nsjail workaround, fix forkbomb, add forkbomb unit test

author: Christopher Baklid <[email protected]> 2018-06-03 10:06:19 +0200
committer: Christopher Baklid <[email protected]> 2018-06-03 10:06:19 +0200
commit: 2a7fb7735831ce39f7cfb13fed47596a6ddb3259 (patch)
tree: f2cf6a641b13aaec3163e79c97db8d3b31e47e6f /README.md
parent: update docs (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/README.md b/README.md
index 45fa887..d0b565d 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,10 @@ chmod +x /usr/bin/nsjail
 give nsjail a test run
 
 ```bash
+# This is a workaround because nsjail can't create the directories automatically
+sudo mkdir -p /sys/fs/cgroup/pids/NSJAIL \
+  && mkdir -p /sys/fs/cgroup/memory/NSJAIL
+
 nsjail -Mo \
 --rlimit_as 700 \
 --chroot / \
@@ -67,11 +71,13 @@ nsjail -Mo \
 --time_limit 2 \
 --disable_proc \
 --iface_no_lo \
+--cgroup_pids_max=1 \
+--cgroup_mem_max=52428800 \
 --quiet -- \
 python3.6 -ISq -c "print('test')"
 ```
 
-> if it fails, try without the `--cgroup_pids_max=1`
+> if it fails, try without the `--cgroup_pids_max=1` and `--cgroup_mem_max=52428800`
 
 ## Development environment
author	Christopher Baklid <[email protected]>	2018-06-03 10:06:19 +0200
committer	Christopher Baklid <[email protected]>	2018-06-03 10:06:19 +0200
commit	2a7fb7735831ce39f7cfb13fed47596a6ddb3259 (patch)
tree	f2cf6a641b13aaec3163e79c97db8d3b31e47e6f /README.md
parent	update docs (diff)