Skip to content

Commit

Permalink
Use setpriv instead of runuser to avoid extra process
Browse files Browse the repository at this point in the history 
This prevents `runuser` from displaying the judge credentials to
everyone on the same machine.
  • Loading branch information
@quantum5 @Xyene
quantum5 authored and Xyene committed Sep 2, 2023
1 parent 7b033b9 commit 5b6643b
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions .docker/entry
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ cd /judge || exit
case "$1" in
run) command=(/env/bin/dmoj) ;;
cli) command=(/env/bin/dmoj-cli) ;;
test) command=(/env/bin/python3 -- -m dmoj.testsuite testsuite) ;;
test) command=(/env/bin/python3 -m dmoj.testsuite testsuite) ;;
*)
echo "Invalid command, must be one of [run, cli, test]" 1>&2
exit 1
;;
esac

shift
export HOME=~judge
. ~judge/.profile
exec runuser -u judge "${command[@]}" -- "$@"
exec setpriv --reuid judge --regid judge --clear-groups "${command[@]}" "$@"

0 comments on commit 5b6643b

Please sign in to comment.