executors: fixup executors for landlock

Under landlock, since /proc is not accessible in a subprocess, SCALA calls `mincore`. We allow this in order for it to pass.

Also, since `execve` is checked under landlock, we need to add `/bin` to the list of readable directories.

Author: Riolku

dmoj/executors/RUST.py

@@ -1,7 +1,8 @@
 import fcntl
 import os
+from typing import List
 
-from dmoj.cptbox.filesystem_policies import ExactFile, RecursiveDir
+from dmoj.cptbox.filesystem_policies import ExactFile, FilesystemAccessRule, RecursiveDir
 from dmoj.executors.compiled_executor import CompiledExecutor
 
 CARGO_TOML = b"""\
@@ -86,6 +87,12 @@ def get_shared_target(self):
                 # We intentionally don't clean this directory up at any point, since we can re-use it.
                 return self.shared_target
 
+    def get_fs(self) -> List[FilesystemAccessRule]:
+        assert self._executable is not None
+        # Under landlock we need this for execve to work.
+        # We use `self._executable` because it is copied when caching executors, but other properties are not.
+        return super().get_fs() + [ExactFile(self._executable)]
+
     def cleanup(self) -> None:
         super().cleanup()
         if self.shared_target is not None:

dmoj/executors/SCALA.py

@@ -20,6 +20,7 @@ class Executor(JavaExecutor):
         ExactFile('/bin/bash'),
         RecursiveDir('/etc/alternatives'),
     ]
+    compiler_syscalls = ['mincore']
     vm = 'scala_vm'
 
     test_program = """\

dmoj/executors/base_executor.py

@@ -33,6 +33,7 @@
     ExactFile('/dev/urandom'),
     ExactFile('/dev/random'),
     *USR_DIR,
+    RecursiveDir('/bin'),  # required under landlock when /bin is not a symlink, since we check execve.
     RecursiveDir('/lib'),
     RecursiveDir('/lib32'),
     RecursiveDir('/lib64'),