diff --git a/Cargo.lock b/Cargo.lock index 2e96bf2..2d0b65a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1156,6 +1156,7 @@ dependencies = [ "caps", "nix", "once_cell", + "rustc_version", "uzers", ] @@ -1165,6 +1166,15 @@ version = "0.1.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + [[package]] name = "rustix" version = "0.38.32" @@ -1196,6 +1206,12 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "semver" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" + [[package]] name = "serde" version = "1.0.197" diff --git a/crates/rsjudge-runner/Cargo.toml b/crates/rsjudge-runner/Cargo.toml index a99f0b5..7f52d26 100644 --- a/crates/rsjudge-runner/Cargo.toml +++ b/crates/rsjudge-runner/Cargo.toml @@ -13,3 +13,6 @@ caps = "0.5.5" nix = { version = "0.28.0", features = ["user"] } once_cell = "1.19.0" uzers = "0.11.3" + +[build-dependencies] +rustc_version = "0.4.0" diff --git a/crates/rsjudge-runner/src/lib.rs b/crates/rsjudge-runner/src/lib.rs index 9a50c91..b92c4b9 100644 --- a/crates/rsjudge-runner/src/lib.rs +++ b/crates/rsjudge-runner/src/lib.rs @@ -15,23 +15,38 @@ impl RunAs for Command { self.uid(uid).gid(gid); - let groups: Vec<_> = user - .groups() - .unwrap_or_default() - .into_iter() - .map(|g| Gid::from_raw(g.gid())) - .collect(); - // SAFETY: `group` is moved into the closure, // and no longer accessible outside it. // // Replace with `CommandExt::groups` once it's stable. - unsafe { - self.pre_exec(move || { - setgroups(&groups)?; - Ok(()) - }) - }; + #[cfg(not(setgroups))] + { + let groups: Vec<_> = user + .groups() + .unwrap_or_default() + .into_iter() + .map(|g| Gid::from_raw(g.gid())) + .collect(); + unsafe { + self.pre_exec(move || { + setgroups(&groups)?; + Ok(()) + }) + }; + } + + #[cfg(setgroups)] + { + let groups: Vec<_> = user + .groups() + .unwrap_or_default() + .into_iter() + .map(|g| g.gid()) + .collect(); + + self.groups(groups); + } + self } }