Skip to content

C
codejail
Commit 5e7ff73c by J. Cliff Dyer
Options

Include TMPDIR in the environment, rather than on the commandline

parent 6b17c33a
Showing with 47 additions and 10 deletions
codejail/jail_code.py
...@@ -179,6 +179,7 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None, ...@@ -179,6 +179,7 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None,
os.chmod(tmptmp, 0777) os.chmod(tmptmp, 0777)
argv = argv or [] argv = argv or []
env = {'TMPDIR': 'tmp'}
# All the supporting files are copied into our directory. # All the supporting files are copied into our directory.
for filename in files or (): for filename in files or ():
...@@ -209,11 +210,9 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None, ...@@ -209,11 +210,9 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None,
user = COMMANDS[command]['user'] user = COMMANDS[command]['user']
if user: if user:
# Run as the specified user # Run as the specified user
cmd.extend(['sudo', '-u', user]) cmd.extend(['sudo', '-u', user, 'TMPDIR=tmp'])
rm_cmd.extend(['sudo', '-u', user]) rm_cmd.extend(['sudo', '-u', user])
# Point TMPDIR at our temp directory.
cmd.extend(['TMPDIR=tmp'])
# Start with the command line dictated by "python" or whatever. # Start with the command line dictated by "python" or whatever.
cmd.extend(COMMANDS[command]['cmdline_start']) cmd.extend(COMMANDS[command]['cmdline_start'])
...@@ -232,7 +231,7 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None, ...@@ -232,7 +231,7 @@ def jail_code(command, code=None, files=None, extra_files=None, argv=None,
# Run the subprocess. # Run the subprocess.
status, stdout, stderr = run_subprocess_fn( status, stdout, stderr = run_subprocess_fn(
cmd=cmd, cwd=homedir, env={}, slug=slug, cmd=cmd, cwd=homedir, env=env, slug=slug,
stdin=stdin, stdin=stdin,
realtime=LIMITS["REALTIME"], rlimits=create_rlimits(), realtime=LIMITS["REALTIME"], rlimits=create_rlimits(),
) )
......
codejail/tests/helpers.py 0 → 100644
"""
Helper code to facilitate testing
"""
from contextlib import contextmanager
from codejail import jail_code
SAME = object()
@contextmanager
def override_configuration(command, bin_path, user):
"""
Context manager to temporarily alter the configuration of a codejail
command.
"""
old = jail_code.COMMANDS.get(command)
if bin_path is SAME:
bin_path = old['cmdline_start'][0]
if user is SAME:
user = old['user']
try:
jail_code.configure(command, bin_path, user)
yield
finally:
if old is None:
del jail_code.COMMANDS[command]
else:
jail_code.COMMANDS[command] = old
codejail/tests/test_jail_code.py
"""Test jail_code.py""" """Test jail_code.py"""
import json
import logging import logging
import os import os
import os.path import os.path
import shutil import shutil
import signal import signal
import textwrap import sys
import tempfile import tempfile
import textwrap
import time import time
import unittest import unittest
...@@ -16,6 +16,7 @@ from nose.plugins.skip import SkipTest ...@@ -16,6 +16,7 @@ from nose.plugins.skip import SkipTest
from codejail.jail_code import jail_code, is_configured, set_limit, LIMITS from codejail.jail_code import jail_code, is_configured, set_limit, LIMITS
from codejail import proxy from codejail import proxy
from . import helpers
def jailpy(code=None, *args, **kwargs): def jailpy(code=None, *args, **kwargs):
...@@ -44,8 +45,8 @@ def text_of_logs(mock_calls): ...@@ -44,8 +45,8 @@ def text_of_logs(mock_calls):
""" """
text = "" text = ""
for m in mock_calls: for call in mock_calls:
level, msg, args = m[1] level, msg, args = call[1]
msg_formatted = msg % args msg_formatted = msg % args
text += "%s: %s\n" % (logging.getLevelName(level), msg_formatted) text += "%s: %s\n" % (logging.getLevelName(level), msg_formatted)
return text return text
...@@ -74,6 +75,13 @@ class TestFeatures(JailCodeHelpers, unittest.TestCase): ...@@ -74,6 +75,13 @@ class TestFeatures(JailCodeHelpers, unittest.TestCase):
self.assertResultOk(res) self.assertResultOk(res)
self.assertEqual(res.stdout, 'Hello, world!\n') self.assertEqual(res.stdout, 'Hello, world!\n')
def test_hello_world_without_user(self):
# The default jail executable might not grant execute permission to the
# current user, but we know the current python executable does, so use
# that to test userless execution.
with helpers.override_configuration("python", bin_path=sys.executable, user=None):
self.test_hello_world()
def test_argv(self): def test_argv(self):
res = jailpy( res = jailpy(
code="import sys; print ':'.join(sys.argv[1:])", code="import sys; print ':'.join(sys.argv[1:])",
...@@ -227,7 +235,7 @@ class TestFeatures(JailCodeHelpers, unittest.TestCase): ...@@ -227,7 +235,7 @@ class TestFeatures(JailCodeHelpers, unittest.TestCase):
@mock.patch("codejail.subproc.log._log") @mock.patch("codejail.subproc.log._log")
def test_slugs_get_logged(self, log_log): def test_slugs_get_logged(self, log_log):
res = jailpy(code="print 'Hello, world!'", slug="HELLO") jailpy(code="print 'Hello, world!'", slug="HELLO")
log_text = text_of_logs(log_log.mock_calls) log_text = text_of_logs(log_log.mock_calls)
self.assertRegexpMatches(log_text, r"INFO: Executed jailed code HELLO in .*, with PID .*") self.assertRegexpMatches(log_text, r"INFO: Executed jailed code HELLO in .*, with PID .*")
......
pylintrc
...@@ -169,7 +169,7 @@ notes=FIXME,XXX,TODO ...@@ -169,7 +169,7 @@ notes=FIXME,XXX,TODO
[FORMAT] [FORMAT]
# Maximum number of characters on a single line. # Maximum number of characters on a single line.
max-line-length=79 max-line-length=120
# Maximum number of lines in a module # Maximum number of lines in a module
max-module-lines=1000 max-module-lines=1000
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment