Reduce PID limits for test_forkbomb_resource_unavailable

This test case was being caught and nsjail was killing it, but not
because of PID exhaustion but memory exhaustion.

To ensure PID exhaustion is guarded against the PID count is now reduced
to a level where nsjail will kill the process earlier before the memory limit.

1 files changed, 14 insertions, 4 deletions

diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py
index 85bee68..71f797c 100644
--- a/tests/test_nsjail.py
+++ b/tests/test_nsjail.py
@@ -213,6 +213,13 @@ class NsJailTests(unittest.TestCase):
         self.assertEqual(result.files[0].content, b"a")
 
     def test_forkbomb_resource_unavailable(self):
+        # Using the production max PIDs causes processes to be killed due to memory instead of
+        # PID allocation exhaustion. For this test case, the PID limit is reduced to ensure
+        # that PID exhaustion is still something that is guarded against.
+
+        previous_pids_max = self.nsjail.config.cgroup_pids_max
+        self.nsjail.config.cgroup_pids_max = 5
+
         code = dedent(
             """
             import os
@@ -221,10 +228,13 @@ class NsJailTests(unittest.TestCase):
             """
         ).strip()
 
-        result = self.eval_file(code)
-        self.assertEqual(result.returncode, 1)
-        self.assertIn("Resource temporarily unavailable", result.stdout)
-        self.assertEqual(result.stderr, None)
+        try:
+            result = self.eval_file(code)
+            self.assertEqual(result.returncode, 1)
+            self.assertIn("Resource temporarily unavailable", result.stdout)
+            self.assertEqual(result.stderr, None)
+        finally:
+            self.nsjail.config.cgroup_pids_max = previous_pids_max
 
     def test_file_parsing_timeout(self):
         code = dedent(