пре 1 година · 475df90691
--- a/build/build.sh
+++ b/build/build.sh
@@ -1,4 +0,0 @@
 
				-rm -rf /tmp/sandbox-python
			
 
				-rm -rf internal/core/runner/python/python.so
			
 
				-go build -o internal/core/runner/python/python.so -buildmode=c-shared -ldflags="-s -w" cmd/lib/python/main.go
			
 
				-go build -o main -ldflags="-s -w" cmd/server/main.go
			
--- a/build/build_amd64.sh
+++ b/build/build_amd64.sh
@@ -0,0 +1,2 @@
 
				+CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o internal/core/runner/python/python.so -buildmode=c-shared -ldflags="-s -w" cmd/lib/python/main.go
			
 
				+GOOS=linux GOARCH=amd64 go build -o main -ldflags="-s -w" cmd/server/main.go
			
--- a/build/build_arm64.sh
+++ b/build/build_arm64.sh
@@ -0,0 +1,2 @@
 
				+CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build -o internal/core/runner/python/python.so -buildmode=c-shared -ldflags="-s -w" cmd/lib/python/main.go
			
 
				+GOOS=linux GOARCH=arm64 go build -o main -ldflags="-s -w" cmd/server/main.go
			
--- a/internal/static/syscalls_amd64.go
+++ b/internal/static/syscalls_amd64.go
@@ -0,0 +1,29 @@
 
				+//go:build linux && amd64
			
 
				+
			
 
				+package static
			
 
				+
			
 
				+import "syscall"
			
 
				+
			
 
				+const (
			
 
				+	SYS_GETRANDOM = 318
			
 
				+	SYS_RSEQ      = 334
			
 
				+)
			
 
				+
			
 
				+var ALLOW_SYSCALLS = []int{
			
 
				+	// file io
			
 
				+	syscall.SYS_WRITE, syscall.SYS_CLOSE,
			
 
				+	// thread
			
 
				+	syscall.SYS_FUTEX,
			
 
				+	// memory
			
 
				+	syscall.SYS_MMAP, syscall.SYS_BRK, syscall.SYS_MPROTECT, syscall.SYS_MUNMAP, syscall.SYS_RT_SIGRETURN,
			
 
				+	// user/group
			
 
				+	syscall.SYS_SETUID, syscall.SYS_SETGID,
			
 
				+	// process
			
 
				+	syscall.SYS_GETPID, syscall.SYS_GETPPID, syscall.SYS_GETTID,
			
 
				+	syscall.SYS_EXIT, syscall.SYS_EXIT_GROUP,
			
 
				+	syscall.SYS_TGKILL, syscall.SYS_RT_SIGACTION,
			
 
				+	// time
			
 
				+	syscall.SYS_CLOCK_GETTIME, syscall.SYS_GETTIMEOFDAY, syscall.SYS_NANOSLEEP,
			
 
				+	syscall.SYS_EPOLL_CTL, syscall.SYS_CLOCK_NANOSLEEP, syscall.SYS_PSELECT6,
			
 
				+	syscall.SYS_TIME,
			
 
				+}
			
--- a/internal/static/syscalls.go
+++ b/internal/static/syscalls.go
@@ -1,3 +1,5 @@
 
				+//go:build linux && arm64
			
 
				+
			
 
				 package static
			
 
				 
			
 
				 import "syscall"
			
@@ -21,6 +23,7 @@ var ALLOW_SYSCALLS = []int{
 
				 	syscall.SYS_EXIT, syscall.SYS_EXIT_GROUP,
			
 
				 	syscall.SYS_TGKILL, syscall.SYS_RT_SIGACTION,
			
 
				 	// time
			
 
				-	syscall.SYS_CLOCK_GETTIME, syscall.SYS_GETTIMEOFDAY, syscall.SYS_TIME, syscall.SYS_NANOSLEEP,
			
 
				+	syscall.SYS_CLOCK_GETTIME, syscall.SYS_GETTIMEOFDAY, syscall.SYS_NANOSLEEP,
			
 
				 	syscall.SYS_EPOLL_CTL, syscall.SYS_CLOCK_NANOSLEEP, syscall.SYS_PSELECT6,
			
 
				+	syscall.SYS_TIME,
			
 
				 }