diff --git a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs index 72c2ee2..7091d94 100644 --- a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs +++ b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs @@ -161,6 +161,24 @@ public class CppCompilationServiceIsolate : ICompilationService // Run compiler in Isolate // Bind the system toolchain directories read-only so the linker and headers remain reachable + var directoryBindings = new List + { + new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true }, + new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true }, + new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true }, + new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true } + }; + + if (Directory.Exists("/bin")) + { + directoryBindings.Add(new DirectoryBinding { HostPath = "/bin", SandboxPath = "/bin", ReadOnly = true }); + } + + if (Directory.Exists("/usr/local/bin")) + { + directoryBindings.Add(new DirectoryBinding { HostPath = "/usr/local/bin", SandboxPath = "/usr/local/bin", ReadOnly = true }); + } + var isolateResult = await _isolateService.RunAsync(new IsolateRunOptions { BoxId = boxId, @@ -174,12 +192,10 @@ public class CppCompilationServiceIsolate : ICompilationService EnableNetwork = false, StderrFile = stderrFilePath, WorkingDirectory = "/box", - DirectoryBindings = new List + DirectoryBindings = directoryBindings, + EnvironmentVariables = new Dictionary { - new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true }, - new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true }, - new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true }, - new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true } + ["PATH"] = GetSandboxPath() } }); @@ -296,6 +312,32 @@ public class CppCompilationServiceIsolate : ICompilationService } } + private static string GetSandboxPath() + { + var defaultPaths = new[] { "/usr/local/bin", "/usr/bin", "/bin" }; + var hostPath = Environment.GetEnvironmentVariable("PATH"); + + if (string.IsNullOrWhiteSpace(hostPath)) + { + return string.Join(':', defaultPaths); + } + + var segments = hostPath + .Split(':', StringSplitOptions.RemoveEmptyEntries) + .Where(path => path.StartsWith("/usr", StringComparison.Ordinal) || path.StartsWith("/bin", StringComparison.Ordinal)) + .ToList(); + + foreach (var defaultPath in defaultPaths) + { + if (!segments.Contains(defaultPath)) + { + segments.Add(defaultPath); + } + } + + return segments.Count == 0 ? string.Join(':', defaultPaths) : string.Join(':', segments); + } + private (string compiler, List compilerFlags) ResolveVersion(string? version) { var defaultCompiler = _configuration["Cpp:Compiler"] ?? "g++";