Cleanup ownership of /box on error

[Neloop]

Hi, we are using isolate as a sandbox and sometimes we need to directly execute user-provided scripts, the problem arises when the user script is not in right format (might be caused for example by CRLF line endings), isolate will fail on this with exit code 2, which if I understood correctly, is for internal errors. Stderr might look like this: execve("/box/exec.sh"): Exec format error. The main problem is, if an internal error of isolate happens, cleanup of ownership on /box folder is not performed which is causing us to fail to access it due to permission denied error.

Our flow is following:

• we initialize isolate
• move our evaluation folder to the created box
• run isolate
• move box folder back to its original place
• cleanup of isolate

Final moving should be done even on errors. We have evaluation tree of tasks and every one of them belong to certain test folder, which means different branches might be evaluated in the same folder, which is problem if moving back fails. For now we halt whole evaluation if this situation occurs, but if this is caused by user input, it should not be able to stop the whole thing, because other parts of execution might be ok and successfully executable.

Is there any chance of detecting this kind of user error in isolate and reporting it differently, or setting back ownership of /box folder even on internal errors?

[gollux]

Hi!

This looks like a bug. Internally, we treat execve failure as an internal error. From a quick look, it does not make much sense – execve usually fails because of a problem with the sandboxed program.

I will fix it.

[Neloop]

Hi, any update on this?

[Neloop]

Hello, it has been a year since the creation of this issue, will it be fixed?

[Litarvan]

Any update? I'm having this issue too