Попытка добавить ld
All checks were successful
Build and Push Docker Images / build (src/LiquidCode.Tester.Gateway/Dockerfile, git.nullptr.top/liquidcode/liquidcode-tester-gateway-roman, gateway) (push) Successful in 47s
Build and Push Docker Images / build (src/LiquidCode.Tester.Worker/Dockerfile, git.nullptr.top/liquidcode/liquidcode-tester-worker-roman, worker) (push) Successful in 1m2s
All checks were successful
Build and Push Docker Images / build (src/LiquidCode.Tester.Gateway/Dockerfile, git.nullptr.top/liquidcode/liquidcode-tester-gateway-roman, gateway) (push) Successful in 47s
Build and Push Docker Images / build (src/LiquidCode.Tester.Worker/Dockerfile, git.nullptr.top/liquidcode/liquidcode-tester-worker-roman, worker) (push) Successful in 1m2s
This commit is contained in:
@@ -161,6 +161,24 @@ public class CppCompilationServiceIsolate : ICompilationService
|
||||
|
||||
// Run compiler in Isolate
|
||||
// Bind the system toolchain directories read-only so the linker and headers remain reachable
|
||||
var directoryBindings = new List<DirectoryBinding>
|
||||
{
|
||||
new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true },
|
||||
new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true },
|
||||
new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true },
|
||||
new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true }
|
||||
};
|
||||
|
||||
if (Directory.Exists("/bin"))
|
||||
{
|
||||
directoryBindings.Add(new DirectoryBinding { HostPath = "/bin", SandboxPath = "/bin", ReadOnly = true });
|
||||
}
|
||||
|
||||
if (Directory.Exists("/usr/local/bin"))
|
||||
{
|
||||
directoryBindings.Add(new DirectoryBinding { HostPath = "/usr/local/bin", SandboxPath = "/usr/local/bin", ReadOnly = true });
|
||||
}
|
||||
|
||||
var isolateResult = await _isolateService.RunAsync(new IsolateRunOptions
|
||||
{
|
||||
BoxId = boxId,
|
||||
@@ -174,12 +192,10 @@ public class CppCompilationServiceIsolate : ICompilationService
|
||||
EnableNetwork = false,
|
||||
StderrFile = stderrFilePath,
|
||||
WorkingDirectory = "/box",
|
||||
DirectoryBindings = new List<DirectoryBinding>
|
||||
DirectoryBindings = directoryBindings,
|
||||
EnvironmentVariables = new Dictionary<string, string>
|
||||
{
|
||||
new DirectoryBinding { HostPath = "/usr/include", SandboxPath = "/usr/include", ReadOnly = true },
|
||||
new DirectoryBinding { HostPath = "/usr/bin", SandboxPath = "/usr/bin", ReadOnly = true },
|
||||
new DirectoryBinding { HostPath = "/usr/lib", SandboxPath = "/usr/lib", ReadOnly = true },
|
||||
new DirectoryBinding { HostPath = "/lib", SandboxPath = "/lib", ReadOnly = true }
|
||||
["PATH"] = GetSandboxPath()
|
||||
}
|
||||
});
|
||||
|
||||
@@ -296,6 +312,32 @@ public class CppCompilationServiceIsolate : ICompilationService
|
||||
}
|
||||
}
|
||||
|
||||
private static string GetSandboxPath()
|
||||
{
|
||||
var defaultPaths = new[] { "/usr/local/bin", "/usr/bin", "/bin" };
|
||||
var hostPath = Environment.GetEnvironmentVariable("PATH");
|
||||
|
||||
if (string.IsNullOrWhiteSpace(hostPath))
|
||||
{
|
||||
return string.Join(':', defaultPaths);
|
||||
}
|
||||
|
||||
var segments = hostPath
|
||||
.Split(':', StringSplitOptions.RemoveEmptyEntries)
|
||||
.Where(path => path.StartsWith("/usr", StringComparison.Ordinal) || path.StartsWith("/bin", StringComparison.Ordinal))
|
||||
.ToList();
|
||||
|
||||
foreach (var defaultPath in defaultPaths)
|
||||
{
|
||||
if (!segments.Contains(defaultPath))
|
||||
{
|
||||
segments.Add(defaultPath);
|
||||
}
|
||||
}
|
||||
|
||||
return segments.Count == 0 ? string.Join(':', defaultPaths) : string.Join(':', segments);
|
||||
}
|
||||
|
||||
private (string compiler, List<string> compilerFlags) ResolveVersion(string? version)
|
||||
{
|
||||
var defaultCompiler = _configuration["Cpp:Compiler"] ?? "g++";
|
||||
|
||||
Reference in New Issue
Block a user