Crate catj

source ·
Expand description

A light process isolation sandbox used for Competitive Programming contest.

Features

  • cgroups: Record cpu and memory usage (may fall back to getrusage)
  • mount and chroot: Created an isolated file system
  • setrlimit: Set resource limits (cpu, address size, stack size, file size)
  • setuid and setgid: Run submission under another user and group
  • ptrace: Filter submission syscall

Note

To enable all of above features, it is highly recommended to use it under the root user, otherwise it may fall back automatically.

Usage

# Compile C++ source code
$ catj compile ./fixtures/aplusb/source/ac.cpp -o a.out

# Run a.out
$ catj run --stdin ./fixtures/aplusb/testcases/1.in --read . -- ./a.out
2

# Generate report
$ catj --report run --stdin ./fixtures/aplusb/testcases/1.in --stdout ./sub.out --read . -- ./a.out
# or
$ catj -r run -i ./fixtures/aplusb/testcases/1.in -o ./sub.out -R . -- ./a.out
Status     0
Signal     ✓
Time       1 ms
Time user  1 ms
Time sys   0 ms
Memory     0 KB

Re-exports

Modules

Structs

  • Syscall filter It is a black list filter, and it supports forbid syscall or allow a few times

Enums

Functions

  • Run process isolation sandbox