diff options
| author |  MarkKoz <[email protected]> | 2019-06-06 12:45:46 -0700 |
|---|---|---|
| committer | MarkKoz <[email protected]> | 2019-06-22 13:36:35 -0700 |
| commit | 0e89850f273cce3c522133e8c38587c673bb26d3 (patch) | |
| tree | d2d19252ca1ff4d9caf965ce21a0f6a8545d2b89 | |
| parent | Add support for development to Docker images (diff) | |
Add NsJail alias and switch to ash
| -rw-r--r-- | .dockerignore | 1 | ||||
| -rw-r--r-- | Pipfile | 3 | ||||
| -rw-r--r-- | docker/.profile | 25 |
3 files changed, 28 insertions, 1 deletions
diff --git a/.dockerignore b/.dockerignore index 7dc3fed..afc786a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,6 +2,7 @@ * # Make exceptions for what's needed +!docker/.profile !snekbox !tests !Pipfile @@ -56,9 +56,10 @@ devsh = """ --network host \ -h pdsnk-dev \ -e PIPENV_PIPFILE="/snekbox/Pipfile" \ + -e ENV="/snekbox-local/docker/.profile" \ -v "$(pwd)":/snekbox-local \ -w "/snekbox-local" \ - --entrypoint /bin/sh \ + --entrypoint /bin/ash \ pythondiscord/snekbox-venv:dev ' """ diff --git a/docker/.profile b/docker/.profile new file mode 100644 index 0000000..415e4f6 --- /dev/null +++ b/docker/.profile @@ -0,0 +1,25 @@ +nsjpy() { + local nsj_args="" + while [ "$#" -gt 1 ]; do + nsj_args="${nsj_args:+${nsj_args} }$1" + shift + done + + mkdir -p /sys/fs/cgroup/pids/NSJAIL + mkdir -p /sys/fs/cgroup/memory/NSJAIL + nsjail \ + -Mo \ + --rlimit_as 700 \ + --chroot / \ + -E LANG=en_US.UTF-8 \ + -R/usr -R/lib -R/lib64 \ + --user nobody \ + --group nogroup \ + --time_limit 2 \ + --disable_proc \ + --iface_no_lo \ + --cgroup_pids_max=1 \ + --cgroup_mem_max=52428800 \ + $nsj_args -- \ + /snekbox/.venv/bin/python3 -Iq -c "$@" +} |