diff options
| author |  Mark <[email protected]> | 2021-03-16 13:25:46 -0700 |
|---|---|---|
| committer |  GitHub <[email protected]> | 2021-03-16 13:25:46 -0700 |
| commit | b4438bc09c7b296fd926f780b16aba64ea8c1331 (patch) | |
| tree | fa99e5abefe2190ff54f24d29b5505f61c048b65 | |
| parent | Remove the mixed line endings pre-commit hook because it is obsolete. (diff) | |
| parent | Update flooding test to expect code 143 (diff) | |
Merge PR #96 - nsjail SIGKILL to SIGTERM
| -rw-r--r-- | snekbox/nsjail.py | 19 | ||||
| -rw-r--r-- | tests/test_nsjail.py | 2 |
2 files changed, 5 insertions, 16 deletions
diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index c7087ad..814b46c 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -163,9 +163,10 @@ class NsJail: output.append(chars) if output_size > OUTPUT_MAX: - # Terminate the NsJail subprocess with SIGKILL. - log.info("Output exceeded the output limit, sending SIGKILL to NsJail.") - nsjail.kill() + # Terminate the NsJail subprocess with SIGTERM. + # This in turn reaps and kills children with SIGKILL. + log.info("Output exceeded the output limit, sending SIGTERM to NsJail.") + nsjail.terminate() break return "".join(output) @@ -223,18 +224,6 @@ class NsJail: log.info(f"nsjail return code: {returncode}") - # If we hit a cgroup limit then there is a chance the nsjail cgroups did not - # get removed. If we don't remove them then when we try remove the parents - # we will get a "Device or resource busy" error. - - children = [] - - children.extend(Path(self.config.cgroup_mem_mount, cgroup).glob("NSJAIL.*")) - children.extend(Path(self.config.cgroup_pids_mount, cgroup).glob("NSJAIL.*")) - - for child in children: - child.rmdir() - # Remove the dynamically created cgroups once we're done Path(self.config.cgroup_mem_mount, cgroup).rmdir() Path(self.config.cgroup_pids_mount, cgroup).rmdir() diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index c0e43b6..4d4676b 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -186,7 +186,7 @@ class NsJailTests(unittest.TestCase): """).strip() result = self.nsjail.python3(stdout_flood) - self.assertEqual(result.returncode, 137) + self.assertEqual(result.returncode, 143) def test_large_output_is_truncated(self): chunk = "a" * READ_CHUNK_SIZE |