[evalserver]
port = "14401"
host = "127.0.0.1"
debug = 1
[jobmanager]
max_workers = 6
timeout = 11
min_deadline = 100 # minimum number of milliseconds to allow a deadline to request
[sandbox]
# Relative paths are turned to absolute ONLY by using the mount_base path
# target path's are absolute and only exist in the sandbox
home_dir = "/eval"
mount_base = "/path/to/system"
plugin_base = "/path/to/plugins" # TODO is this good?
plugins = ["Perlbot", "PerlbotEggs"]
# Be careful with these, if you mount stuff under an existing directory on your
# system a directory will be created there in order to facilitate the private
# bind mount. This is part of why I recommend using debootstrap or similar
# To create a shadow system for the evalserver
bind_mounts = [
{src = "lib64", target = "/lib64"},
{src = "lib", target = "/lib"},
{src = "usr/lib", target = "/usr/lib"},
{src = "usr/bin", target = "/usr/bin"},
{src = "opt/perlbrew/", target = "/opt/perlbrew/"},
]
[sandbox.seccomp]
yaml = "etc/seccomp.yml"
[sandbox.devices]
# Entries in /dev that must exist
# each entry is an array, [type, major, minor]
null = ["c", 1, 3]
urandom = ["c", 1, 9]
random = ["c", 1, 9] # make this just the same as urandom, it doesn't matter to us
[sandbox.environment]
TZ="Asia/Pyongyang"
[sandbox.rlimits]
VMEM = "750M"
AS = "750M"
DATA = "500M"
STACK = "30M"
NPROC = 20
NOFILE = 30
OFILE = 30
OPEN_MAX = 30
LOCKS = 5
MEMLOCK = 100
CPU = 10
[language]
# Each language requires a few keys
#
# One of sub or bin
# * sub is the name of a perl subroutine in the wrapper script
# * bin is the path to a binary to run after sandboxing
# And
# * args => ['-w', '%file%']
#
# Optional args
# TODO figure out a sane way to do the wrapper scripts for -e and Dumper of results etc.
"perl"={sub="run_perl", seccomp_profile="lang_perl"}
"deparse"={sub="deparse_perl", seccomp_profile="lang_perl"}
# TODO perls 1-3
[language."perl1"]
bin="/perl5/perlbrew/perls-4.0.36/bin/perl"
args=["-e", "%CODE%"]
seccomp_profile="lang_perl"
[language."perl2"]
bin="/perl5/perlbrew/perls-4.0.36/bin/perl"
args=["-e", "%CODE%"]
seccomp_profile="lang_perl"
[language."perl3"]
bin="/perl5/perlbrew/perls-4.0.36/bin/perl"
args=["-e", "%CODE%"]
seccomp_profile="lang_perl"
[language."perl4"]
bin="/perl5/perlbrew/perls-4.0.36/bin/perl"
args=["-e", "%CODE%"]
seccomp_profile="lang_perl"
[language."perl5.5"]
bin="/perl5/perlbrew/perls-5.005_04/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.6"]
bin="/perl5/perlbrew/perls-5.6.2/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.8"]
bin="/perl5/perlbrew/perls-5.8.9/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.10"]
bin="/perl5/perlbrew/perls-5.10.1/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.12"]
bin="/perl5/perlbrew/perls-5.12.5/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.14"]
bin="/perl5/perlbrew/perls-5.14.4/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.16"]
bin="/perl5/perlbrew/perls-5.16.3/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.18"]
bin="/perl5/perlbrew/perls-5.18.4/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.20"]
bin="/perl5/perlbrew/perls-5.20.3/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.22"]
bin="/perl5/perlbrew/perls-5.22.3/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language."perl5.24"]
bin="/perl5/perlbrew/perls-5.24.0/bin/perl"
args=["-e", "%CODE%"]
wrap_code="perl_wrap"
seccomp_profile="lang_perl"
[language.ruby]
bin="/usr/bin/ruby2.1"
args=["%FILE%"]
seccomp_profile="lang_ruby"
# Can also write in long form if it makes more sense
[language.node]
bin="/langs/node-custom/bin/node"
args=["--v8-pool-size=1", "%FILE%"]
seccomp_profile="lang_node"