The control group v2 version had been merged into master branch
See ioi/isolate And check IOI-Isolate CG2 to setup cg2 version of isolate
Installation
Manaual
sudo apt update
sudo apt-get install -y --no-install-recommends libcap-dev libsystemd-dev pkg-config
git clone -b cg2 https://github.com/ioi/isolate.git
cd isolate
make -j$(nproc) install
rm -rf /tmp/*Environment
Switch cgroup version from v2 to v1
Title
ioi/isolateusing cgroup v1, if your system usingcgroupv2you should switch it to v1
Steps
-
Edit
/etc/default/grub.d/cgroup.cfgfile. If doesn’t exist, you could create it by yourself.GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false" -
Edit
etc/default/grobfile, adding following parameters.GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1" -
Run
sudo update-grubto update your settings.
Run isolate in Docker
在執行容器時因為isolate需要用到cgroup,因此引此需要加上--privileged這個Flag
Create Sandbox
isolate --cg --b <box-id> --init
Run Program
Title
Contents
With No Stdin
isolate --cg --silent --meta meta.txt --box-id 0 \ --time 2.0 --extra-time 0.5 --wall-time 5.0 \ --stack 64000 --processes=30 --cg-mem 128000 \ --no-cg-timing --fsize 1024 --stdout output \ -E LANG -E LANGUAGE -E LC_ALL \ --dir '/etc':'noexec' \ --run -- a.out
With Stdin
isolate --cg --silent --meta meta.txt --box-id 0 \ --time 2.0 --extra-time 0.5 --wall-time 5.0 \ --stack 64000 --processes=30 --cg-mem 128000 \ --no-cg-timing --fsize 1024 --stdin stdin.txt --stdout output \ -E LANG -E LANGUAGE -E LC_ALL \ --dir '/etc':'noexec' \ --run -- a.out
Test C Programe
#include <stdlib.h>
#include <unistd.h>
int main() {
void* buf = malloc(1024 * 1000); // 1000kb
usleep(3 * 1000 * 1000); // 3s
}isolate --cg --silent --meta meta.txt --box-id 0 \
--time 3.0 --extra-time 0.5 --wall-time 3.0 \
--stack 64000 --processes=30 --cg-mem 128000 \
--no-cg-timing --fsize 1024 --stdout output \
-E LANG -E LANGUAGE -E LC_ALL \
--dir '/etc':'noexec' \
--run -- a.out