# go-judge
[![Go Reference](https://pkg.go.dev/badge/github.com/criyle/go-judge.svg)](https://pkg.go.dev/github.com/criyle/go-judge) [![Go Report Card](https://goreportcard.com/badge/github.com/criyle/go-judge)](https://goreportcard.com/report/github.com/criyle/go-judge) [![Release](https://img.shields.io/github/v/tag/criyle/go-judge)](https://github.com/criyle/go-judge/releases/latest) ![Build](https://github.com/criyle/go-judge/workflows/Build/badge.svg)
[中文文档](README.cn.md)
## Executor Service
Fast, Simple, Secure
### Prerequisite
- Linux Kernel Version >= 3.10
- Cgroup file system mounted at /sys/fs/cgroup. Usually done by systemd
### Architecture
```text
+----------------------------------------------------------------------------------+
| Transport Layer (HTTP / WebSocket / FFI / ...) |
+----------------------------------------------------------------------------------+
| Executor Worker (Environment Pool w/ Environment Builder ) |
+-----------------------------------------------------------+----------------------+
| EnvExec | File Store |
+--------------------+----------------+---------------------+---------------+------+
| Linux (go-sandbox) | Windows (winc) | macOS (app sandbox) | Shared Memory | Disk |
+--------------------+----------------+---------------------+---------------+------+
```
### REST API
A REST service to run program in restricted environment and it is basically a wrapper for `envexec` to run single / multiple programs.
- /run POST execute program in the restricted environment (examples below)
- /file GET list all cached file id to original name map
- /file POST prepare a file in the executor service (in memory), returns fileId (can be referenced in /run parameter)
- /file/:fileId GET downloads file from executor service (in memory), returns file content
- /file/:fileId DELETE delete file specified by fileId
- /ws WebSocket for /run
- /version gets build git version (e.g. `v1.4.0`) together with runtime information (go version, os, platform)
- /config gets some configuration (e.g. `fileStorePath`) together with some supported features
Monitor HTTP endpoint (default `:5052`, specified by `-monitor-addr`)
- /metrics prometheus metrics (specifies `ES_ENABLE_METRICS=1` environment variable to enable metrics)
- /debug (specifies `ES_ENABLE_DEBUG=1` environment variable to enable go runtime debug endpoint)
### Command Line Arguments
Server:
- The default binding address for the executor server is `:5050`. Can be specified with `-http-addr` flag.
- By default gRPC endpoint is disabled, to enable gRPC endpoint, add `-enable-grpc` flag.
- The default binding address for the gRPC executor server is `:5051`. Can be specified with `-grpc-addr` flag.
- The default log level is info, use `-silent` to disable logs or use `-release` to enable release logger (auto turn on if in docker).
- `-auth-token` to add token-based authentication to REST / gRPC
- By default, the GO debug endpoints are disabled, to enable, specifies `-enable-debug`, and it also enables debug log
- By default, the prometheus metrics endpoints are disabled, to enable, specifies `-enable-metrics`
- Monitoring HTTP endpoint is enabled if metrics / debug is enabled, the default addr is `:5052` and can be specified by `-monitor-addr`
Sandbox:
- The default concurrency equal to number of CPU, Can be specified with `-parallelism` flag.
- The default file store is in memory, local cache can be specified with `-dir` flag.
- The default CGroup prefix is `executor_server`, Can be specified with `-cgroup-prefix` flag.
- `-src-prefix` to restrict `src` copyIn path (need to be absolute path)
- `-time-limit-checker-interval` specifies time limit checker interval (default 100ms) (valid value: \[1ms, 1s\])
- `-output-limit` specifies size limit of POSIX rlimit of output (default 256MiB)
- `-extra-memory-limit` specifies the additional memory limit to check memory limit exceeded (default 16KiB)
- `-copy-out-limit` specifies the default file copy out max (default 64MiB)
- `-open-file-limit` specifies the max number of open files (default 256)
- `-cpuset` specifies `cpuset.cpus` cgroup for each container (Linux only)
- `-container-cred-start` specifies container `setuid` / `setgid` credential start point (default: 10000) (Linux only)
- for example, by default container 0 will run with 10001 uid & gid and container 1 will run with 10002 uid & gid...
- `-enable-cpu-rate` enabled `cpu` cgroup to control cpu rate using cfs_quota & cfs_period control (Linux only)
- `-cpu-cfs-period` specifies cfs_period if cpu rate is enabled (default 100ms) (valid value: \[1ms, 1s\])
- `-seccomp-conf` specifies `seecomp` filter setting to load when running program (need build tag `seccomp`) (Linux only)
- for example, by `strace -c prog` to get all `syscall` needed and restrict to that sub set
- however, the `syscall` count in one platform(e.g. x86_64) is not suitable for all platform, so this option is not recommended
- the program killed by seccomp filter will have status `Dangerous Syscall`
- `-pre-fork` specifies number of container to create when server starts
- `-tmp-fs-param` specifies the tmpfs parameter for `/w` and `/tmp` when using default mounting (Linux only)
- `-file-timeout` specifies maximum TTL for file created in file store (e.g. `30m`)
- `-mount-conf` specifies detailed mount configuration, please refer `mount.yaml` as a reference (Linux only)
- `-container-init-path` specifies path to `cinit` (do not use, debug only) (Linux only)
### Environment Variables
Environment variable will be override by command line arguments if they both present and all command line arguments have its correspond environment variable (e.g. `ES_HTTP_ADDR`). Run `executorserver --help` to see all the environment variable configurations.
### Install & Run
Download compiled executable from [Release](https://github.com/criyle/go-judge/releases) and run.
Or, by docker
```bash
docker run -it --rm --privileged --shm-size=256m -p 5050:5050 criyle/executorserver
```
#### Build Executor Server
Build by your own `docker build -t executorserver -f Dockerfile.exec .`
The `executorserver` need root privilege to create `cgroup`. Either creates sub-directory `/sys/fs/cgroup/cpuacct/executor_server`, `/sys/fs/cgroup/memory/executor_server`, `/sys/fs/cgroup/pids/executor_server` and make execution user readable or use `sudo` to run it.
#### Build Shared object
Build container init `cinit`:
`go build -o cinit ./cmd/cinit`
Build `executor_server.so`:
`go build -buildmode=c-shared -o executor_server.so ./cmd/ffi/`
For example, in JavaScript, run with `ffi-napi` (seems node 14 is not supported yet):
### Build Executor Proxy
Build `go build ./cmd/executorproxy`
Run `./executorproxy`, connect to gRPC endpoint expose as a REST endpoint.
### Build Executor Shell
Build `go build ./cmd/executorshell`
Run `./executorshell`, connect to gRPC endpoint with interactive shell.
### Return Status
- Accepted: Program exited with status code 0 within time & memory limits
- Memory Limit Exceeded: Program uses more memory than memory limits
- Time Limit Exceeded:
- Program uses more CPU time than cpuLimit
- Or, program uses more clock time than clockLimit
- Output Limit Exceeded:
- Program output more than pipeCollector limits
- Or, program output more than output-limit
- File Error:
- CopyIn file is not existed
- Or, CopyIn file too large for container file system
- Or, CopyOut file is not existed after program exited
- Non Zero Exit Status: Program exited with non 0 status code within time & memory limits
- Signalled: Program exited with signal (e.g. SIGSEGV)
- Dangerous Syscall: Program killed by seccomp filter
- Internal Error:
- Program is not exist
- Or, container create not successful (e.g. not privileged docker)
- Or, other errors
### Container Root File
没有合适的资源?快使用搜索试试~ 我知道了~
基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip
共2000个文件
js:691个
java:377个
css:246个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 128 浏览量
2023-12-15
14:38:45
上传
评论 1
收藏 65.01MB ZIP 举报
温馨提示
【项目介绍】 基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip 基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip 基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip 基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip 【备注】 1.项目代码均经过功能验证ok,确保稳定可靠运行。欢迎下载食用体验! 2.主要针对各个计算机相关专业,包括计算机科学、信息安全、数据科学与大数据技术、人工智能、通信、物联网等领域的在校学生、专业教师、企业员工。 3.项目具有丰富的拓展空间,不仅可作为入门进阶,也可直接作为毕设、课程设计、大作业、初期项目立项演示等用途。 4.当然也鼓励大家基于此进行二次开发。在使用过程中,如有问题或建议,请及时沟通。 5.期待你能在项目中找到乐趣和灵感,也欢迎你的分享和反馈!
资源推荐
资源详情
资源评论
收起资源包目录
基于SpringBoot+SpringCloud+Vue的开源在线代码评委系统源码+数据库sql+项目说明.zip (2000个子文件)
.babelrc 219B
BlogServiceImpl.class 20KB
QuestionBankServiceImpl.class 20KB
UserServiceImpl.class 14KB
SubmmitionCodeInContestSerivceImpl.class 12KB
ContestSerivceImpl.class 11KB
DcInfoServiceImpl.class 10KB
AcContestQuestionSerivceImpl.class 10KB
CompetitionInfoServiceImpl.class 9KB
ProctorServiceImpl.class 9KB
QuestionBankController.class 9KB
QuestionAopImpl.class 9KB
OnlineJudgeServiceImpl.class 8KB
CoreServicxeImpl.class 8KB
BlogController.class 8KB
ProctorController.class 8KB
ProctorAopImpl.class 7KB
UserControllerAopImpl.class 7KB
QuestionCaseSerivceImpl.class 7KB
StudentServiceImpl.class 7KB
UserController.class 7KB
CompetitionInfoAopImpl.class 6KB
BlogAopImpl.class 6KB
SystemVerifyServiceImpl.class 6KB
CompetitionQuestionBankAopImpl.class 6KB
QuestionAnswerServiceImpl.class 6KB
TeamServiceImpl.class 6KB
AcContestQuestionAopImpl.class 6KB
AcContestQuestionController.class 5KB
ConTestController.class 5KB
SubmmitionCodeInContestAopImpl.class 5KB
TopArticleServiceImpl.class 5KB
QuestionCaseAopImpl.class 5KB
CompetitionQuestionBankController.class 5KB
QuestionDiscussServiceImpl.class 5KB
ConTestServiceAopImpl.class 5KB
CompetitionInfoController.class 5KB
SubmmitionCodeInContestController.class 4KB
CompetitionQuestionBankSerivceImpl.class 4KB
BlogrollController.class 4KB
StudentAopImpl.class 4KB
SystemServiceImpl.class 4KB
BlogMapper.class 4KB
FindAcCountEveryQuestionByContestIdAndStatusWebSocket.class 4KB
InitializerApplication.class 4KB
SubmmitionCodeInContestWebSocketController.class 4KB
BlogrollSerivceImpl.class 4KB
StudentController.class 4KB
QuestionCaseController.class 4KB
AcContestQuestionWebSocketController.class 3KB
AcContestQuestionMapper.class 3KB
CompetitionInfoWebSocketController.class 3KB
CodeInContestServiceImpl.class 3KB
InvigilatorServiceImpl.class 3KB
QueryCountByContestIdWebSocket.class 3KB
DCController.class 3KB
RedisSchedulingTask.class 3KB
QuestionDiscussController.class 3KB
TopArticleController.class 3KB
ProblemLimitServiceImpl.class 3KB
CompetitionInfoMapper.class 3KB
ContestAopImpl.class 3KB
DiscussImpl.class 3KB
SystemController.class 3KB
SubmmitionCodeInContestRepository.class 3KB
BlogService.class 3KB
QuestionAnswerController.class 2KB
QuestionBankMapper.class 2KB
QuestionBankService.class 2KB
TopArticleAopImpl.class 2KB
BlogRollAopImpl.class 2KB
ProblemLimitController.class 2KB
UserMapper.class 2KB
LanguageArticleTypeServiceImpl.class 2KB
OrgMemberController.class 2KB
UserService.class 2KB
LessonController.class 2KB
ConTestMapper.class 2KB
OnlineJudgeAopImpl.class 2KB
DCAopImpl.class 2KB
OrgMemberServiceImpl.class 2KB
MajorController.class 2KB
ProctorMapper.class 2KB
LessonServiceImpl.class 2KB
TransactionUtils.class 2KB
CompetitionInfoService.class 2KB
MajorServiceImpl.class 2KB
TeamController.class 2KB
OnlineJudgeController.class 2KB
QuestionCaseMapper.class 2KB
CollegeServiceImpl.class 2KB
AcContestQuestionSerivce.class 2KB
CoverageMapper.class 2KB
SystemTokenServiceImpl.class 2KB
CompetitionQuestionBankMapper.class 2KB
AttributeServiceImpl.class 1KB
UniverstyServiceImpl.class 1KB
TeamAopImpl.class 1KB
ContestSerivce.class 1KB
MessageConsumer.class 1KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
北航程序员小C
- 粉丝: 2222
- 资源: 1823
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功