search

ioi / isolate

Sandbox for securely executing untrusted programs
Other
1.1k stars 161 forks source link

chown: cannot access /var/local/lib/isolate/XX/box': No such file or directory #157

Closed raviprakash007 closed 5 months ago

raviprakash007 commented 5 months ago

isolate --cg -s -b 32 -M /var/local/lib/isolate/32/metadata.txt --stderr-to-stdout -i /dev/null -t 15.0 -x 0 -w 20.0 -k 128000 -p120 --cg-mem=512000 -f 4096 -E HOME=/tmp -E PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -d /etc:noexec --run -- /bin/bash $(basename /var/local/lib/isolate/32/box/compile.sh) > /var/local/lib/isolate/32/compile_output.txt

chown: cannot access '/var/local/lib/isolate/32/box': No such file or directory

[2024-04-14T01:46:30+00:00] Compiling submission 51e27c5a-e8f4-4524-bbb6-9ead6941e3cb (33): isolate --cg -s -b 33 -M /var/local/lib/isolate/33/metadata.txt --stderr-to-stdout -i /dev/null -t 15.0 -x 0 -w 20.0 -k 128000 -p120 --cg-mem=512000 -f 4096 -E HOME=/tmp -E PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -d /etc:noexec --run -- /bin/bash $(basename /var/local/lib/isolate/33/box/compile.sh) > /var/local/lib/isolate/33/compile_output.txt

chown: cannot access '/var/local/lib/isolate/33/box': No such file or directory

=============== In the second terminal, I checked the isolate folder.

root@workers-74fcff777b-8nwjl:/var/local/lib/isolate# isolate --init /var/local/lib/isolate/0 root@workers-74fcff777b-8nwjl:/var/local/lib/isolate# ls 0 root@workers-74fcff777b-8nwjl:/var/local/lib/isolate# cd 0 root@workers-74fcff777b-8nwjl:/var/local/lib/isolate/0# ls box

raviprakash007 commented 5 months ago

isolate service is running.

oot@workers-74fcff777b-8nwjl:/var/local/lib/isolate# service isolate status ● isolate.service - A trivial daemon to keep Isolate's control group hierarchy Loaded: loaded (/etc/systemd/system/isolate.service; disabled; vendor preset: enabled) Active: active (running) since Fri 2024-04-12 17:12:12 UTC; 1 day 8h ago Main PID: 81 (isolate-cg-keep) Tasks: 1 (limit: 94371) Memory: 356.0K CPU: 13ms CGroup: /isolate.slice/isolate.service └─daemon └─81 /usr/local/sbin/isolate-cg-keeper

gollux commented 5 months ago

Are you sure that sandbox 33 was initialized? It looks like it wasn't.

Also, putting your own files in /var/local/lib/isolate is not a good idea. This directory belongs to Isolate and its use in future versions can conflict with your use.

raviprakash007 commented 5 months ago

Yes, Sandboxes are getting initialized and then being deleted quickly. I am running isolate command as root. So, all dynamic files are being created with root permissions.

Where should we create temporary files (if not in /var/local/lib/isolate), is there any config related ?

gollux commented 5 months ago

Yes, Sandboxes are getting initialized and then being deleted quickly. I am running isolate command as root. So, all dynamic files are being created with root permissions.

Could you please log all calls to Isolate?

Where should we create temporary files (if not in /var/local/lib/isolate), is there any config related ?

Put your temporary files to your own directory.

raviprakash007 commented 5 months ago

Wait, it seemed to be fixed.

raviprakash007 commented 5 months ago

Fixed, The folders were dramatically deleted by a cron job. Sorry for bothering you guys,