From b4c384ca0035aa6e52c67b6b57a15068ba037949 Mon Sep 17 00:00:00 2001
From: Martin Krulis <krulis@ksi.mff.cuni.cz>
Date: Fri, 28 Aug 2020 22:04:46 +0200
Subject: [PATCH] Allowing initiation external tasks to use network (to
 download stuff).

---
 recodex-worker.spec             | 4 ++--
 src/sandbox/isolate_sandbox.cpp | 5 ++++-
 src/tasks/external_task.cpp     | 8 +++++++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/recodex-worker.spec b/recodex-worker.spec
index 053b5a99..41e8a9fe 100644
--- a/recodex-worker.spec
+++ b/recodex-worker.spec
@@ -1,8 +1,8 @@
 %define name recodex-worker
 %define short_name worker
 %define version 1.6.5
-%define unmangled_version 7c6d02cb9c89bc57e9b8be21f34ba6aff405b965
-%define release 2
+%define unmangled_version 26e4021a8a3afdd51cee8e1ff68d3b95dd1de03a
+%define release 3
 
 %define spdlog_name spdlog
 %define spdlog_version 0.13.0
diff --git a/src/sandbox/isolate_sandbox.cpp b/src/sandbox/isolate_sandbox.cpp
index f18cd01f..1aee137a 100644
--- a/src/sandbox/isolate_sandbox.cpp
+++ b/src/sandbox/isolate_sandbox.cpp
@@ -332,7 +332,10 @@ char **isolate_sandbox::isolate_run_args(const std::string &binary, const std::v
 	} else {
 		vargs.push_back("--processes=" + std::to_string(limits_.processes));
 	}
-	if (limits_.share_net) { vargs.push_back("--share-net"); }
+	if (limits_.share_net) {
+		vargs.push_back("--share-net");
+		vargs.push_back("--dir=/etc"); // shared network requires /etc to work properly
+	}
 	for (auto &i : limits_.environ_vars) { vargs.push_back("--env=" + i.first + "=" + i.second); }
 	for (auto &i : limits_.bound_dirs) {
 		std::string mode = "";
diff --git a/src/tasks/external_task.cpp b/src/tasks/external_task.cpp
index c7cf4068..e9ae44df 100644
--- a/src/tasks/external_task.cpp
+++ b/src/tasks/external_task.cpp
@@ -4,6 +4,8 @@
 #include "helpers/filesystem.h"
 #include <fstream>
 #include <algorithm>
+#include <memory>
+#include <string>
 #define BOOST_FILESYSTEM_NO_DEPRECATED
 #define BOOST_NO_CXX11_SCOPED_ENUMS
 #include <boost/filesystem.hpp>
@@ -47,8 +49,12 @@ void external_task::sandbox_init()
 {
 #ifndef _WIN32
 	if (task_meta_->sandbox->name == "isolate") {
+		sandbox_limits limits(*limits_);
+		if (this->get_type() == task_type::INITIATION) {
+			limits.share_net = true; // initiation (compilation) tasks may use internet to download stuff
+		}
 		sandbox_ = std::make_shared<isolate_sandbox>(
-			sandbox_config_, *limits_, worker_config_->get_worker_id(), temp_dir_, evaluation_dir_.string(), logger_);
+			sandbox_config_, limits, worker_config_->get_worker_id(), temp_dir_, evaluation_dir_.string(), logger_);
 	}
 #endif
 }