diff options
| -rw-r--r-- | config/snekbox.cfg | 11 | ||||
| -rw-r--r-- | snekbox/nsjail.py | 9 |
2 files changed, 6 insertions, 14 deletions
diff --git a/config/snekbox.cfg b/config/snekbox.cfg index 16810d6..f4f86b8 100644 --- a/config/snekbox.cfg +++ b/config/snekbox.cfg @@ -3,7 +3,7 @@ description: "Execute Python" mode: ONCE hostname: "snekbox" -cwd: "/snekbox" +cwd: "/home" time_limit: 6 @@ -16,10 +16,12 @@ envar: "VECLIB_MAXIMUM_THREADS=5" envar: "NUMEXPR_NUM_THREADS=5" envar: "PYTHONPATH=/snekbox/user_base/lib/python3.11/site-packages" envar: "PYTHONIOENCODING=utf-8:strict" +envar: "HOME=home" keep_caps: false rlimit_as: 700 +rlimit_fsize: 0 clone_newnet: true clone_newuser: true @@ -56,13 +58,6 @@ mount { } mount { - src: "/lib64" - dst: "/lib64" - is_bind: true - rw: false -} - -mount { src: "/snekbox" dst: "/snekbox" is_bind: true diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index 4e9cf4d..006ff98 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -182,15 +182,12 @@ class NsJail: with NamedTemporaryFile() as nsj_log, MemFS(self.memfs_instance_size) as fs: # Add the temp dir to be mounted as cwd nsjail_args = ( + # Set fslimit to unlimited, cannot be set in cfg + # due to upstream protobuf parsing issue + "--rlimit_fsize=inf", # Mount `home` with Read/Write access "--bindmount", f"{fs.home}:home", - # Set cwd to temp dir - "--cwd", - "home", - # Some packages rely on the HOME env variable - "--env", - "HOME=home", *nsjail_args, ) |