Comments (9)
Can you provide the output of ltrace -b1 isolate --cleanup
?
(You need to run it as root)
from isolate.
# ltrace obj/isolate/isolate -b1 --cleanup
__libc_start_main(0x401a30, 3, 0x7ffe4d79e228, 0x4049e0 <unfinished ...>
__strdup(0x405f02, 0x7ffe4d79e228, 0x7ffe4d79e248, 0) = 0x1d27010
strchr("box=./box:rw", ':') = ":rw"
strchr("rw", ':') = nil
strcmp("rw", "rw") = 0
strchr("box=./box", '=') = "=./box"
malloc(32) = 0x1d27030
__strdup(0x405f0f, 0x1d27050, 0x1d27030, 0x7f8812f61b20) = 0x1d27060
strchr("bin", ':') = nil
strchr("bin", '=') = nil
strlen("bin") = 3
malloc(5) = 0x1d27080
__sprintf_chk(0x1d27080, 1, -1, 0x405995) = 4
strcmp("box", "bin") = 6
malloc(32) = 0x1d270a0
__strdup(0x405f13, 0x1d270c0, 0x1d270a0, 0x7f8812f61b20) = 0x1d270d0
strchr("dev:dev", ':') = ":dev"
strchr("dev", ':') = nil
strcmp("dev", "rw") = -14
strcmp("dev", "noexec") = -10
strcmp("dev", "fs") = -2
strcmp("dev", "maybe") = -9
strcmp("dev", "dev") = 0
strchr("dev", '=') = nil
strlen("dev") = 3
malloc(5) = 0x1d270f0
__sprintf_chk(0x1d270f0, 1, -1, 0x405995) = 4
strcmp("box", "dev") = -2
strcmp("bin", "dev") = -2
malloc(32) = 0x1d27110
__strdup(0x405f1b, 0x1d27130, 0x1d27110, 0x7f8812f61b20) = 0x1d27140
strchr("lib", ':') = nil
strchr("lib", '=') = nil
strlen("lib") = 3
malloc(5) = 0x1d27160
__sprintf_chk(0x1d27160, 1, -1, 0x405995) = 4
strcmp("box", "lib") = -10
strcmp("bin", "lib") = -10
strcmp("dev", "lib") = -8
malloc(32) = 0x1d27180
__strdup(0x405f1f, 0x1d271a0, 0x1d27180, 0x7f8812f61b20) = 0x1d271b0
strchr("lib64:maybe", ':') = ":maybe"
strchr("maybe", ':') = nil
strcmp("maybe", "rw") = -5
strcmp("maybe", "noexec") = -1
strcmp("maybe", "fs") = 7
strcmp("maybe", "maybe") = 0
strchr("lib64", '=') = nil
strlen("lib64") = 5
malloc(7) = 0x1d271d0
__sprintf_chk(0x1d271d0, 1, -1, 0x405995) = 6
strcmp("box", "lib64") = -10
strcmp("bin", "lib64") = -10
strcmp("dev", "lib64") = -8
strcmp("lib", "lib64") = -54
malloc(32) = 0x1d271f0
__strdup(0x405f2b, 0x1d27210, 0x1d271f0, 0x7f8812f61b20) = 0x1d27220
strchr("proc=proc:fs", ':') = ":fs"
strchr("fs", ':') = nil
strcmp("fs", "rw") = -12
strcmp("fs", "noexec") = -8
strcmp("fs", "fs") = 0
strchr("proc=proc", '=') = "=proc"
strcmp("box", "proc") = -14
strcmp("bin", "proc") = -14
strcmp("dev", "proc") = -12
strcmp("lib", "proc") = -4
strcmp("lib64", "proc") = -4
malloc(32) = 0x1d27240
__strdup(0x405f38, 0x1d27260, 0x1d27240, 0x7f8812f61b20) = 0x1d27270
strchr("usr", ':') = nil
strchr("usr", '=') = nil
strlen("usr") = 3
malloc(5) = 0x1d27290
__sprintf_chk(0x1d27290, 1, -1, 0x405995) = 4
strcmp("box", "usr") = -19
strcmp("bin", "usr") = -19
strcmp("dev", "usr") = -17
strcmp("lib", "usr") = -9
strcmp("lib64", "usr") = -9
strcmp("proc", "usr") = -5
malloc(32) = 0x1d272b0
getopt_long(3, 0x7ffe4d79e228, "b:c:d:eE:i:k:m:M:o:p::q:r:t:vw:x"..., 0x4067e0, nil) = 98
strtol(0x7ffe4d79f7fe, 0, 10, 0) = 1
getopt_long(3, 0x7ffe4d79e228, "b:c:d:eE:i:k:m:M:o:p::q:r:t:vw:x"..., 0x4067e0, nil) = 258
getopt_long(3, 0x7ffe4d79e228, "b:c:d:eE:i:k:m:M:o:p::q:r:t:vw:x"..., 0x4067e0, nil) = -1
geteuid() = 0
getuid() = 0
getgid() = 0
umask(022) = 022
__snprintf_chk(0x6084c0, 1024, 1, 1024) = 10
strchr("tmp/box/1", '/') = "/box/1"
__xstat(1, "/tmp", 0x7ffe4d79e020) = 0
strchr("box/1", '/') = "/1"
__xstat(1, "/tmp/box", 0x7ffe4d79e020) = 0
strchr("1", '/') = nil
__xstat(1, "/tmp/box/1", 0x7ffe4d79e020) = 0
chdir("/tmp/box/1") = 0
__xstat(1, "box", 0x7ffe4d79e050) = 0
nftw(0x6084c0, 0x402ff0, 32, 11 <unfinished ...>
unlink("/tmp/box/1/box/test.sh") = 0
rmdir("/tmp/box/1/box") = 0
rmdir("/tmp/box/1") = -1
__vsnprintf_chk(0x7ffe4d79d940, 1024, 1, 1024) = 44
fputs("Cannot rmdir /tmp/box/1: Directo"..., 0x7f8812f62540Cannot rmdir /tmp/box/1: Directory not empty) = 1
fputc('\n', 0x7f8812f62540
) = 10
exit(2 <no return ...>
+++ exited (status 2) +++
from isolate.
The --dir rule you specified asks for bind-mounting a filesystem inside itself, which is generally not a sane thing to do :) Is it intentional?
from isolate.
@gollux I'm afraid I don't follow your question -- can you elaborate more please? :D
from isolate.
from isolate.
Hello @gollux, sorry for late response here. I think we misunderstood something; we thought we need to add --dir=/tmp/box/1/box:rw
in order for the sandboxed command to be able to read input files inside the sandbox itself. We tried removing it and the command still ran correctly. Unfortunately, the cleanup still failed with the same symptom.
from isolate.
I also have a same issue here. Even my /tmp/box/0
directory cannot be removed because it have a root folder inside. I try to clean up with obj/isolate/isolate -b0 --cleanup
but it didn't work, while I'm initialize isolate with obj/isolate/isolate -b1 -q50000,50 --init
. I don't know why even 0
folder cannot be removed while it's not initiated. Needs help.
from isolate.
Is anybody able to reproduce the problem with the current version of Isolate? If so, please send me the exact commands you use for --init and --cleanup.
from isolate.
It could be that I was mounting incorrectly as you explained. I am trying to investigate it further. Closing it for now, will reopen when I have more data. Thanks!
from isolate.
Related Issues (20)
- "No such file or directory" issue when trying to run C# program using Dotnet HOT 7
- Memory corruption bug in cg_init HOT 2
- C# program failed to compile using mcs - error CS2001: Source file `Main.cs' could not be found HOT 1
- make install exited with error code 1. HOT 1
- Error Running isolate in Ubuntu:22.04 with Systemd HOT 10
- Support for Docker HOT 12
- Error using isolate HOT 15
- Assertion Failure Issue HOT 4
- --as-uid and --as-gid seem to be not usable in Docker container HOT 3
- Cannot set disk quota: No such process HOT 1
- chown: cannot access /var/local/lib/isolate/XX/box': No such file or directory HOT 6
- CPU time (--time) consumed in subsequent runs in the same box with cg (cgroup2) enabled HOT 15
- Limitation on number of sandboxes HOT 1
- [Query] Isolate Mac OS setup HOT 1
- Unable to build manual HOT 3
- CGoups not found HOT 5
- isolate: unrecognized option '--cg-timing' and annot open /run/isolate/cgroup: No such file or directory HOT 2
- Cannot create subgroup /sys/fs/cgroup/isolate.slice/isolate.service/daemon: No such file or directory HOT 12
- Memory access violation leads to different outcomes in different envrionments HOT 2
- Measuring time and memory usage with --cg option HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from isolate.