diff options
| -rw-r--r-- | config/snekbox.cfg | 18 | ||||
| -rw-r--r-- | scripts/set_versions.py | 23 | ||||
| -rw-r--r-- | snekbox/nsjail.py | 7 |
3 files changed, 5 insertions, 43 deletions
diff --git a/config/snekbox.cfg b/config/snekbox.cfg index f10fa5d..7007a13 100644 --- a/config/snekbox.cfg +++ b/config/snekbox.cfg @@ -98,24 +98,6 @@ mount { rw: false } -# THE FOLLOWING SECTION IS AUTOGENERATED, DO NOT MODIFY BY HAND -# mount-section-key -mount { - src: "/usr/local/bin/python3.10" - dst: "/usr/local/bin/python3.10" - is_bind: true - rw: false -} - -mount { - src: "/usr/local/bin/python3.11" - dst: "/usr/local/bin/python3.11" - is_bind: true - rw: false -} -# mount-section-key-end -# END AUTOGENERATED SECTION - cgroup_mem_max: 52428800 cgroup_mem_swap_max: 0 cgroup_mem_mount: "/sys/fs/cgroup/memory" diff --git a/scripts/set_versions.py b/scripts/set_versions.py index f98c52c..fb33dc1 100644 --- a/scripts/set_versions.py +++ b/scripts/set_versions.py @@ -1,6 +1,5 @@ """Generate a Dockerfile from in.Dockerfile and a version JSON file, and write version info.""" -import re from pathlib import Path from textwrap import dedent @@ -8,28 +7,14 @@ from scripts import python_version DOCKERFILE_TEMPLATE = Path("scripts/in.Dockerfile").read_text("utf-8") DOCKERFILE = Path("Dockerfile") -JAIL_CONFIG = Path("config/snekbox.cfg") versions, main_version = python_version.get_all_versions() # Download and copy multiple python images into one layer python_build = "" -jail_mounts = "" previous_layer = "first" for version in versions: - # Configure NSJail mounts - jail_mounts += dedent( - f""" - mount {{ - src: "/usr/local/bin/python{version.version_name}" - dst: "/usr/local/bin/python{version.version_name}" - is_bind: true - rw: false - }} - """ - ) - if version.is_main: # Main is handled separately later continue @@ -48,14 +33,6 @@ for version in versions: # its files aren't overwritten, and once at the end which actually makes use of the version python_build = f"FROM python:{main_version.image_tag} as base-first\n" + python_build -# Update mounts for python binaries in the NSJail config -new_config = re.sub( - r"(?<=# mount-section-key)[\s\S]+(?=# mount-section-key-end)", - jail_mounts, - JAIL_CONFIG.read_text("utf-8"), -) -JAIL_CONFIG.write_text(new_config, "utf-8") - # Write new dockerfile DOCKERFILE.write_text( "# THIS FILE IS AUTOGENERATED, DO NOT MODIFY! #\n" diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index d3417b4..d367482 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -212,6 +212,11 @@ class NsJail: # Mount `home` with Read/Write access "--bindmount", f"{fs.home}:home", + # Configure the correct python version + "-E", + f"PYTHONPATH=/snekbox/user_base/lib/python{version.version_name}/site-packages", + "--bindmount_ro", + f"/usr/local/bin/python{version.version_name}", *nsjail_args, ) @@ -221,8 +226,6 @@ class NsJail: self.config_path, "--log", nsj_log.name, - "-E", - f"PYTHONPATH=/snekbox/user_base/lib/python{version.version_name}/site-packages", *nsjail_args, "--", f"/usr/local/bin/python{version.version_name}", |