Do not use stdio to communicate with the sandbox. (#402)

This allows setting stdin/out/err FDs from the parent, which is useful
to implement the Interactive task type.

Author: veluca93

src/sandbox.rs

@@ -1,6 +1,8 @@
-use std::io::{stdin, stdout};
+use std::env;
+use std::fs::File;
+use std::io::BufWriter;
 use std::path::{Path, PathBuf};
-use std::process::{Command, Stdio};
+use std::process::Command;
 use std::sync::atomic::{AtomicU32, Ordering};
 use std::sync::Arc;
 
@@ -10,32 +12,32 @@ use tabox::result::SandboxExecutionResult;
 use tabox::{Sandbox, SandboxImplementation};
 use task_maker_exec::find_tools::find_tools_path;
 use task_maker_exec::{RawSandboxResult, SandboxRunner};
+use tempfile::NamedTempFile;
 
-/// Actually parse the input and return the result.
-fn run_sandbox() -> Result<SandboxExecutionResult, Error> {
-    let config =
-        serde_json::from_reader(stdin()).context("Cannot read configuration from stdin")?;
+fn run_sandbox(config: &str) -> Result<SandboxExecutionResult, Error> {
+    let config = serde_json::from_str(config).context("Cannot parse configuration")?;
     let sandbox = SandboxImplementation::run(config).context("Failed to create sandbox")?;
     let res = sandbox.wait().context("Failed to wait sandbox")?;
     Ok(res)
 }
 
 /// Run the sandbox for an execution.
-///
-/// It takes a `SandboxConfiguration`, JSON serialized via standard input and prints to standard
-/// output a `RawSandboxResult`, JSON serialized.
 pub fn main_sandbox() {
-    match run_sandbox() {
-        Ok(res) => {
-            serde_json::to_writer(stdout(), &RawSandboxResult::Success(res))
-                .expect("Failed to print result");
-        }
+    let mut args = env::args().skip(2);
+    let configuration = args.next().unwrap();
+    let output_file = args.next().unwrap();
+    let result = match run_sandbox(&configuration) {
+        Ok(res) => RawSandboxResult::Success(res),
         Err(e) => {
             let err = format!("Error: {e:?}");
-            serde_json::to_writer(stdout(), &RawSandboxResult::Error(err))
-                .expect("Failed to print result");
+            RawSandboxResult::Error(err)
         }
-    }
+    };
+    let f = File::options()
+        .write(true)
+        .open(&output_file)
+        .expect("Failed to create output file");
+    serde_json::to_writer(BufWriter::new(f), &result).expect("Failed to print result");
 }
 
 /// Run the sandbox integrated in the task-maker-tools binary.
@@ -68,27 +70,19 @@ fn tools_sandbox_internal(
     config: SandboxConfiguration,
     pid: Arc<AtomicU32>,
 ) -> Result<RawSandboxResult, Error> {
+    let config = serde_json::to_string(&config).context("Failed to serialize config")?;
+    // TODO(veluca): it would be nice to write the result in the sandbox.
+    let outfile = NamedTempFile::new().context("Failed creating output tempfile")?;
     let mut cmd = Command::new(tools_path)
         .arg("internal-sandbox")
-        .stdin(Stdio::piped())
-        .stdout(Stdio::piped())
-        .stderr(Stdio::piped())
+        .arg(config)
+        .arg(outfile.path().as_os_str())
         .spawn()
         .context("Cannot spawn the sandbox")?;
     pid.store(cmd.id(), Ordering::SeqCst);
-    {
-        let stdin = cmd.stdin.as_mut().context("Failed to open stdin")?;
-        serde_json::to_writer(stdin, &config.build()).context("Failed to write config to stdin")?;
-    }
-    let output = cmd
-        .wait_with_output()
-        .context("Failed to wait for the process")?;
-    if !output.status.success() {
-        bail!(
-            "Sandbox process failed: {}\n{}",
-            output.status.to_string(),
-            String::from_utf8_lossy(&output.stderr)
-        );
+    let status = cmd.wait().context("Failed to wait for the process")?;
+    if !status.success() {
+        bail!("Sandbox process failed: {}", status.to_string());
     }
-    serde_json::from_slice(&output.stdout).context("Invalid output from sandbox")
+    serde_json::from_reader(outfile).context("Invalid output from sandbox")
 }

src/tools/main.rs

@@ -1,3 +1,5 @@
+use std::env;
+
 use clap::Parser;
 use task_maker_rust::error::NiceError;
 use task_maker_rust::tools::add_solution_checks::main_add_solution_checks;
@@ -19,6 +21,11 @@ use task_maker_rust::tools::terry_statement::main_terry_statement;
 use task_maker_rust::tools::worker::main_worker;
 
 fn main() {
+    // We run before any other initialization, to avoid polluting stderr.
+    if env::args().nth(1).as_deref() == Some("internal-sandbox") {
+        return task_maker_rust::sandbox::main_sandbox();
+    }
+
     rustls::crypto::ring::default_provider()
         .install_default()
         .expect("Failed to install rustls crypto provider");
@@ -43,7 +50,6 @@ fn main() {
         Tool::ExportSolutionChecks(opt) => main_export_solution_checks(opt),
         Tool::ExportBooklet(opt) => main_export_booklet(opt),
         Tool::EvalServer(opt) => main_eval_server(opt),
-        Tool::InternalSandbox => return task_maker_rust::main_sandbox(),
     }
     .nice_unwrap()
 }

src/tools/opt.rs

@@ -65,9 +65,4 @@ pub enum Tool {
     ExportBooklet(ExportBookletOpt),
     /// Start a web server for evaluating arbitrary code.
     EvalServer(EvalServerOpt),
-    /// Run the sandbox instead of the normal task-maker.
-    ///
-    /// This option is left as undocumented as it's not part of the public API.
-    #[clap(hide = true)]
-    InternalSandbox,
 }