Replace nsjpy alias with a Python script

The Python script uses the same underlying code Falcon uses to invoke
nsjail. It allows for the omission of redundant shell code that set up
cgroups and nsjail args.

This is also a step towards removing dependence on shell scripts and
thus resolving #73.

2 files changed, 1 insertions, 23 deletions

diff --git a/scripts/.profile b/scripts/.profile
deleted file mode 100644
index 11c8d78..0000000
--- a/scripts/.profile
+++ /dev/null
@@ -1,21 +0,0 @@
-nsjpy() {
-    local MEM_MAX=52428800
-
-    # All arguments except the last are considered to be for NsJail, not Python.
-    local nsj_args=""
-    while [ "$#" -gt 1 ]; do
-        nsj_args="${nsj_args:+${nsj_args} }$1"
-        shift
-    done
-
-    # Set up cgroups and disable memory swapping.
-    mkdir -p /sys/fs/cgroup/pids/NSJAIL
-    mkdir -p /sys/fs/cgroup/memory/NSJAIL
-    echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.limit_in_bytes
-    echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.memsw.limit_in_bytes
-
-    nsjail \
-        --config "${NSJAIL_CFG:-/snekbox/config/snekbox.cfg}" \
-        $nsj_args -- \
-        /usr/local/bin/python -Squ -c "$@"
-}
diff --git a/scripts/dev.sh b/scripts/dev.sh
index 3f94874..efbd93a 100755
--- a/scripts/dev.sh
+++ b/scripts/dev.sh
@@ -44,7 +44,6 @@ docker run \
     --ipc="none" \
     -e PYTHONDONTWRITEBYTECODE=1 \
     -e PIPENV_PIPFILE="/snekbox/Pipfile" \
-    -e BASH_ENV="${PWD}/scripts/.profile" \
     --volume "${PWD}":"${PWD}" \
     --workdir "${PWD}"\
     --entrypoint /bin/bash \
@@ -52,7 +51,7 @@ docker run \
     >/dev/null \
 
 # Execute the given command(s)
-docker exec -it snekbox_test /bin/bash --rcfile "${PWD}/scripts/.profile" "$@"
+docker exec -it snekbox_test /bin/bash "$@"
 
 # Fix ownership of coverage file
 # BusyBox doesn't support --reference for chown