diff options
| -rw-r--r-- | snekbox/nsjail.py | 8 | 
1 files changed, 7 insertions, 1 deletions
| diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index d5659e5..3d88336 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -83,11 +83,17 @@ class NsJail:          mem.mkdir(parents=True, exist_ok=True)          # Swap limit cannot be set to a value lower than memory.limit_in_bytes. -        # Therefore, this must be set first. +        # Therefore, this must be set before the swap limit. +        # +        # Since child cgroups are dynamically created, the swap limit has to be set on the parent +        # instead so that children inherit it. Given the swap's dependency on the memory limit, +        # the memory limit must also be set on the parent. NsJail only sets the memory limit for +        # child cgroups, not the parent.          (mem / "memory.limit_in_bytes").write_text(mem_max, encoding="utf-8")          try:              # Swap limit is specified as the sum of the memory and swap limits. +            # Therefore, setting it equal to the memory limit effectively disables swapping.              (mem / "memory.memsw.limit_in_bytes").write_text(mem_max, encoding="utf-8")          except PermissionError:              log.warning( | 
