReader creates File input which can be fully read before exec or piped into exec
type FileCollector ¶ added in v1.3.1
FileCollector represent pipe output which will be collected through pipe
type FileError ¶ added in v1.3.2
type FileError struct {
Name string `json:"name"`
Type FileErrorType `json:"type"`
Message string `json:"message,omitempty"`
}
type FileErrorType ¶ added in v1.3.2
type FileErrorType int
const ( ErrCopyInOpenFile FileErrorType = iota ErrCopyInCreateDir ErrCopyInCreateFile ErrCopyInCopyContent ErrCopyOutOpen ErrCopyOutNotRegularFile ErrCopyOutSizeExceeded ErrCopyOutCreateFile ErrCopyOutCopyContent ErrCollectSizeExceeded ErrSymlink )
func (FileErrorType) MarshalJSON ¶ added in v1.3.2
func (t FileErrorType) MarshalJSON() ([]byte, error)
func (FileErrorType) String ¶ added in v1.3.2
func (t FileErrorType) String() string
func (*FileErrorType) UnmarshalJSON ¶ added in v1.3.2
func (t *FileErrorType) UnmarshalJSON(b []byte) error
type FileInput ¶ added in v1.1.0
type FileInput struct {
Path string
}
FileInput represent file input which will be opened in read-only mode
type FileOpened ¶ added in v1.1.0
FileOpened represent file that is already opened
type FileReader ¶ added in v1.1.0
FileReader represent file input which can be fully read before exec or piped into exec
type FileWriter ¶ added in v1.1.0
FileWriter represent pipe output which will be piped out from exec
type Group ¶
type Group struct {
// Cmd defines Cmd running in parallel in multiple environments
Cmd []*Cmd
// Pipes defines the potential mapping between Cmd.
// ensure nil is used as placeholder in correspond cmd
Pipes []Pipe
// NewStoreFile defines interface to create stored file
NewStoreFile NewStoreFile
}
Group defines the running instruction to run multiple exec in parallel restricted within cgroup
type Limit ¶
type Limit struct {
Time time.Duration // Time limit
Memory Size // Memory limit
Proc uint64 // Process count limit
Stack Size // Stack limit
Output Size // Output limit
Rate uint64 // CPU Rate limit
OpenFile uint64 // Number of open files
CPUSet string // CPU set limit
DataSegment bool // Use stricter memory limit (e.g. rlimit)
AddressSpace bool // rlimit address space
}
Limit defines the process running resource limits
type NewStoreFile ¶ added in v1.3.0
NewStoreFile creates a new file in storage
type Pipe ¶
type Pipe struct {
// In, Out defines the pipe input source and output destination
In, Out PipeIndex
// Name defines copy out entry name if it is not empty and proxy is enabled
Name string
// Limit defines maximun bytes copy out from proxy and proxy will still
// copy data after limit exceeded
Limit Size
// Proxy creates 2 pipe and connects them by copying data
Proxy bool
}
Pipe defines the pipe between parallel Cmd
type Process ¶
type Process interface {
Done() <-chan struct{} // Done returns a channel for wait process to exit
Result() RunnerResult // Result wait until done and returns RunnerResult
Usage() Usage // Usage retrieves the process usage during the run time
}
Process reference to the running process group
type ReaderTTY ¶ added in v1.1.0
ReaderTTY will be asserts when File Reader is provided and TTY is enabled and then TTY will be called with pty file
type Result ¶
type Result struct {
Status Status
ExitStatus int
Error string // error
Time time.Duration
RunTime time.Duration
Memory Size // byte
// Files stores copy out files
Files map[string]*os.File
// FileError stores file errors details
FileError []FileError
}
Result defines the running result for single Cmd
type Single ¶
type Single struct {
// Cmd defines Cmd running in parallel in multiple environments
Cmd *Cmd
// NewStoreFile defines interface to create stored file
NewStoreFile NewStoreFile
}
Single defines the running instruction to run single exec in restricted within cgroup
type Status ¶
type Status int
Status defines run task Status return status
const ( // not initialized status (as error) StatusInvalid Status = iota // exit normally StatusAccepted StatusWrongAnswer StatusPartiallyCorrect // exit with error StatusMemoryLimitExceeded // MLE StatusTimeLimitExceeded // TLE StatusOutputLimitExceeded // OLE StatusFileError // FE StatusNonzeroExitStatus // NZS StatusSignalled // SIG StatusDangerousSyscall // DJS // SPJ / interactor error StatusJudgementFailed StatusInvalidInteraction // interactor signals error // internal error including: cgroup init failed, container failed, etc StatusInternalError )
Defines run task Status result status
func StringToStatus ¶ added in v1.1.7
StringToStatus convert string to Status
Source Files