A light process isolation sandbox used for Competitive Programming contest.
- cgroups: Record cpu and memory usage (may fall back to getrusage)
- mount and chroot: Created an isolated file system
- setrlimit: Set resource limits (cpu, address size, stack size, file size)
- setuid and setgid: Run submission under another user and group
- ptrace: Filter submission syscall
Note
To enable all of above features, it is highly recommended to use it under the root user, otherwise it may fall back automatically.
# Install using cargo $ cargo install catj # Or you can download binary with installation script $ curl -fsSL https://bina.egoist.sh/CaCatHead/CatBox | sh # Check installation $ catj --version catj 0.2.3 # Init cgroup for current user $ ./init.sh $USER
# Compile C++ source code $ catj compile ./fixtures/aplusb/source/ac.cpp -o a.out # Run a.out $ catj run --stdin ./fixtures/aplusb/testcases/1.in --read . -- ./a.out 2 # Generate report $ catj --report run --stdin ./fixtures/aplusb/testcases/1.in --stdout ./sub.out --read . -- ./a.out # or $ catj -r run -i ./fixtures/aplusb/testcases/1.in -o ./sub.out -R . -- ./a.out Status 0 Signal ✓ Time 1 ms Time user 1 ms Time sys 0 ms Memory 0 KB
MIT License © 2023 XLor