Comments (11)
seirl
commented on July 3, 2024
If we use the first solution, I also need to know how to signal that the fail was because a box already existed. A different exit code? Or just exit(1) and require the user to parse the output message themself to know that they need to retry?
from isolate.
gollux
commented on July 3, 2024
Hello!
So far, we did not think of isolate as a front-end for regular users,
but more as a back-end for another service, which provides high-level
program testing services to users. In such cases, allocation of box IDs
is naturally handled by the high-level service as is waiting for free
ID to be available (you usually do not want the number of sandboxes
executed simultaneously to exceed the number of logical CPUs).
Could you please describe your situation in more detail?
from isolate.
hermanzdosilovic
commented on July 3, 2024
I agree with @gollux, isolate should not care about how you use it's boxes. @seirl you said about "proper" way of handling race condition
The "proper" way to do that is to list the directories in /var/lib/isolate/ and to --init with an available ID. But between the time you check that an ID is available and the time you call --init, another program might have done a --init for the same ID and you get the same cgroup and sandbox for both.
I don't think this is "proper" way, because problem you have lies inside your solution of handling race conditions. You should change your solution and not isolate. 😄
As an example please take a look at Judge0 API. REST API that directly uses isolate to run untrusted programs. There, this race problem is solved by building Submission model which is stored in the database. It's unique ID inside database is used as box ID.
from isolate.
seirl
commented on July 3, 2024
All of what you are describing is already what we are doing.
The problem is when someone decides to run two instances of our program, for instance a server that handles the requests (like what judge0 is doing) is already running, and then someone else decides to run the unit tests on the same machine.
I'm pretty sure running Judge0 alongside with an isolate testsuite will cause the same problem, they just ignore the problem completely from what I've seen.
from isolate.
hermanzdosilovic
commented on July 3, 2024
I now better understand what your problem is, but I still believe that isolate should not be the one fixing it. Isolate provides simple interface for running untrusted code on your server/machine. If you have concurrency problems when creating isolate boxes, then you should create another layer of abstraction above isolate which solves your problem. So you could create a program which has the same interface as isolate (or at least similar) which solves your concurrency problem, and this program should use isolate "under the hood".
"Quick" fix for you problem could be one of the following:
- Run tests on another server, not production server
- On your server compile two isolates. Production isolate which uses default box_root, and the other which uses some other box_root. See default.cf. Then use production isolate for production server, and this other isolate for test environment.
- Wrap your application inside Docker
Also worth mentioning. Yes, Judge0 API has the same problem if you install it on your server in the "old school way". But main power of it is its mobility from machine to machine. And that is achieved with Docker. So every instance of Judge0 is run inside Docker container which has its own isolate.
from isolate.
seirl
commented on July 3, 2024
While what you're saying makes sense, I think this is the only issue that prevents different programs from using isolate at the same time, and it's pretty minor so it could be easily changed.
Adding a --require-empty option is trivial and has some real value even for single programs, as it might also help find problems where you reuse a box ID that has not been properly --cleanup'd. For instance, if you forgot to --cleanup the lingering box IDs you're using when you start your frontend after a server hard reset, it might be nice to have that extra check that tells you "hey, you're trying to --init something that already exists, are you sure you want to do that?" and it would pretty much solve the RC problem for testsuites etc.
Are you really opposed to making that small change?
from isolate.
gollux
commented on July 3, 2024
Are you really opposed to making that small change?
I understand that people sometimes initialize a box with leftover files by
mistake. If we want to help them avoid that trap, then the right solution is
not to add a special option, but to to make --init fail in all such cases.
Or perhaps to make --init do an implicit --cleanup.
Also, this would not solve the race conditions this thread started with...
there would still be a small time window between checking that the directory
is empty and populating it, when another instance of isolate can step in.
Having a real allocator of box IDs (either as a part of isolate or as
a stand-alone program) would help, but so far I have an impression that
automatic allocation of box IDs is far from trivial: in most cases, you want
to avoid running more boxes simultaneously; also, you might to pin boxes to
specific CPUs to improve consistency of results. So the supply of available
boxes is usually very limited and the allocation requests would often fail.
I will think about it a little bit more...
from isolate.
seirl
commented on July 3, 2024
2017-03-07 17:20 GMT+01:00 Martin Mareš <[email protected]>:
> Are you really opposed to making that small change?
I understand that people sometimes initialize a box with leftover files by
mistake. If we want to help them avoid that trap, then the right solution is
not to add a special option, but to to make --init fail in all such cases.
That would work for me, yes.
Or perhaps to make --init do an implicit --cleanup.
I don't like this one at all, there might be important things inside
and it's not even guaranteed that the --cleanup will succeed. For
instance, if the sandbox crashes, it won't restore the permissions
because it requires a manual investigation when that happens.
I think having --init failing when the directory isn't empty is the
best way to go.
Also, this would not solve the race conditions this thread started with...
there would still be a small time window between checking that the directory
is empty and populating it, when another instance of isolate can step in.
If the check is only "the directory should not already exist", then we
can do it on mkdir() which is atomic, and it solves the problem.
Having a real allocator of box IDs (either as a part of isolate or as
a stand-alone program) would help, but so far I have an impression that
automatic allocation of box IDs is far from trivial: in most cases, you want
to avoid running more boxes simultaneously; also, you might to pin boxes to
specific CPUs to improve consistency of results. So the supply of available
boxes is usually very limited and the allocation requests would often fail.
Yes, I am now convinced that having an allocator of IDs as part of
isolate is a bad idea and that it should be the responsibility of the
caller.
…--
Antoine Pietri
from isolate.
seirl
commented on July 3, 2024
Added pull request #27 as a followup to @gollux 's first suggestion.
from isolate.
niemela
commented on July 3, 2024
I think having --init failing when the directory isn't empty is the
best way to go.
+1
Silently "fixing" the error when assumptions seems to have been broken feels scary. Much better to fail early and controlled.
from isolate.
seirl
commented on July 3, 2024
I also realized that another advantage of that PR is that it will ensure people check the exit code of their --cleanup call instead of assuming that it always work :-)
For instance, if the cgroup has not been deleted for some reason you really don't want to run something in the same box again, or else you might reuse that box.
It also forces you to cleanup everything when you start your frontend instead of assuming the directory is empty.
from isolate.
Related Issues (20)
- cg2 version fails if memory.swap.max does not exist HOT 7
- I also encountered the same issue. This worked for me:
- Getting Resource temporarily unavailable error while compiling C program HOT 3
- Is this possible? HOT 13
- cg2: `cf_cg_root` points to junk after `clone()` on Fedora HOT 2
- Unable to access internet inside isolate box even after using --share-net HOT 4
- "No such file or directory" issue when trying to run C# program using Dotnet HOT 7
- Memory corruption bug in cg_init HOT 2
- C# program failed to compile using mcs - error CS2001: Source file `Main.cs' could not be found HOT 1
- make install exited with error code 1. HOT 1
- Error Running isolate in Ubuntu:22.04 with Systemd HOT 10
- Support for Docker HOT 12
- Error using isolate HOT 15
- Assertion Failure Issue HOT 4
- --as-uid and --as-gid seem to be not usable in Docker container HOT 3
- Cannot set disk quota: No such process HOT 1
- chown: cannot access /var/local/lib/isolate/XX/box': No such file or directory HOT 6
- CPU time (--time) consumed in subsequent runs in the same box with cg (cgroup2) enabled HOT 9
- Limitation on number of sandboxes HOT 1
- [Query] Isolate Mac OS setup HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from isolate.