search

ioi / isolate

Sandbox for securely executing untrusted programs
Other
1.04k stars 154 forks source link

Unable to access internet inside isolate box even after using --share-net #145

Closed subhtak closed 4 months ago

subhtak commented 4 months ago

Network access is required for Java maven and dot net related programs.

isolate -p --cg --box-id=603 --chdir=JAVA11_MAVEN/src --share-net --run -- /usr/local/apache-maven-3.9.6/bin/mvn clean install

[INFO] Scanning for projects...
[INFO] 
[INFO] --------------------------< tech.ulabs:main >---------------------------
[INFO] Building main 0.1.0
[INFO]   from pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/3.2.0/maven-clean-plugin-3.2.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.219 s
[INFO] Finished at: 2024-02-20T16:19:38Z
[INFO] ------------------------------------------------------------------------
[ERROR] Plugin org.apache.maven.plugins:maven-clean-plugin:3.2.0 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:3.2.0: The following artifacts could not be resolved: org.apache.maven.plugins:maven-clean-plugin:pom:3.2.0 (absent): Could not transfer artifact org.apache.maven.plugins:maven-clean-plugin:pom:3.2.0 from/to central (https://repo.maven.apache.org/maven2): repo.maven.apache.org: Temporary failure in name resolution: Unknown host repo.maven.apache.org: Temporary failure in name resolution

Tried doing wget and even that didn't work.

isolate -p --cg --box-id=818 --chdir=JAVA11_MAVEN/src --share-net --run -- /usr/bin/wget http://ftp.gnu.org/gnu/wget/wget2-2.0.0.tar.gz

ERROR: could not open HSTS store. HSTS will be disabled.
--2024-02-20 20:05:24--  http://ftp.gnu.org/gnu/wget/wget2-2.0.0.tar.gz
Resolving ftp.gnu.org (ftp.gnu.org)... failed: Temporary failure in name resolution.
wget: unable to resolve host address 'ftp.gnu.org'

Operating System: Ubuntu 23.04
Kernel: Linux 6.2.0-39-generic Architecture: x86-64

Any help will be much appreciated.

gollux commented 4 months ago

Try checking your /etc/resolv.conf. What name servers does it refer to?

subhtak commented 4 months ago

I updated the content of /etc/resolv.conf with the below lines. It didn't work. I disabled ubuntu farewall also. nameserver 8.8.4.4 nameserver 1.1.1.1 nameserver 8.8.8.8 options edns0 trust-ad search .

gollux commented 4 months ago

Is /etc/resolv.conf a real file and not a symlink? What does cat /etc/resolv.conf do inside the sandbox?

subhtak commented 4 months ago

The issue has been resolved! /etc/resolv.conf was a symbolic link of /run/systemd/resolve/stub-resolv.conf I needed to bind both /etc and /run/systemd/resolve/ with read-write access and it worked.

isolate --dir=/etc/:rw --dir=/run/systemd/resolve/:rw --dir=/usr/bin --box-id=586 --share-net --run /usr/bin/node nettest.js