Expand description
A light process isolation sandbox used for Competitive Programming contest.
Features
- cgroups: Record cpu and memory usage (may fall back to getrusage)
- mount and chroot: Created an isolated file system
- setrlimit: Set resource limits (cpu, address size, stack size, file size)
- setuid and setgid: Run submission under another user and group
- ptrace: Filter submission syscall
Note
To enable all of above features, it is highly recommended to use it under the root user, otherwise it may fall back automatically.
Usage
# Compile C++ source code
$ catj compile ./fixtures/aplusb/source/ac.cpp -o a.out
# Run a.out
$ catj run --stdin ./fixtures/aplusb/testcases/1.in --read . -- ./a.out
2
# Generate report
$ catj --report run --stdin ./fixtures/aplusb/testcases/1.in --stdout ./sub.out --read . -- ./a.out
# or
$ catj -r run -i ./fixtures/aplusb/testcases/1.in -o ./sub.out -R . -- ./a.out
Status 0
Signal ✓
Time 1 ms
Time user 1 ms
Time sys 0 ms
Memory 0 KB
Re-exports
pub use context::CatBox;
pub use context::CatBoxBuilder;
pub use context::CatBoxOption;
pub use context::CatBoxOptionBuilder;
pub use context::CatBoxResult;
Modules
- CatBox Context
Structs
- Syscall filter It is a black list filter, and it supports forbid syscall or allow a few times
Enums
- CatBox Error
- Syscall filter preset category
Functions
- Run process isolation sandbox