Restrict CRUD of files #242
Description
Hey,
I'm creating an online IDE platform which allows people to write code and get it compiled online. I've deployed my system on an Amazon EC2 instance. I've deployed the production build (V 1.12.0) of the Judge0 docker image on the same EC2 instance.
However I wrote a C++ program to create a file and read the file. It was successful.
Is there any way to restrict file creation related operations in particular ?
I'm attaching the logs for reference.
Thank you.
[2020-11-27T11:59:29+00:00] Compiling submission 3f1dbc41-0637-440c-8c6d-19cde32667c0 (1030):
isolate --cg -s -b 1030 -M /var/local/lib/isolate/1030/metadata.txt --stderr-to-stdout -i /dev/null -t 15.0 -x 0 -w 20.0 -k 128000 -p120 --cg-timing --cg-mem=512000 -f 4096 -E HOME=/tmp -E PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -E LANG -E LANGUAGE -E LC_ALL -E JUDGE0_HOMEPAGE -E JUDGE0_SOURCE_CODE -E JUDGE0_MAINTAINER -E JUDGE0_VERSION -d /etc:noexec --run -- /bin/bash compile > /var/local/lib/isolate/1030/compile_output.txt
[2020-11-27T11:59:29+00:00] Running submission 3f1dbc41-0637-440c-8c6d-19cde32667c0 (1030):
isolate --cg -s -b 1030 -M /var/local/lib/isolate/1030/metadata.txt -t 5.0 -x 1.0 -w 10.0 -k 64000 -p60 --cg-timing --cg-mem=128000 -f 1024 -E HOME=/tmp -E PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -E LANG -E LANGUAGE -E LC_ALL -E JUDGE0_HOMEPAGE -E JUDGE0_SOURCE_CODE -E JUDGE0_MAINTAINER -E JUDGE0_VERSION -d /etc:noexec --run -- /bin/bash run < /var/local/lib/isolate/1030/stdin.txt > /var/local/lib/isolate/1030/stdout.txt 2> /var/local/lib/isolate/1030/stderr.txt
D, [2020-11-27T11:59:29.750179 #16883] DEBUG -- : [ActiveJob] [IsolateJob] [89647fe7-7e10-48af-930b-f22b7d53ccb3] (0.3ms) BEGIN
D, [2020-11-27T11:59:29.752563 #16883] DEBUG -- : [ActiveJob] [IsolateJob] [89647fe7-7e10-48af-930b-f22b7d53ccb3] Submission Update (0.5ms) UPDATE "submissions" SET "status_id" = $1, "stdout" = $2, "finished_at" = $3, "time" = $4, "memory" = $5, "exit_code" = $6, "wall_time" = $7 WHERE "submissions"."id" = $8 [["status_id", 3], ["stdout", "RmlsZSBJTyBpcyBzdWNjZXNzZnVsbApOZXcgbGluZSA6IFdyaXRpbmcgdGhp\ncyB0byBhIGZpbGUuCg==\n"], ["finished_at", "2020-11-27 11:59:29.709484"], ["time", "0.003"], ["memory", 1132], ["exit_code", 0], ["wall_time", "0.003"], ["id", 1030]]
D, [2020-11-27T11:59:29.754373 #16883] DEBUG -- : [ActiveJob] [IsolateJob] [89647fe7-7e10-48af-930b-f22b7d53ccb3] (1.4ms) COMMIT
I, [2020-11-27T11:59:29.754667 #16883] INFO -- : [ActiveJob] [IsolateJob] [89647fe7-7e10-48af-930b-f22b7d53ccb3] Performed IsolateJob (Job ID: 89647fe7-7e10-48af-930b-f22b7d53ccb3) from Resque(1.12.0) in 686.93ms