Add NsJail alias and switch to ash

author: MarkKoz <[email protected]> 2019-06-06 12:45:46 -0700
committer: MarkKoz <[email protected]> 2019-06-22 13:36:35 -0700
commit: 0e89850f273cce3c522133e8c38587c673bb26d3 (patch)
tree: d2d19252ca1ff4d9caf965ce21a0f6a8545d2b89 /docker
parent: Add support for development to Docker images (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/docker/.profile b/docker/.profile
new file mode 100644
index 0000000..415e4f6
--- /dev/null
+++ b/docker/.profile
@@ -0,0 +1,25 @@
+nsjpy() {
+    local nsj_args=""
+    while [ "$#" -gt 1 ]; do
+        nsj_args="${nsj_args:+${nsj_args} }$1"
+        shift
+    done
+
+    mkdir -p /sys/fs/cgroup/pids/NSJAIL
+    mkdir -p /sys/fs/cgroup/memory/NSJAIL
+    nsjail \
+        -Mo \
+        --rlimit_as 700 \
+        --chroot / \
+        -E LANG=en_US.UTF-8 \
+        -R/usr -R/lib -R/lib64 \
+        --user nobody \
+        --group nogroup \
+        --time_limit 2 \
+        --disable_proc \
+        --iface_no_lo \
+        --cgroup_pids_max=1 \
+        --cgroup_mem_max=52428800 \
+        $nsj_args -- \
+        /snekbox/.venv/bin/python3 -Iq -c "$@"
+}
author	MarkKoz <[email protected]>	2019-06-06 12:45:46 -0700
committer	MarkKoz <[email protected]>	2019-06-22 13:36:35 -0700
commit	0e89850f273cce3c522133e8c38587c673bb26d3 (patch)
tree	d2d19252ca1ff4d9caf965ce21a0f6a8545d2b89 /docker
parent	Add support for development to Docker images (diff)