cafe-grader-judge-scripts

Commit r226:befb327cfa39 public

parent | child
Description:
merge
Commit status:
[Not Reviewed]
References:
merge java
Diff options:
Raw Diff | Patch Diff | Download Diff | Show whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r226:befb327cfa39 - - 3 files changed: 194 inserted, 2 deleted

Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -0,0 +1,179
1 + #!/bin/sh
2 +
3 + echo "This script will install and configure Cafe grader."
4 +
5 + RUBY_VERSION=2.1.2
6 + echo "This will install Ruby $RUBY_VERSION under RVM"
7 +
8 + echo "Installing required apts"
9 +
10 + sudo zypper install \
11 + g++ gcc libmysqlclient18 build-essential \
12 + git-core openssl libreadline6 libreadline6-devel \
13 + zlib1g zlib1g-devel libssl37 libyaml-devel sqlite3-devel \
14 + sqlite3 libxml2-devel libxslt-devel autoconf libc6-devel \
15 + ncurses-devel automake libtool bison subversion \
16 + pkg-config curl nodejs unzip pyflakes java-1_8_0-openjdk \
17 + libmysqld-devel mercurial python-setuptools python-devel
18 +
19 +
20 + echo "Installing Ruby $RUBY_VERSION in RVM"
21 +
22 + rvm install $RUBY_VERSION
23 + rvm use $RUBY_VERSION
24 +
25 + echo "Fetching Cafe Grader from Git repositories"
26 +
27 + echo "Fetching web interface"
28 +
29 + mkdir cafe_grader
30 + cd cafe_grader
31 + #git clone -q git://github.com/jittat/cafe-grader-web.git web
32 + hg clone git+ssh://git@github.com/nattee/cafe-grader-web.git web
33 +
34 + echo "Configuring rails app"
35 +
36 + cp web/config/application.rb.SAMPLE web/config/application.rb
37 + cp web/config/initializers/cafe_grader_config.rb.SAMPLE web/config/initializers/cafe_grader_config.rb
38 +
39 + #replace UTC in application.rb with the system timezone
40 + timezone='UTC'
41 + if [ -f '/etc/timezone' ]; then
42 + timezone=\"`cat /etc/timezone`\"
43 + else
44 + if [ -f '/etc/sysconfig/clock' ]; then
45 + timezone=`grep -e '^TIMEZONE' /etc/sysconfig/clock | grep -o -e '\".*\"'`
46 + fi
47 + fi
48 + replace="s!'UTC'!$timezone!g"
49 + sed -i $replace web/config/application.rb
50 +
51 + echo "At this point we will need MySQL user and database."
52 + echo "Have you created MySQL user and database for Cafe grader? (Y/N) "
53 + read ch
54 +
55 + if [ "$ch" = "n" -o "$ch" = "N" ]
56 + then
57 + echo "Please open another terminal and create the user and database for Cafe grader."
58 + echo "Don't forget to grant access to that database for the user."
59 + echo "Please have username, password, and database name ready before continue."
60 + echo
61 + echo "The following are instructions:"
62 + echo "1. Run mysql:"
63 + echo
64 + echo " mysql -u root -p"
65 + echo
66 + echo " if you have just installed mysql, the root password is the one that you have just entered"
67 + echo "2. Create a new database, a new user, and grant access to grader database:"
68 + echo
69 + echo " create user 'USERNAME'@'localhost' identified by 'PASSWORD';"
70 + echo " create database \`DATABASENEME\`;"
71 + echo " grant all on \`DATABASENAME\`.* to 'USERNAME'@'localhost';"
72 + echo
73 + echo " Replace USERNAME, PASSWORD, and DATABASENAME accordingly."
74 + echo
75 + echo "Hit enter when ready..."
76 + read dummy
77 + fi
78 +
79 + CAFE_PATH=`pwd`
80 +
81 + cd web
82 +
83 + echo "Please provide grader database:"
84 + read database
85 +
86 + echo "Please provide grader username:"
87 + read username
88 +
89 + echo "Please provide $username password:"
90 + read password
91 +
92 + echo "development:" > config/database.yml
93 + echo " adapter: mysql2" >> config/database.yml
94 + echo " encoding: utf8" >> config/database.yml
95 + echo " reconnect: false" >> config/database.yml
96 + echo " database: $database" >> config/database.yml
97 + echo " pool: 5" >> config/database.yml
98 + echo " username: $username" >> config/database.yml
99 + echo " password: $password" >> config/database.yml
100 + echo " host: localhost" >> config/database.yml
101 + echo " socket: /run/mysql/mysql.sock" >> config/database.yml
102 + echo "" >> config/database.yml
103 + echo "production:" >> config/database.yml
104 + echo " adapter: mysql2" >> config/database.yml
105 + echo " encoding: utf8" >> config/database.yml
106 + echo " reconnect: false" >> config/database.yml
107 + echo " database: $database" >> config/database.yml
108 + echo " pool: 5" >> config/database.yml
109 + echo " username: $username" >> config/database.yml
110 + echo " password: $password" >> config/database.yml
111 + echo " host: localhost" >> config/database.yml
112 + echo " socket: /run/mysql/mysql.sock" >> config/database.yml
113 +
114 + echo "Object.instance_eval{remove_const :GRADER_ROOT_DIR}" >> config/initializers/cafe_grader_config.rb
115 + echo "Object.instance_eval{remove_const :GRADING_RESULT_DIR}" >> config/initializers/cafe_grader_config.rb
116 + echo "GRADER_ROOT_DIR = '$CAFE_PATH/judge'" >> config/initializers/cafe_grader_config.rb
117 + echo "GRADING_RESULT_DIR = '$CAFE_PATH/judge/result'" >> config/initializers/cafe_grader_config.rb
118 +
119 + echo "Installing required gems"
120 + gem install bundler
121 + bundle install
122 +
123 + echo "Running rake tasks to initialize database"
124 +
125 + rake db:migrate
126 + rake db:seed
127 +
128 + echo "Running rake tasks to precompile the assets"
129 +
130 + rake assets:precompile
131 +
132 + echo "Intalling web interface complete..."
133 + echo
134 + echo "Fetching grader"
135 +
136 + cd ..
137 +
138 + mkdir judge
139 + cd judge
140 + #git clone -q git://github.com/jittat/cafe-grader-judge-scripts.git scripts
141 + hg clone git+ssh://git@github.com/nattee/cafe-grader-judge-scripts.git scripts
142 + mkdir raw
143 + mkdir ev-exam
144 + mkdir ev
145 + mkdir result
146 + mkdir log
147 +
148 + echo "Configuring grader"
149 +
150 + cp scripts/config/env_exam.rb.SAMPLE scripts/config/env_exam.rb
151 + cp scripts/config/env_grading.rb.SAMPLE scripts/config/env_grading.rb
152 +
153 + # create new environment.rb file
154 + echo "RAILS_ROOT = '$CAFE_PATH/web'" > scripts/config/environment.rb
155 + echo "GRADER_ROOT = '$CAFE_PATH/judge/scripts'" >> scripts/config/environment.rb
156 + echo "require File.join(File.dirname(__FILE__),'../lib/boot')" >> scripts/config/environment.rb
157 + echo "require File.dirname(__FILE__) + \"/env_#{GRADER_ENV}.rb\"" >> scripts/config/environment.rb
158 +
159 + # compiling box
160 + MACHINE_TYPE=`uname -m`
161 + if [ ${MACHINE_TYPE} == 'x86_64' ]; then
162 + gcc -std=c99 -o scripts/std-script/box scripts/std-script/box64-new.c
163 + else
164 + g++ -o scripts/std-script/box scripts/std-script/box.cc
165 + fi
166 +
167 +
168 + cd ..
169 +
170 + echo "Now you are ready to run cafe grader...."
171 + echo
172 + echo "Try:"
173 + echo
174 + echo " cd web"
175 + echo " rails s"
176 + echo
177 + echo "and access web at http://localhost:3000/"
178 + echo "The root username is 'root', its password is 'ioionrails'."
179 +
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,180 +1,181
1 1 #!/bin/sh
2 2
3 3 echo "This script will install and configure Cafe grader."
4 4
5 5 RUBY_VERSION=2.1.2
6 6 echo "This will install Ruby $RUBY_VERSION under RVM"
7 7
8 8 echo "Installing required apts"
9 9
10 10 sudo apt-get update
11 11 sudo apt-get install mysql-server mysql-client \
12 - g++ gcc apache2 libmysqlclient15-dev build-essential \
12 + g++ gcc apache2 libmysqlclient20 build-essential \
13 13 git-core openssl libreadline6 libreadline6-dev \
14 14 zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev \
15 15 sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev \
16 16 ncurses-dev automake libtool bison subversion \
17 - pkg-config curl nodejs unzip pyflakes ruby default-jdk
17 + pkg-config curl nodejs unzip pyflakes ruby default-jdk \
18 + libmysqld-dev mercurial python-setuptools python-dev python3-numpy
18 19
19 20 echo "Installing RVM"
20 21 curl -k -L https://get.rvm.io | bash -s stable
21 22 source ~/.rvm/scripts/rvm
22 23
23 24 echo "Installing Ruby $RUBY_VERSION in RVM"
24 25
25 26 rvm install $RUBY_VERSION
26 27 rvm use $RUBY_VERSION
27 28
28 29 echo "Fetching Cafe Grader from Git repositories"
29 30
30 31 echo "Fetching web interface"
31 32
32 33 mkdir cafe_grader
33 34 cd cafe_grader
34 35 git clone -q git://github.com/jittat/cafe-grader-web.git web
35 36
36 37 echo "Configuring rails app"
37 38
38 39 cp web/config/application.rb.SAMPLE web/config/application.rb
39 40 cp web/config/initializers/cafe_grader_config.rb.SAMPLE web/config/initializers/cafe_grader_config.rb
40 41
41 42 #replace UTC in application.rb with the system timezone
42 43 timezone='UTC'
43 44 if [ -f '/etc/timezone' ]; then
44 45 timezone=\"`cat /etc/timezone`\"
45 46 else
46 47 if [ -f '/etc/sysconfig/clock' ]; then
47 48 timezone=`grep -e '^TIMEZONE' /etc/sysconfig/clock | grep -o -e '\".*\"'`
48 49 fi
49 50 fi
50 51 replace="s!'UTC'!$timezone!g"
51 52 sed -i $replace web/config/application.rb
52 53
53 54 echo "At this point we will need MySQL user and database."
54 55 echo "Have you created MySQL user and database for Cafe grader? (Y/N) "
55 56 read ch
56 57
57 58 if [ "$ch" = "n" -o "$ch" = "N" ]
58 59 then
59 60 echo "Please open another terminal and create the user and database for Cafe grader."
60 61 echo "Don't forget to grant access to that database for the user."
61 62 echo "Please have username, password, and database name ready before continue."
62 63 echo
63 64 echo "The following are instructions:"
64 65 echo "1. Run mysql:"
65 66 echo
66 67 echo " mysql -u root -p"
67 68 echo
68 69 echo " if you have just installed mysql, the root password is the one that you have just entered"
69 70 echo "2. Create a new database, a new user, and grant access to grader database:"
70 71 echo
71 72 echo " create user 'USERNAME'@'localhost' identified by 'PASSWORD';"
72 73 echo " create database \`DATABASENEME\`;"
73 74 echo " grant all on \`DATABASENAME\`.* to 'USERNAME'@'localhost';"
74 75 echo
75 76 echo " Replace USERNAME, PASSWORD, and DATABASENAME accordingly."
76 77 echo
77 78 echo "Hit enter when ready..."
78 79 read dummy
79 80 fi
80 81
81 82 CAFE_PATH=`pwd`
82 83
83 84 cd web
84 85
85 86 echo "Please provide grader database:"
86 87 read database
87 88
88 89 echo "Please provide grader username:"
89 90 read username
90 91
91 92 echo "Please provide $username password:"
92 93 read password
93 94
94 95 echo "development:" > config/database.yml
95 96 echo " adapter: mysql2" >> config/database.yml
96 97 echo " encoding: utf8" >> config/database.yml
97 98 echo " reconnect: false" >> config/database.yml
98 99 echo " database: $database" >> config/database.yml
99 100 echo " pool: 5" >> config/database.yml
100 101 echo " username: $username" >> config/database.yml
101 102 echo " password: $password" >> config/database.yml
102 103 echo " host: localhost" >> config/database.yml
103 104 echo " socket: /var/run/mysqld/mysqld.sock" >> config/database.yml
104 105 echo "" >> config/database.yml
105 106 echo "production:" >> config/database.yml
106 107 echo " adapter: mysql2" >> config/database.yml
107 108 echo " encoding: utf8" >> config/database.yml
108 109 echo " reconnect: false" >> config/database.yml
109 110 echo " database: $database" >> config/database.yml
110 111 echo " pool: 5" >> config/database.yml
111 112 echo " username: $username" >> config/database.yml
112 113 echo " password: $password" >> config/database.yml
113 114 echo " host: localhost" >> config/database.yml
114 115 echo " socket: /var/run/mysqld/mysqld.sock" >> config/database.yml
115 116
116 117 echo "Object.instance_eval{remove_const :GRADER_ROOT_DIR}" >> config/initializers/cafe_grader_config.rb
117 118 echo "Object.instance_eval{remove_const :GRADING_RESULT_DIR}" >> config/initializers/cafe_grader_config.rb
118 119 echo "GRADER_ROOT_DIR = '$CAFE_PATH/judge'" >> config/initializers/cafe_grader_config.rb
119 120 echo "GRADING_RESULT_DIR = '$CAFE_PATH/judge/result'" >> config/initializers/cafe_grader_config.rb
120 121
121 122 echo "Installing required gems"
122 123 gem install bundler
123 124 bundle install
124 125
125 126 echo "Running rake tasks to initialize database"
126 127
127 128 rake db:migrate
128 129 rake db:seed
129 130
130 131 echo "Running rake tasks to precompile the assets"
131 132
132 133 rake assets:precompile
133 134
134 135 echo "Intalling web interface complete..."
135 136 echo
136 137 echo "Fetching grader"
137 138
138 139 cd ..
139 140
140 141 mkdir judge
141 142 cd judge
142 143 git clone -q git://github.com/jittat/cafe-grader-judge-scripts.git scripts
143 144 mkdir raw
144 145 mkdir ev-exam
145 146 mkdir ev
146 147 mkdir result
147 148 mkdir log
148 149
149 150 echo "Configuring grader"
150 151
151 152 cp scripts/config/env_exam.rb.SAMPLE scripts/config/env_exam.rb
152 153 cp scripts/config/env_grading.rb.SAMPLE scripts/config/env_grading.rb
153 154
154 155 # create new environment.rb file
155 156 echo "RAILS_ROOT = '$CAFE_PATH/web'" > scripts/config/environment.rb
156 157 echo "GRADER_ROOT = '$CAFE_PATH/judge/scripts'" >> scripts/config/environment.rb
157 158 echo "require File.join(File.dirname(__FILE__),'../lib/boot')" >> scripts/config/environment.rb
158 159 echo "require File.dirname(__FILE__) + \"/env_#{GRADER_ENV}.rb\"" >> scripts/config/environment.rb
159 160
160 161 # compiling box
161 162 MACHINE_TYPE=`uname -m`
162 163 if [ ${MACHINE_TYPE} == 'x86_64' ]; then
163 164 gcc -std=c99 -o scripts/std-script/box scripts/std-script/box64-new.c
164 165 else
165 166 g++ -o scripts/std-script/box scripts/std-script/box.cc
166 167 fi
167 168
168 169
169 170 cd ..
170 171
171 172 echo "Now you are ready to run cafe grader...."
172 173 echo
173 174 echo "Try:"
174 175 echo
175 176 echo " cd web"
176 177 echo " rails s"
177 178 echo
178 179 echo "and access web at http://localhost:3000/"
179 180 echo "The root username is 'root', its password is 'ioionrails'."
180 181
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -414,384 +414,396
414 414 /* 122 */ [ __NR_setfsuid ] = "setfsuid",
415 415 /* 123 */ [ __NR_setfsgid ] = "setfsgid",
416 416 /* 124 */ [ __NR_getsid ] = "getsid",
417 417 /* 125 */ [ __NR_capget ] = "capget",
418 418 /* 126 */ [ __NR_capset ] = "capset",
419 419 /* 127 */ [ __NR_rt_sigpending ] = "rt_sigpending",
420 420 /* 128 */ [ __NR_rt_sigtimedwait ] = "rt_sigtimedwait",
421 421 /* 129 */ [ __NR_rt_sigqueueinfo ] = "rt_sigqueueinfo",
422 422 /* 130 */ [ __NR_rt_sigsuspend ] = "rt_sigsuspend",
423 423 /* 131 */ [ __NR_sigaltstack ] = "sigaltstack",
424 424 /* 132 */ [ __NR_utime ] = "utime",
425 425 /* 133 */ [ __NR_mknod ] = "mknod",
426 426 /* 134 */ [ __NR_uselib ] = "uselib",
427 427 /* 135 */ [ __NR_personality ] = "personality",
428 428 /* 136 */ [ __NR_ustat ] = "ustat",
429 429 /* 137 */ [ __NR_statfs ] = "statfs",
430 430 /* 138 */ [ __NR_fstatfs ] = "fstatfs",
431 431 /* 139 */ [ __NR_sysfs ] = "sysfs",
432 432 /* 140 */ [ __NR_getpriority ] = "getpriority",
433 433 /* 141 */ [ __NR_setpriority ] = "setpriority",
434 434 /* 142 */ [ __NR_sched_setparam ] = "sched_setparam",
435 435 /* 143 */ [ __NR_sched_getparam ] = "sched_getparam",
436 436 /* 144 */ [ __NR_sched_setscheduler ] = "sched_setscheduler",
437 437 /* 145 */ [ __NR_sched_getscheduler ] = "sched_getscheduler",
438 438 /* 146 */ [ __NR_sched_get_priority_max ] = "sched_get_priority_max",
439 439 /* 147 */ [ __NR_sched_get_priority_min ] = "sched_get_priority_min",
440 440 /* 148 */ [ __NR_sched_rr_get_interval ] = "sched_rr_get_interval",
441 441 /* 149 */ [ __NR_mlock ] = "mlock",
442 442 /* 150 */ [ __NR_munlock ] = "munlock",
443 443 /* 151 */ [ __NR_mlockall ] = "mlockall",
444 444 /* 152 */ [ __NR_munlockall ] = "munlockall",
445 445 /* 153 */ [ __NR_vhangup ] = "vhangup",
446 446 /* 154 */ [ __NR_modify_ldt ] = "modify_ldt",
447 447 /* 155 */ [ __NR_pivot_root ] = "pivot_root",
448 448 /* 156 */ [ __NR__sysctl ] = "_sysctl",
449 449 /* 157 */ [ __NR_prctl ] = "prctl",
450 450 /* 158 */ [ __NR_arch_prctl ] = "arch_prctl",
451 451 /* 159 */ [ __NR_adjtimex ] = "adjtimex",
452 452 /* 160 */ [ __NR_setrlimit ] = "setrlimit",
453 453 /* 161 */ [ __NR_chroot ] = "chroot",
454 454 /* 162 */ [ __NR_sync ] = "sync",
455 455 /* 163 */ [ __NR_acct ] = "acct",
456 456 /* 164 */ [ __NR_settimeofday ] = "settimeofday",
457 457 /* 165 */ [ __NR_mount ] = "mount",
458 458 /* 166 */ [ __NR_umount2 ] = "umount2",
459 459 /* 167 */ [ __NR_swapon ] = "swapon",
460 460 /* 168 */ [ __NR_swapoff ] = "swapoff",
461 461 /* 169 */ [ __NR_reboot ] = "reboot",
462 462 /* 170 */ [ __NR_sethostname ] = "sethostname",
463 463 /* 171 */ [ __NR_setdomainname ] = "setdomainname",
464 464 /* 172 */ [ __NR_iopl ] = "iopl",
465 465 /* 173 */ [ __NR_ioperm ] = "ioperm",
466 466 /* 174 */ [ __NR_create_module ] = "create_module",
467 467 /* 175 */ [ __NR_init_module ] = "init_module",
468 468 /* 176 */ [ __NR_delete_module ] = "delete_module",
469 469 /* 177 */ [ __NR_get_kernel_syms ] = "get_kernel_syms",
470 470 /* 178 */ [ __NR_query_module ] = "query_module",
471 471 /* 179 */ [ __NR_quotactl ] = "quotactl",
472 472 /* 180 */ [ __NR_nfsservctl ] = "nfsservctl",
473 473 /* 181 */ [ __NR_getpmsg ] = "getpmsg",
474 474 /* 182 */ [ __NR_putpmsg ] = "putpmsg",
475 475 /* 183 */ [ __NR_afs_syscall ] = "afs_syscall",
476 476 /* 184 */ [ __NR_tuxcall ] = "tuxcall",
477 477 /* 185 */ [ __NR_security ] = "security",
478 478 /* 186 */ [ __NR_gettid ] = "gettid",
479 479 /* 187 */ [ __NR_readahead ] = "readahead",
480 480 /* 188 */ [ __NR_setxattr ] = "setxattr",
481 481 /* 189 */ [ __NR_lsetxattr ] = "lsetxattr",
482 482 /* 190 */ [ __NR_fsetxattr ] = "fsetxattr",
483 483 /* 191 */ [ __NR_getxattr ] = "getxattr",
484 484 /* 192 */ [ __NR_lgetxattr ] = "lgetxattr",
485 485 /* 193 */ [ __NR_fgetxattr ] = "fgetxattr",
486 486 /* 194 */ [ __NR_listxattr ] = "listxattr",
487 487 /* 195 */ [ __NR_llistxattr ] = "llistxattr",
488 488 /* 196 */ [ __NR_flistxattr ] = "flistxattr",
489 489 /* 197 */ [ __NR_removexattr ] = "removexattr",
490 490 /* 198 */ [ __NR_lremovexattr ] = "lremovexattr",
491 491 /* 199 */ [ __NR_fremovexattr ] = "fremovexattr",
492 492 /* 200 */ [ __NR_tkill ] = "tkill",
493 493 /* 201 */ [ __NR_time ] = "time",
494 494 /* 202 */ [ __NR_futex ] = "futex",
495 495 /* 203 */ [ __NR_sched_setaffinity ] = "sched_setaffinity",
496 496 /* 204 */ [ __NR_sched_getaffinity ] = "sched_getaffinity",
497 497 /* 205 */ [ __NR_set_thread_area ] = "set_thread_area",
498 498 /* 206 */ [ __NR_io_setup ] = "io_setup",
499 499 /* 207 */ [ __NR_io_destroy ] = "io_destroy",
500 500 /* 208 */ [ __NR_io_getevents ] = "io_getevents",
501 501 /* 209 */ [ __NR_io_submit ] = "io_submit",
502 502 /* 210 */ [ __NR_io_cancel ] = "io_cancel",
503 503 /* 211 */ [ __NR_get_thread_area ] = "get_thread_area",
504 504 /* 212 */ [ __NR_lookup_dcookie ] = "lookup_dcookie",
505 505 /* 213 */ [ __NR_epoll_create ] = "epoll_create",
506 506 /* 214 */ [ __NR_epoll_ctl_old ] = "epoll_ctl_old",
507 507 /* 215 */ [ __NR_epoll_wait_old ] = "epoll_wait_old",
508 508 /* 216 */ [ __NR_remap_file_pages ] = "remap_file_pages",
509 509 /* 217 */ [ __NR_getdents64 ] = "getdents64",
510 510 /* 218 */ [ __NR_set_tid_address ] = "set_tid_address",
511 511 /* 219 */ [ __NR_restart_syscall ] = "restart_syscall",
512 512 /* 220 */ [ __NR_semtimedop ] = "semtimedop",
513 513 /* 221 */ [ __NR_fadvise64 ] = "fadvise64",
514 514 /* 222 */ [ __NR_timer_create ] = "timer_create",
515 515 /* 223 */ [ __NR_timer_settime ] = "timer_settime",
516 516 /* 224 */ [ __NR_timer_gettime ] = "timer_gettime",
517 517 /* 225 */ [ __NR_timer_getoverrun ] = "timer_getoverrun",
518 518 /* 226 */ [ __NR_timer_delete ] = "timer_delete",
519 519 /* 227 */ [ __NR_clock_settime ] = "clock_settime",
520 520 /* 228 */ [ __NR_clock_gettime ] = "clock_gettime",
521 521 /* 229 */ [ __NR_clock_getres ] = "clock_getres",
522 522 /* 230 */ [ __NR_clock_nanosleep ] = "clock_nanosleep",
523 523 /* 231 */ [ __NR_exit_group ] = "exit_group",
524 524 /* 232 */ [ __NR_epoll_wait ] = "epoll_wait",
525 525 /* 233 */ [ __NR_epoll_ctl ] = "epoll_ctl",
526 526 /* 234 */ [ __NR_tgkill ] = "tgkill",
527 527 /* 235 */ [ __NR_utimes ] = "utimes",
528 528 /* 236 */ [ __NR_vserver ] = "vserver",
529 529 /* 237 */ [ __NR_mbind ] = "mbind",
530 530 /* 238 */ [ __NR_set_mempolicy ] = "set_mempolicy",
531 531 /* 239 */ [ __NR_get_mempolicy ] = "get_mempolicy",
532 532 /* 240 */ [ __NR_mq_open ] = "mq_open",
533 533 /* 241 */ [ __NR_mq_unlink ] = "mq_unlink",
534 534 /* 242 */ [ __NR_mq_timedsend ] = "mq_timedsend",
535 535 /* 243 */ [ __NR_mq_timedreceive ] = "mq_timedreceive",
536 536 /* 244 */ [ __NR_mq_notify ] = "mq_notify",
537 537 /* 245 */ [ __NR_mq_getsetattr ] = "mq_getsetattr",
538 538 /* 246 */ [ __NR_kexec_load ] = "kexec_load",
539 539 /* 247 */ [ __NR_waitid ] = "waitid",
540 540 /* 248 */ [ __NR_add_key ] = "add_key",
541 541 /* 249 */ [ __NR_request_key ] = "request_key",
542 542 /* 250 */ [ __NR_keyctl ] = "keyctl",
543 543 /* 251 */ [ __NR_ioprio_set ] = "ioprio_set",
544 544 /* 252 */ [ __NR_ioprio_get ] = "ioprio_get",
545 545 /* 253 */ [ __NR_inotify_init ] = "inotify_init",
546 546 /* 254 */ [ __NR_inotify_add_watch ] = "inotify_add_watch",
547 547 /* 255 */ [ __NR_inotify_rm_watch ] = "inotify_rm_watch",
548 548 /* 256 */ [ __NR_migrate_pages ] = "migrate_pages",
549 549 /* 257 */ [ __NR_openat ] = "openat",
550 550 /* 258 */ [ __NR_mkdirat ] = "mkdirat",
551 551 /* 259 */ [ __NR_mknodat ] = "mknodat",
552 552 /* 260 */ [ __NR_fchownat ] = "fchownat",
553 553 /* 261 */ [ __NR_futimesat ] = "futimesat",
554 554 /* 262 */ [ __NR_newfstatat ] = "newfstatat",
555 555 /* 263 */ [ __NR_unlinkat ] = "unlinkat",
556 556 /* 264 */ [ __NR_renameat ] = "renameat",
557 557 /* 265 */ [ __NR_linkat ] = "linkat",
558 558 /* 266 */ [ __NR_symlinkat ] = "symlinkat",
559 559 /* 267 */ [ __NR_readlinkat ] = "readlinkat",
560 560 /* 268 */ [ __NR_fchmodat ] = "fchmodat",
561 561 /* 269 */ [ __NR_faccessat ] = "faccessat",
562 562 /* 270 */ [ __NR_pselect6 ] = "pselect6",
563 563 /* 271 */ [ __NR_ppoll ] = "ppoll",
564 564 /* 272 */ [ __NR_unshare ] = "unshare",
565 565 /* 273 */ [ __NR_set_robust_list ] = "set_robust_list",
566 566 /* 274 */ [ __NR_get_robust_list ] = "get_robust_list",
567 567 /* 275 */ [ __NR_splice ] = "splice",
568 568 /* 276 */ [ __NR_tee ] = "tee",
569 569 /* 277 */ [ __NR_sync_file_range ] = "sync_file_range",
570 570 /* 278 */ [ __NR_vmsplice ] = "vmsplice",
571 571 /* 279 */ [ __NR_move_pages ] = "move_pages",
572 572 /* 280 */ [ __NR_utimensat ] = "utimensat",
573 573 /* 281 */ [ __NR_epoll_pwait ] = "epoll_pwait",
574 574 /* 282 */ [ __NR_signalfd ] = "signalfd",
575 575 /* 283 */ [ __NR_timerfd_create ] = "timerfd_create",
576 576 /* 284 */ [ __NR_eventfd ] = "eventfd",
577 577 /* 285 */ [ __NR_fallocate ] = "fallocate",
578 578 /* 286 */ [ __NR_timerfd_settime ] = "timerfd_settime",
579 579 /* 287 */ [ __NR_timerfd_gettime ] = "timerfd_gettime",
580 580 /* 288 */ [ __NR_accept4 ] = "accept4",
581 581 /* 289 */ [ __NR_signalfd4 ] = "signalfd4",
582 582 /* 290 */ [ __NR_eventfd2 ] = "eventfd2",
583 583 /* 291 */ [ __NR_epoll_create1 ] = "epoll_create1",
584 584 /* 292 */ [ __NR_dup3 ] = "dup3",
585 585 /* 293 */ [ __NR_pipe2 ] = "pipe2",
586 586 /* 294 */ [ __NR_inotify_init1 ] = "inotify_init1",
587 587 /* 295 */ [ __NR_preadv ] = "preadv",
588 588 /* 296 */ [ __NR_pwritev ] = "pwritev",
589 589 /* 297 */ [ __NR_rt_tgsigqueueinfo ] = "rt_tgsigqueueinfo",
590 590 /* 298 */ [ __NR_perf_event_open ] = "perf_event_open",
591 591 /* 299 */ [ __NR_recvmmsg ] = "recvmmsg",
592 592 /* 300 */ [ __NR_fanotify_init ] = "fanotify_init",
593 593 /* 301 */ [ __NR_fanotify_mark ] = "fanotify_mark",
594 594 /* 302 */ [ __NR_prlimit64 ] = "prlimit64",
595 595 /* 303 */ [ __NR_name_to_handle_at ] = "name_to_handle_at",
596 596 /* 304 */ [ __NR_open_by_handle_at ] = "open_by_handle_at",
597 597 /* 305 */ [ __NR_clock_adjtime ] = "clock_adjtime",
598 598 /* 306 */ [ __NR_syncfs ] = "syncfs",
599 599 /* 307 */ [ __NR_sendmmsg ] = "sendmmsg",
600 600 /* 308 */ [ __NR_setns ] = "setns",
601 601 /* 309 */ [ __NR_getcpu ] = "getcpu",
602 602 /* 310 */ [ __NR_process_vm_readv ] = "process_vm_readv",
603 603 /* 311 */ [ __NR_process_vm_writev ] = "process_vm_writev",
604 604 /* 312 */ [ __NR_kcmp ] = "kcmp",
605 605 /* 313 */ [ __NR_finit_module ] = "finit_module",
606 + /* 314 */ [ __NR_sched_setattr ] = "sched_setattr",
607 + /* 315 */ [ __NR_sched_getattr ] = "sched_getattr",
608 + /* 316 */ [ __NR_renameat2 ] = "renameat2",
609 + /* 317 */ [ __NR_seccomp ] = "seccomp",
610 + /* 318 */ [ __NR_getrandom ] = "getrandom",
611 + /* 319 */ [ __NR_memfd_create ] = "memfd_create",
612 + /* 320 */ [ __NR_kexec_file_load ] = "kexec_file_load",
613 + /* 321 */ [ __NR_bpf ] = "bpf",
614 + /* 322 */ [ __NR_execveat ] = "execveat",
615 + /* 323 */ [ __NR_userfaultfd ] = "userfaultfd",
616 + /* 324 */ [ __NR_membarrier ] = "membarrier",
617 + /* 325 */ [ __NR_mlock2 ] = "mlock2",
606 618 };
607 619 #define NUM_SYSCALLS ARRAY_SIZE(syscall_names)
608 620 #define NUM_ACTIONS (NUM_SYSCALLS+64)
609 621
610 622 enum action {
611 623 A_DEFAULT, // Use the default action
612 624 A_NO, // Always forbid
613 625 A_YES, // Always permit
614 626 A_FILENAME, // Permit if arg1 is a known filename
615 627 A_ACTION_MASK = 15,
616 628 A_NO_RETVAL = 32, // Does not return a value
617 629 A_SAMPLE_MEM = 64, // Sample memory usage before the syscall
618 630 A_LIBERAL = 128, // Valid only in liberal mode
619 631 // Must fit in a unsigned char
620 632 };
621 633
622 634 static unsigned char syscall_action[NUM_ACTIONS] = {
623 635 #define S(x) [__NR_##x]
624 636
625 637 // Syscalls permitted for specific file names
626 638 S(open) = A_FILENAME,
627 639 S(creat) = A_FILENAME,
628 640 S(unlink) = A_FILENAME,
629 641 S(access) = A_FILENAME,
630 642 S(truncate) = A_FILENAME,
631 643 S(stat) = A_FILENAME,
632 644 S(lstat) = A_FILENAME,
633 645 S(readlink) = A_FILENAME,
634 646 #ifndef CONFIG_BOX_USER_AMD64
635 647 S(oldstat) = A_FILENAME,
636 648 S(oldlstat) = A_FILENAME,
637 649 S(truncate64) = A_FILENAME,
638 650 S(stat64) = A_FILENAME,
639 651 S(lstat64) = A_FILENAME,
640 652 #endif
641 653
642 654 // Syscalls permitted always
643 655 S(exit) = A_YES | A_SAMPLE_MEM,
644 656 S(read) = A_YES,
645 657 S(write) = A_YES,
646 658 S(close) = A_YES,
647 659 S(lseek) = A_YES,
648 660 S(getpid) = A_YES,
649 661 S(getuid) = A_YES,
650 662 S(dup) = A_YES,
651 663 S(brk) = A_YES,
652 664 S(getgid) = A_YES,
653 665 S(geteuid) = A_YES,
654 666 S(getegid) = A_YES,
655 667 S(dup2) = A_YES,
656 668 S(ftruncate) = A_YES,
657 669 S(fstat) = A_YES,
658 670 S(personality) = A_YES,
659 671 S(readv) = A_YES,
660 672 S(writev) = A_YES,
661 673 S(getresuid) = A_YES,
662 674 #ifdef __NR_pread64
663 675 S(pread64) = A_YES,
664 676 S(pwrite64) = A_YES,
665 677 #else
666 678 S(pread) = A_YES,
667 679 S(pwrite) = A_YES,
668 680 #endif
669 681 S(fcntl) = A_YES,
670 682 S(mmap) = A_YES,
671 683 S(munmap) = A_YES,
672 684 S(ioctl) = A_YES,
673 685 S(uname) = A_YES,
674 686 S(gettid) = A_YES,
675 687 S(set_thread_area) = A_YES,
676 688 S(get_thread_area) = A_YES,
677 689 S(set_tid_address) = A_YES,
678 690 S(exit_group) = A_YES | A_SAMPLE_MEM,
679 691 #ifdef CONFIG_BOX_USER_AMD64
680 692 S(arch_prctl) = A_YES,
681 693 #else
682 694 S(oldfstat) = A_YES,
683 695 S(ftruncate64) = A_YES,
684 696 S(_llseek) = A_YES,
685 697 S(fstat64) = A_YES,
686 698 S(fcntl64) = A_YES,
687 699 S(mmap2) = A_YES,
688 700 #endif
689 701
690 702 // Syscalls permitted only in liberal mode
691 703 S(time) = A_YES | A_LIBERAL,
692 704 S(alarm) = A_YES | A_LIBERAL,
693 705 S(pause) = A_YES | A_LIBERAL,
694 706 S(fchmod) = A_YES | A_LIBERAL,
695 707 S(getrlimit) = A_YES | A_LIBERAL,
696 708 S(getrusage) = A_YES | A_LIBERAL,
697 709 S(gettimeofday) = A_YES | A_LIBERAL,
698 710 S(select) = A_YES | A_LIBERAL,
699 711 S(setitimer) = A_YES | A_LIBERAL,
700 712 S(getitimer) = A_YES | A_LIBERAL,
701 713 S(mprotect) = A_YES | A_LIBERAL,
702 714 S(getdents) = A_YES | A_LIBERAL,
703 715 S(getdents64) = A_YES | A_LIBERAL,
704 716 S(fdatasync) = A_YES | A_LIBERAL,
705 717 S(mremap) = A_YES | A_LIBERAL,
706 718 S(poll) = A_YES | A_LIBERAL,
707 719 S(getcwd) = A_YES | A_LIBERAL,
708 720 S(nanosleep) = A_YES | A_LIBERAL,
709 721 S(rt_sigreturn) = A_YES | A_LIBERAL | A_NO_RETVAL,
710 722 S(rt_sigaction) = A_YES | A_LIBERAL,
711 723 S(rt_sigprocmask) = A_YES | A_LIBERAL,
712 724 S(rt_sigpending) = A_YES | A_LIBERAL,
713 725 S(rt_sigtimedwait) = A_YES | A_LIBERAL,
714 726 S(rt_sigqueueinfo) = A_YES | A_LIBERAL,
715 727 S(rt_sigsuspend) = A_YES | A_LIBERAL,
716 728 S(_sysctl) = A_YES | A_LIBERAL,
717 729 #ifndef CONFIG_BOX_USER_AMD64
718 730 S(sigaction) = A_YES | A_LIBERAL,
719 731 S(sgetmask) = A_YES | A_LIBERAL,
720 732 S(ssetmask) = A_YES | A_LIBERAL,
721 733 S(sigsuspend) = A_YES | A_LIBERAL,
722 734 S(sigpending) = A_YES | A_LIBERAL,
723 735 S(sigreturn) = A_YES | A_LIBERAL | A_NO_RETVAL,
724 736 S(sigprocmask) = A_YES | A_LIBERAL,
725 737 S(ugetrlimit) = A_YES | A_LIBERAL,
726 738 S(readdir) = A_YES | A_LIBERAL,
727 739 S(signal) = A_YES | A_LIBERAL,
728 740 S(_newselect) = A_YES | A_LIBERAL,
729 741 #endif
730 742
731 743 #undef S
732 744 };
733 745
734 746 static const char *
735 747 syscall_name(unsigned int id, char *buf)
736 748 {
737 749 if (id < NUM_SYSCALLS && syscall_names[id])
738 750 return syscall_names[id];
739 751 else
740 752 {
741 753 sprintf(buf, "#%d", id);
742 754 return buf;
743 755 }
744 756 }
745 757
746 758 static int
747 759 syscall_by_name(char *name)
748 760 {
749 761 for (unsigned int i=0; i<NUM_SYSCALLS; i++)
750 762 if (syscall_names[i] && !strcmp(syscall_names[i], name))
751 763 return i;
752 764 if (name[0] == '#')
753 765 name++;
754 766 if (!*name)
755 767 return -1;
756 768 char *ep;
757 769 unsigned long l = strtoul(name, &ep, 0);
758 770 if (*ep)
759 771 return -1;
760 772 if (l >= NUM_ACTIONS)
761 773 return NUM_ACTIONS;
762 774 return l;
763 775 }
764 776
765 777 static int
766 778 set_syscall_action(char *a)
767 779 {
768 780 char *sep = strchr(a, '=');
769 781 enum action act = A_YES;
770 782 if (sep)
771 783 {
772 784 *sep++ = 0;
773 785 if (!strcmp(sep, "yes"))
774 786 act = A_YES;
775 787 else if (!strcmp(sep, "no"))
776 788 act = A_NO;
777 789 else if (!strcmp(sep, "file"))
778 790 act = A_FILENAME;
779 791 else
780 792 return 0;
781 793 }
782 794
783 795 int sys = syscall_by_name(a);
784 796 if (sys < 0)
785 797 die("Unknown syscall `%s'", a);
786 798 if (sys >= NUM_ACTIONS)
787 799 die("Syscall `%s' out of range", a);
788 800 syscall_action[sys] = act;
789 801 return 1;
790 802 }
791 803
792 804 /*** Path rules ***/
793 805
794 806 struct path_rule {
795 807 char *path;
796 808 enum action action;
797 809 struct path_rule *next;
You need to be logged in to leave comments. Login now