diff options
| author | 2020-02-05 12:20:54 -0800 | |
|---|---|---|
| committer | 2020-02-05 12:20:54 -0800 | |
| commit | 504a6b9af1bafe87ea093f235562fb8af55ea406 (patch) | |
| tree | 4a8ccf9f7be27b110bea9558030e402aea43c9b0 /scripts | |
| parent | Update CODEOWNERS (diff) | |
| parent | Merge branch 'master' into proper-chroot (diff) | |
Merge pull request #55 from python-discord/proper-chroot
Configure a proper chroot jail for NsJail
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/.profile | 20 | ||||
| -rwxr-xr-x | scripts/dev.sh | 1 | 
2 files changed, 3 insertions, 18 deletions
| diff --git a/scripts/.profile b/scripts/.profile index daaf1dd..73fbb28 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -15,23 +15,7 @@ nsjpy() {      echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.memsw.limit_in_bytes      nsjail \ -        -Mo \ -        --rlimit_as 700 \ -        --chroot / \ -        -E LANG=en_US.UTF-8 \ -        -E OMP_NUM_THREADS=1 \ -        -E OPENBLAS_NUM_THREADS=1 \ -        -E MKL_NUM_THREADS=1 \ -        -E VECLIB_MAXIMUM_THREADS=1 \ -        -E NUMEXPR_NUM_THREADS=1 \ -        -R/usr -R/lib -R/lib64 \ -        --user 65534 \ -        --group 65534 \ -        --time_limit 2 \ -        --disable_proc \ -        --iface_no_lo \ -        --cgroup_pids_max=1 \ -        --cgroup_mem_max="${MEM_MAX}" \ +        --config "${NSJAIL_CFG:-/snekbox/snekbox.cfg}" \          $nsj_args -- \ -        /snekbox/.venv/bin/python3 -Iq -c "$@" +        /snekbox/.venv/bin/python3 -Iqu -c "$@"  } diff --git a/scripts/dev.sh b/scripts/dev.sh index 6aeb1de..0275651 100755 --- a/scripts/dev.sh +++ b/scripts/dev.sh @@ -40,6 +40,7 @@ docker run \      --privileged \      --network host \      --hostname pdsnk-dev \ +    --ipc="none" \      -e PYTHONDONTWRITEBYTECODE=1 \      -e PIPENV_PIPFILE="/snekbox/Pipfile" \      -e BASH_ENV="${PWD}/scripts/.profile" \ | 
