feat: arm64

build/build_arm64.sh

@@ -1,4 +1,10 @@
 rm -f internal/core/runner/python/python.so
+rm -f internal/core/runner/nodejs/nodejs.so
 rm -f /tmp/sandbox-python/python.so
-CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build -o internal/core/runner/python/python.so -buildmode=c-shared -ldflags="-s -w" cmd/lib/python/main.go
+rm -f /tmp/sandbox-nodejs/nodejs.so
+echo "Building Python lib"
+CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build -o internal/core/runner/python/python.so -buildmode=c-shared -ldflags="-s -w" cmd/lib/python/main.go &&
+echo "Building Nodejs lib" &&
+CGO_ENABLED=1 GOOS=linux GOARCH=arm64 go build -o internal/core/runner/nodejs/nodejs.so -buildmode=c-shared -ldflags="-s -w" cmd/lib/nodejs/main.go &&
+echo "Building main" &&
 GOOS=linux GOARCH=arm64 go build -o main -ldflags="-s -w" cmd/server/main.go

docker/arm64/dockerfile

@@ -0,0 +1,20 @@
+FROM python:3.10-slim
+
+# copy main binary to /main
+COPY main /main
+COPY conf/config.yaml /conf/config.yaml
+
+# change source to TSINGHUA if environment['TSINGHUA'] is set
+ARG TSINGHUA
+
+RUN apt-get clean && \
+    apt-get update && apt-get install -y pkg-config libseccomp-dev \
+    && rm -rf /var/lib/apt/lists/* \
+    && chmod +x /main \
+    && pip3 install jinja2 \
+    && wget -O /opt/node-v20.11.1-linux-arm64.tar.xz https://nodejs.org/dist/v20.11.1/node-v20.11.1-linux-arm64.tar.xz \
+    && tar -xvf /opt/node-v20.11.1-linux-arm64.tar.xz -C /opt \
+    && ln -s /opt/node-v20.11.1-linux-arm64/bin/node /usr/local/bin/node \
+    && rm -f /opt/node-v20.11.1-linux-arm64.tar.xz
+
+ENTRYPOINT ["/main"]

internal/core/runner/nodejs/.gitignore

@@ -0,0 +1 @@
+nodejs.so

internal/core/runner/python/.gitignore

@@ -0,0 +1 @@
+python.so

internal/static/nodejs_syscall/syscalls_arm64.go

@@ -0,0 +1,29 @@
+//go:build linux && arm64
+
+package nodejs_syscall
+
+import "syscall"
+
+var ALLOW_SYSCALLS = []int{
+	// file
+	syscall.SYS_CLOSE, syscall.SYS_READ, syscall.SYS_WRITE, syscall.SYS_OPENAT,
+	syscall.SYS_FSTAT, syscall.SYS_FCNTL,
+	syscall.SYS_READLINKAT, syscall.SYS_FSTATAT,
+
+	// io
+	syscall.SYS_IOCTL,
+
+	// process
+	syscall.SYS_GETPID, syscall.SYS_TGKILL, syscall.SYS_FUTEX, syscall.SYS_EXIT_GROUP,
+
+	// memory
+	syscall.SYS_RT_SIGPROCMASK, syscall.SYS_SIGALTSTACK, syscall.SYS_RT_SIGACTION,
+	syscall.SYS_MMAP, syscall.SYS_MUNMAP, syscall.SYS_MADVISE, syscall.SYS_MPROTECT,
+
+	//user/group
+	syscall.SYS_SETUID, syscall.SYS_SETGID,
+	syscall.SYS_GETUID, syscall.SYS_GETGID,
+
+	// epoll
+	syscall.SYS_EPOLL_CTL, syscall.SYS_EPOLL_PWAIT,
+}

internal/static/python_syscall/syscalls_arm64.go

@@ -15,7 +15,8 @@ var ALLOW_SYSCALLS = []int{
 	// thread
 	syscall.SYS_FUTEX,
 	// memory
-	syscall.SYS_MMAP, syscall.SYS_BRK, syscall.SYS_MPROTECT, syscall.SYS_MUNMAP, syscall.SYS_RT_SIGRETURN,
+	syscall.SYS_MMAP, syscall.SYS_BRK, syscall.SYS_MPROTECT, syscall.SYS_MUNMAP, syscall.SYS_RT_SIGRETURN, syscall.SYS_RT_SIGPROCMASK,
+	syscall.SYS_SIGALTSTACK,
 	// user/group
 	syscall.SYS_SETUID, syscall.SYS_SETGID,
 	// process
@@ -25,5 +26,5 @@ var ALLOW_SYSCALLS = []int{
 	// time
 	syscall.SYS_CLOCK_GETTIME, syscall.SYS_GETTIMEOFDAY, syscall.SYS_NANOSLEEP,
 	syscall.SYS_EPOLL_CTL, syscall.SYS_CLOCK_NANOSLEEP, syscall.SYS_PSELECT6,
-	syscall.SYS_TIME,
+	syscall.SYS_TIMERFD_CREATE, syscall.SYS_TIMERFD_SETTIME, syscall.SYS_TIMERFD_GETTIME,
 }