debootstrap访问原始根系统chroot监狱
[英]debootstrap accessing original root system chroot jail
问题描述
I am writing an online coding jude site like spoj.pl and i am creating a jail for compiling and executing the program. 
我正在编写一个像spoj.pl这样的在线编码裘德网站,并且正在创建一个用于编译和执行程序的监狱。 I wrote a script which takes c/c++ source code , compile and run the code. 我编写了一个脚本,该脚本使用c / c ++源代码,编译并运行该代码。 I need to execute this program in a jail created by debootstrap but i have to restrict permissions to my script and allow the binary to read only the - input/output files present in the original /home/ubuntu system. 我需要在由debootstrap创建的监狱中执行此程序,但我必须限制对脚本的权限,并允许二进制文件仅读取原始/ home / ubuntu系统中存在的-输入/输出文件。
Is it possible ? 可能吗 ?
Linux system:
/home/ubuntu:
This folder has
online_judge/scripts.py ...
input_output/input*.txt,output*.txt
/Jail
submissions/code.c
submissions/code.cpp
I need to invoke scripts.py of /home/ubuntu in the jail with restricted jail user ,compile the code and run the binary. 我需要使用受限的监狱用户在监狱中调用/ home / ubuntu的scripts.py,编译代码并运行二进制文件。 The Jail user should never be able to access any of the /home/ubuntu files except input_output/input*txt which i can give then execute permission 监狱用户应该永远不能访问任何/ home / ubuntu文件,但可以给我输入然后执行权限的input_output / input * txt除外
2 个解决方案
解决方案1
0 已采纳 2013-08-11 00:20:42
I need to invoke scripts.py of /home/ubuntu in the jail with restricted jail user,
You said that scripts.py is located in /home/ubuntu/online_judge, which is NOT in the /Jail. 您说过scripts.py位于/ home / ubuntu / online_judge中,而不在/ Jail中。 So, either you have the jail user restricted to /Jail or not. 因此,您将监狱用户限制为/ Jail。 If the restricted jail user should execute online_judge/scripts.py you'd have to make it accessible somewhere under /Jail. 如果受限监狱用户应执行online_judge / scripts.py,则必须使其在/ Jail下的某个位置可访问。
The Jail user should never be able to access any of the /home/ubuntu files except input_output/input*txt which i can give then execute permission
Hardlinks may help, eg "ln /home/ubuntu/online_judge/scripts.py /Jail/scripts.py", now the restricted jail user has access to scripts.py via /Jail/scripts.py. 硬链接可能会有所帮助,例如“ ln /home/ubuntu/online_judge/scripts.py /Jail/scripts.py”,现在受限制的监狱用户可以通过/Jail/scripts.py访问scripts.py。 Be sure to restrict write-access to that file, otherwise s/he would modify both "copies". 确保限制对该文件的写访问,否则他/她将修改两个“副本”。
解决方案2
0 2013-08-11 06:52:44
You need to use debootstrap you can download the necessary compiling toolchains. 您需要使用debootstrap,才能下载必要的编译工具链。 so instead of trying using existing systems toolchain use from debootstrap's provided toolchain or also you can download toolchain via apt-get from the jail inside. 因此,无需尝试使用现有系统的工具链,而可以使用debootstrap提供的工具链,也可以通过apt-get从监狱内下载工具链。 If all fails, then try using scratchbox (www.scratchbox.org), it contains all the compiling toolchain you need also an execution environment. 如果全部失败,请尝试使用草稿箱(www.scratchbox.org),它包含您还需要执行环境的所有编译工具链。 Hope it'll help! 希望对您有所帮助!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.