search

langgenius / dify-sandbox

A lightweight, fast, and secure code execution environment that supports multiple programming languages
https://docs.dify.ai/development/backend/sandbox
Apache License 2.0
434 stars 97 forks source link

already added the missing syscalls in /internal/static/python_syscall/syscalls_amd64.go but main.go still fails #77

Open imdevopx opened 2 months ago

imdevopx commented 2 months ago 
go run cmd/test/syscall_dig/main.go
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)
failed with signal: bad system call (core dumped)

Following syscalls are required: 1,3,11,13,14,15,28,35,39,60,105,106,131,202,231,233,234,281

here's my syscalls_amd64.go:

//go:build linux && amd64

package python_syscall

import "syscall"

const (
    SYS_GETRANDOM                  = 318
    SYS_RSEQ                               = 334
    SYS_SENDMMSG                   = 307
    SYS_FSTAT                              = 5
    SYS_WRITE                             = 1
    SYS_CLOSE                             = 3
)

var ALLOW_SYSCALLS = []int{
    // file io
    syscall.SYS_NEWFSTATAT, syscall.SYS_IOCTL, syscall.SYS_LSEEK, syscall.SYS_GETDENTS64,
    syscall.SYS_WRITE, syscall.SYS_CLOSE, syscall.SYS_OPENAT, syscall.SYS_READ,
    // thread
    syscall.SYS_FUTEX,
    // memory
    syscall.SYS_MMAP, syscall.SYS_BRK, syscall.SYS_MPROTECT, syscall.SYS_MUNMAP, syscall.SYS_RT_SIGRETURN,
    syscall.SYS_MREMAP,

    // user/group
    syscall.SYS_SETUID, syscall.SYS_SETGID, syscall.SYS_GETUID,
    // process
    syscall.SYS_GETPID, syscall.SYS_GETPPID, syscall.SYS_GETTID,
    syscall.SYS_EXIT, syscall.SYS_EXIT_GROUP,
    syscall.SYS_TGKILL, syscall.SYS_RT_SIGACTION, syscall.SYS_IOCTL,
    syscall.SYS_SCHED_YIELD,
    syscall.SYS_SET_ROBUST_LIST, syscall.SYS_GET_ROBUST_LIST, SYS_RSEQ,

    // time
    syscall.SYS_CLOCK_GETTIME, syscall.SYS_GETTIMEOFDAY, syscall.SYS_NANOSLEEP,
    syscall.SYS_EPOLL_CREATE1,
    syscall.SYS_EPOLL_CTL, syscall.SYS_CLOCK_NANOSLEEP, syscall.SYS_PSELECT6,
    syscall.SYS_TIME,

    // run numpy required
    syscall.SYS_FSTAT, syscall.SYS_PREAD64, syscall.SYS_MADVISE, syscall.SYS_UNAME,
    syscall.SYS_SCHED_GETAFFINITY, syscall.SYS_MBIND, syscall.SYS_EPOLL_PWAIT, 435,

    // Add missing syscalls
    1, 3, 11, 13, 14, 15, 28, 35, 39, 60, 105, 106, 131, 202, 231, 233, 234, 281, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499,

    syscall.SYS_RT_SIGPROCMASK, syscall.SYS_SIGALTSTACK, SYS_GETRANDOM,
}

var ALLOW_ERROR_SYSCALLS = []int{
    syscall.SYS_CLONE,
}

var ALLOW_NETWORK_SYSCALLS = []int{
    syscall.SYS_SOCKET, syscall.SYS_CONNECT, syscall.SYS_BIND, syscall.SYS_LISTEN, syscall.SYS_ACCEPT, syscall.SYS_SENDTO, syscall.SYS_RECVFROM,
    syscall.SYS_GETSOCKNAME, syscall.SYS_RECVMSG, syscall.SYS_GETPEERNAME, syscall.SYS_SETSOCKOPT, syscall.SYS_PPOLL, syscall.SYS_UNAME,
    syscall.SYS_SENDMSG, SYS_SENDMMSG, syscall.SYS_GETSOCKOPT,
    syscall.SYS_FSTAT, syscall.SYS_FCNTL, syscall.SYS_FSTATFS, syscall.SYS_POLL, syscall.SYS_EPOLL_PWAIT,
}
mvn-phucnguyen-hn commented 2 months ago

@Yeuoly I have the same problem even though I added missing syscalls of pymongo library but it still gives error: failed with signal: bad system call. Please help me answer this question

mvn-phucnguyen-hn commented 2 months ago

Additional: Run connect pymongo.MongoClient(uri) on Dify sandbox UI gives error: operation not permitted

image