From f4d855c9588d4702d72f2f74bba85a49ed33093c Mon Sep 17 00:00:00 2001 From: Roman Pytkov Date: Thu, 6 Nov 2025 12:21:27 +0300 Subject: [PATCH] =?UTF-8?q?=D0=9F=D0=BE=D0=BF=D1=8B=D1=82=D0=BA=D0=B0=20?= =?UTF-8?q?=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82=D1=8C=20ld?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Services/CppCompilationServiceIsolate.cs | 52 +++++++++++++++++-- 1 file changed, 47 insertions(+), 5 deletions(-) diff --git a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs index 72c2ee2..7091d94 100644 --- a/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs +++ b/src/LiquidCode.Tester.Worker/Services/CppCompilationServiceIsolate.cs @@ -161,6 +161,24 @@ public class CppCompilationServiceIsolate : ICompilationService // Run compiler in Isolate // Bind the system toolchain directories read-only so the linker and headers remain reachable + var directoryBindings = new List + { + new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true }, + new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true }, + new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true }, + new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true } + }; + + if (Directory.Exists("/bin")) + { + directoryBindings.Add(new DirectoryBinding { HostPath = "/bin", SandboxPath = "/bin", ReadOnly = true }); + } + + if (Directory.Exists("/usr/local/bin")) + { + directoryBindings.Add(new DirectoryBinding { HostPath = "/usr/local/bin", SandboxPath = "/usr/local/bin", ReadOnly = true }); + } + var isolateResult = await _isolateService.RunAsync(new IsolateRunOptions { BoxId = boxId, @@ -174,12 +192,10 @@ public class CppCompilationServiceIsolate : ICompilationService EnableNetwork = false, StderrFile = stderrFilePath, WorkingDirectory = "/box", - DirectoryBindings = new List + DirectoryBindings = directoryBindings, + EnvironmentVariables = new Dictionary { - new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true }, - new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true }, - new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true }, - new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true } + ["PATH"] = GetSandboxPath() } }); @@ -296,6 +312,32 @@ public class CppCompilationServiceIsolate : ICompilationService } } + private static string GetSandboxPath() + { + var defaultPaths = new[] { "/usr/local/bin", "/usr/bin", "/bin" }; + var hostPath = Environment.GetEnvironmentVariable("PATH"); + + if (string.IsNullOrWhiteSpace(hostPath)) + { + return string.Join(':', defaultPaths); + } + + var segments = hostPath + .Split(':', StringSplitOptions.RemoveEmptyEntries) + .Where(path => path.StartsWith("/usr", StringComparison.Ordinal) || path.StartsWith("/bin", StringComparison.Ordinal)) + .ToList(); + + foreach (var defaultPath in defaultPaths) + { + if (!segments.Contains(defaultPath)) + { + segments.Add(defaultPath); + } + } + + return segments.Count == 0 ? string.Join(':', defaultPaths) : string.Join(':', segments); + } + private (string compiler, List compilerFlags) ResolveVersion(string? version) { var defaultCompiler = _configuration["Cpp:Compiler"] ?? "g++";