0

I am writing an online coding jude site like spoj.pl and i am creating a jail for compiling and executing the program. I wrote a script which takes c/c++ source code , compile and run the code. I need to execute this program in a jail created by debootstrap but i have to restrict permissions to my script and allow the binary to read only the - input/output files present in the original /home/ubuntu system.

Is it possible ?

Linux system:
/home/ubuntu:
   This folder has 
   online_judge/scripts.py ...
   input_output/input*.txt,output*.txt

/Jail 
    submissions/code.c
    submissions/code.cpp

I need to invoke scripts.py of /home/ubuntu in the jail with restricted jail user ,compile the code and run the binary. The Jail user should never be able to access any of the /home/ubuntu files except input_output/input*txt which i can give then execute permission

user1159517
  • 5,390
  • 8
  • 30
  • 47

2 Answers2

0

I need to invoke scripts.py of /home/ubuntu in the jail with restricted jail user,

You said that scripts.py is located in /home/ubuntu/online_judge, which is NOT in the /Jail. So, either you have the jail user restricted to /Jail or not. If the restricted jail user should execute online_judge/scripts.py you'd have to make it accessible somewhere under /Jail.

The Jail user should never be able to access any of the /home/ubuntu files except input_output/input*txt which i can give then execute permission

Hardlinks may help, e.g. "ln /home/ubuntu/online_judge/scripts.py /Jail/scripts.py", now the restricted jail user has access to scripts.py via /Jail/scripts.py. Be sure to restrict write-access to that file, otherwise s/he would modify both "copies".

ckujau
  • 225
  • 1
  • 15
  • Thanks am clear about this. But currently am facing a problem in running gcc/g++ inside Jail.. Any easy way to bring all the system files inside the jail ? – user1159517 Aug 11 '13 at 01:02
  • Since the question is tagged with Ubuntu, "apt-cache search jail" has some helper tools to set up Linux "jails" or chroot environments ("jails" is really a BSD term, IIRC) – ckujau Aug 11 '13 at 01:27
0

You need to use debootstrap you can download the necessary compiling toolchains. so instead of trying using existing systems toolchain use from debootstrap's provided toolchain or also you can download toolchain via apt-get from the jail inside. If all fails, then try using scratchbox (www.scratchbox.org), it contains all the compiling toolchain you need also an execution environment. Hope it'll help!

rakib_
  • 136,911
  • 4
  • 20
  • 26