aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--tests/test_nsjail.py18
1 files changed, 13 insertions, 5 deletions
diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py
index 71f797c..035c94c 100644
--- a/tests/test_nsjail.py
+++ b/tests/test_nsjail.py
@@ -213,12 +213,19 @@ class NsJailTests(unittest.TestCase):
self.assertEqual(result.files[0].content, b"a")
def test_forkbomb_resource_unavailable(self):
- # Using the production max PIDs causes processes to be killed due to memory instead of
- # PID allocation exhaustion. For this test case, the PID limit is reduced to ensure
- # that PID exhaustion is still something that is guarded against.
-
- previous_pids_max = self.nsjail.config.cgroup_pids_max
+ # Using the production max PIDs causes processes to be killed due to
+ # memory instead of PID allocation exhaustion.
+ #
+ # For this test, we disable the cgroup memory limit & lower the PID
+ # limit so that the only reason the test code should be killed is due to
+ # PID exhaustion.
+
+ previous_pids_max, previous_mem_max = (
+ self.nsjail.config.cgroup_pids_max,
+ self.nsjail.config.cgroup_mem_max,
+ )
self.nsjail.config.cgroup_pids_max = 5
+ self.nsjail.config.cgroup_mem_max = 0
code = dedent(
"""
@@ -235,6 +242,7 @@ class NsJailTests(unittest.TestCase):
self.assertEqual(result.stderr, None)
finally:
self.nsjail.config.cgroup_pids_max = previous_pids_max
+ self.nsjail.config.cgroup_mem_max = previous_mem_max
def test_file_parsing_timeout(self):
code = dedent(