cjail's Introduction

cjail

Introduction

cjail is a application jail for competitive programming and online judge

Dependencies

You should check your system meets the dependencies before building it.

Linux kernel 3.17+ (4.8+ is recommended)
glibc 2.27+
libseccomp 1.0.1+ (2.0+ is recommended)
CMake 3.0.2+
Criterion 2.3.3 (For running tests only)

Build

cjail use CMake as build system. Install CMake first if you don't have it on your computer.
We suggest you do an out-of-source build

mkdir build
cd build
cmake ..
make

Notes

cjail is currently under development, the library API is unstable. So you should rebuild your application when you update the libcjail. Besides, there might be many bugs unfixed.

Here is a list of the features that are not stable enough:

Under testing:
- Seccomp trace mode
- In-box init process name concealing
- In-box custom devfs mounting
Not tested:
- Seccomp for 32bits programs
- Running on non-x86 machines
Future changing:
- Taskstats sockets
- Mounting

Command line

Usage: cjail [OPTIONS...] [--] PROGRAM... [ARG...]
       cjail --help

  -c, --chroot=PATH             set the root path of the jail
  -d, --workingDir=PATH         change the working directory of the program
  -u, --uid=UID                 set the user of the program
  -g, --gid=GID                 set the group of the program
  -s, --cpuset=SET              set cpu affinity of the program with a list separated by ','
                                each entry should be <CPU> or <CPU>-<CPU>
      --share-net               not to unshare the net namespace while creating the jail
      --cgroup-root=PATH        change cgroup filesystem root path (default: /sys/fs/cgroup)
      --allow-root              allow uid or gid to be 0 (root)
  -q, --quiet                   not to print any message
  -v  --verbose                 print more details
  -h, --help                    show this help

 Resource Limit Options:
  -V, --limit-vss=SIZE          limit the memory space size can be allocated per process (KB)
  -C, --limit-core=SIZE         limit the core file size can be generated (KB)
  -Z, --limit-fsize=SIZE        limit the max file size can be created (KB)
  -P, --limit-proc=NUM          limit the process number in the jail
  -S, --limit-stack=SIZE        limit the stack size of one process (KB)
  -T, --limit-time=SEC          limit the total running time of the jail (sec)
  -M, --limit-rss=SIZE          limit the memory size can be used of the jail (KB)

 I/O Options:
  -i, --file-input=FILE         redirect stdin of the program to the file
  -o, --file-output=FILE        redirect stdout of the program to the file
  -r, --file-err=FILE           redirect stderr of the program to the file
  -I, --fd-input=FD             redirect stdin of the program to the file descriptor
  -O, --fd-output=FD            redirect stdout of the program to the file descriptor
  -R, --fd-err=FD               redirect stderr of the program to the file descriptor
      --preserve-fd             do not close file descriptors greater than 2

 Environment Variables Options:
  -e, --environ=ENV             set the environment variables of the program with a list separated by ';'
                                each entry should be <name>, !<name>, <name>=<value>
                                <name>        : try to inherit the environment variable from the parent process
                                !<name>       : unset the environment variable inheriting from the parent process
                                <name>=<value>: set the environment variable using giving name and value
  -E, --inherit-env             inherit all environment variables from the parent process

 Seccomp Options:
      --seccomp-cfg=FILE        specify seccomp rules to load

Library call

cjail provide a interface to use the jail directly, without the need to call from command line interface. For details, please view the documents generated by Doxygen

doxygen Doxyfile

cjail's People

Contributors

Stargazers

Watchers

cjail's Issues

undeclared identifier during make : PR_SET_MM_ARG_START, PR_SET_MM_ARG_END

cmake ..

-- build type not set, default to release
Build Type: Release
-- Checking for module 'libseccomp'
-- Found libseccomp, version 1.0.1
-- Found Criterion library.
-- Test Enabled.
-- Configuring done
-- Generating done
-- Build files have been written to: /usr/cjail-master/build

make

[ 3%] Building C object src/CMakeFiles/libcjail.dir/init.c.o
/usr/cjail-master/src/init.c: In function ‘setprocname’:
/usr/cjail-master/src/init.c:94:32: error: ‘PR_SET_MM_ARG_START’ undeclared (first use in this function)
ret = prctl(PR_SET_MM, PR_SET_MM_ARG_START, argv, 0, 0) ||
^
/usr/cjail-master/src/init.c:94:32: note: each undeclared identifier is reported only once for each function it appears in
/usr/cjail-master/src/init.c:95:30: error: ‘PR_SET_MM_ARG_END’ undeclared (first use in this function)
prctl(PR_SET_MM, PR_SET_MM_ARG_END, argv + strlen(argv) + 1, 0, 0);
^
/usr/cjail-master/src/init.c: In function ‘child_init’:
/usr/cjail-master/src/init.c:385:9: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
write(ep.resultpipe[1], &result, sizeof(result));
^
make[2]: *** [src/CMakeFiles/libcjail.dir/init.c.o] error 1
make[1]: *** [src/CMakeFiles/libcjail.dir/all] error 2
make: *** [all] error 2

please, your solution...

I don't know why these error ocuur.
my linux kernel version: 3.13.0-117-generic
libseccomp version : 1.0.1

Recommend Projects

leo1003 / cjail Goto Github PK