update docs

4 files changed, 115 insertions, 80 deletions

diff --git a/Pipfile b/Pipfile
index 9d8abf7..1560ed3 100644
--- a/Pipfile
+++ b/Pipfile
@@ -5,9 +5,9 @@ name = "pypi"
 
 [packages]
 pika = "*"
+docker = "*"
 
 [dev-packages]
-docker = "*"
 flask = "*"
 flask-sockets = "*"
 gevent = "==1.2.2"
diff --git a/Pipfile.lock b/Pipfile.lock
index 70f7e24..9edba21 100644
--- a/Pipfile.lock
+++ b/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "56429edc3ce0dd8b29d5c50fa05e864d0a26ba9c3cc844945b116f8c52310801"
+            "sha256": "db284676e7f7232ab8e2f8dbda2319fcb62fe648209c2ff8db78c6db058b7d1e"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -16,6 +16,42 @@
         ]
     },
     "default": {
+        "certifi": {
+            "hashes": [
+                "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
+                "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
+            ],
+            "version": "==2018.4.16"
+        },
+        "chardet": {
+            "hashes": [
+                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
+                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
+            ],
+            "version": "==3.0.4"
+        },
+        "docker": {
+            "hashes": [
+                "sha256:43b45b92bed372161a5d4f3c7137e16b30d93845e99a00bc727938e52850694e",
+                "sha256:dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a"
+            ],
+            "index": "pypi",
+            "version": "==3.3.0"
+        },
+        "docker-pycreds": {
+            "hashes": [
+                "sha256:764a7ea2f6484bc5de5bf0c060f08b41a1118cf1acb987626b3ff45f3cc40dac",
+                "sha256:e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d"
+            ],
+            "version": "==0.2.3"
+        },
+        "idna": {
+            "hashes": [
+                "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
+                "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
+            ],
+            "version": "==2.6"
+        },
         "pika": {
             "hashes": [
                 "sha256:15f485eb68ec56b5a2673c01d518d16f7c371809ca42c72a2da42d4d8190fa4f",
@@ -23,6 +59,34 @@
             ],
             "index": "pypi",
             "version": "==0.11.2"
+        },
+        "requests": {
+            "hashes": [
+                "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
+                "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
+            ],
+            "version": "==2.18.4"
+        },
+        "six": {
+            "hashes": [
+                "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
+                "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"
+            ],
+            "version": "==1.11.0"
+        },
+        "urllib3": {
+            "hashes": [
+                "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
+                "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
+            ],
+            "version": "==1.22"
+        },
+        "websocket-client": {
+            "hashes": [
+                "sha256:18f1170e6a1b5463986739d9fd45c4308b0d025c1b2f9b88788d8f69e8a5eb4a",
+                "sha256:db70953ae4a064698b27ae56dcad84d0ee68b7b43cb40940f537738f38f510c1"
+            ],
+            "version": "==0.48.0"
         }
     },
     "develop": {
@@ -40,20 +104,6 @@
             ],
             "version": "==18.1.0"
         },
-        "certifi": {
-            "hashes": [
-                "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
-                "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
-            ],
-            "version": "==2018.4.16"
-        },
-        "chardet": {
-            "hashes": [
-                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
-                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
-            ],
-            "version": "==3.0.4"
-        },
         "click": {
             "hashes": [
                 "sha256:29f99fc6125fbc931b758dc053b3114e55c77a6e4c6c3a2674a2dc986016381d",
@@ -102,21 +152,6 @@
             ],
             "version": "==4.5.1"
         },
-        "docker": {
-            "hashes": [
-                "sha256:43b45b92bed372161a5d4f3c7137e16b30d93845e99a00bc727938e52850694e",
-                "sha256:dc5cc0971a0d36fe94c5ce89bd4adb6c892713500af7b0818708229c3199911a"
-            ],
-            "index": "pypi",
-            "version": "==3.3.0"
-        },
-        "docker-pycreds": {
-            "hashes": [
-                "sha256:764a7ea2f6484bc5de5bf0c060f08b41a1118cf1acb987626b3ff45f3cc40dac",
-                "sha256:e3732a03610a00461a716997670c7010bf1c214a3edc440f7d6a2a3a830ecd9d"
-            ],
-            "version": "==0.2.3"
-        },
         "flake8": {
             "hashes": [
                 "sha256:7253265f7abd8b313e3892944044a365e3f4ac3fcdcfb4298f55ee9ddf188ba0",
@@ -214,13 +249,6 @@
             "index": "pypi",
             "version": "==19.8.1"
         },
-        "idna": {
-            "hashes": [
-                "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
-                "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
-            ],
-            "version": "==2.6"
-        },
         "itsdangerous": {
             "hashes": [
                 "sha256:cbb3fcf8d3e33df861709ecaf89d9e6629cff0a217bc2848f1b41cd30d360519"
@@ -307,13 +335,6 @@
             "index": "pypi",
             "version": "==0.3.2"
         },
-        "requests": {
-            "hashes": [
-                "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
-                "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
-            ],
-            "version": "==2.18.4"
-        },
         "six": {
             "hashes": [
                 "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9",
@@ -321,20 +342,6 @@
             ],
             "version": "==1.11.0"
         },
-        "urllib3": {
-            "hashes": [
-                "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
-                "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
-            ],
-            "version": "==1.22"
-        },
-        "websocket-client": {
-            "hashes": [
-                "sha256:18f1170e6a1b5463986739d9fd45c4308b0d025c1b2f9b88788d8f69e8a5eb4a",
-                "sha256:db70953ae4a064698b27ae56dcad84d0ee68b7b43cb40940f537738f38f510c1"
-            ],
-            "version": "==0.48.0"
-        },
         "werkzeug": {
             "hashes": [
                 "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c",
diff --git a/README.md b/README.md
index d4a9812..45fa887 100644
--- a/README.md
+++ b/README.md
@@ -33,7 +33,9 @@ result <- |             |<----------|            |<--------|           | <------
 | pipenv         | 2018.05.18           |
 | docker         | 18.03.1-ce           |
 | docker-compose | 1.21.2               |
+| nsjail         | 2.5                  |
 
+_________________________________________
 ## Setup local test
 
 install python packages
@@ -43,10 +45,40 @@ apt-get install -y libprotobuf-dev #needed by nsjail
 pipenv sync --dev
 ```
 
+## NSJail
+
+Copy the appropriate binary to an appropriate path
+
+```bash
+cp binaries/nsjail2.6-ubuntu-x86_64 /usr/bin/nsjail
+chmod +x /usr/bin/nsjail
+```
+
+give nsjail a test run
+
+```bash
+nsjail -Mo \
+--rlimit_as 700 \
+--chroot / \
+-E LANG=en_US.UTF-8 \
+-R/usr -R/lib -R/lib64 \
+--user nobody \
+--group nogroup \
+--time_limit 2 \
+--disable_proc \
+--iface_no_lo \
+--quiet -- \
+python3.6 -ISq -c "print('test')"
+```
+
+> if it fails, try without the `--cgroup_pids_max=1`
+
+## Development environment
+
 Start a rabbitmq instance and get the container IP
 
 ```bash
-docker run -d --name rmq -p 15672:15672 -e RABBITMQ_DEFAULT_USER=guest -e RABBITMQ_DEFAULT_PASS=guest pythondiscord/rmq:latest
+docker-compose up -d pdrmq
 docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' rmq
 # expected output with default setting: 172.17.0.2
 # If not, change the config.py file to match
@@ -57,26 +89,31 @@ rabbitmq webinterface: `http://localhost:15672`
 start the webserver
 
 ```bash
-docker run --name snekboxweb --network=host -d pythondiscord/snekboxweb:latest
+docker-compose up -d pdsnekboxweb
 netstat -plnt
 # tcp    0.0.0.0:5000    LISTEN
 ```
 
-use two terminals!
+`http://localhost:5000`
 
 ```bash
-#terminal 1
-pipenv run python snekbox.py
-
-#terminal 2
-pipenv run python snekweb.py
+pipenv run snekbox # for debugging
+# or
+docker-compose up pdsnekbox # for running the container
 ```
 
-`http://localhost:5000`
+________________________________________
+## Unit testing and lint
+
+Make sure rabbitmq is running before running tests
 
-_________________________________
+```bash
+pipenv run lint
+pipenv run test
+```
 
-# Build the containers
+________________________________________
+## Build the containers
 
 ```bash
 # Build
@@ -88,14 +125,4 @@ pipenv run pushbox
 pipenv run pushweb
 ```
 
-## Docker compose
-
-Start all the containers with docker-compose
 
-```bash
-docker-compose up
-```
-
-this boots up rabbitmq, the snekbox and a webinterface on port 5000
-
-`http://localhost:5000`
diff --git a/snekbox.py b/snekbox.py
index 63131b1..60bd06d 100644
--- a/snekbox.py
+++ b/snekbox.py
@@ -37,6 +37,7 @@ class Snekbox(object):
                 '--time_limit', '2',
                 '--disable_proc',
                 '--iface_no_lo',
+                # '--cgroup_pids_max=1',  # This doesn't work :(
                 '--quiet', '--',
                 self.python_binary, '-ISq', '-c', cmd]