aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* Correct file name in cgroupsv2cgroupsv2Gravatar Matteo Bertucci2021-12-07-10/+14
| | | | Cgroupsv2 renamed the limit file structure. This commit should fix that.
* Log cgroup version at startupGravatar Matteo Bertucci2021-12-07-2/+4
|
* Add the --use_cgroupv2 flag when relevantGravatar Matteo Bertucci2021-12-07-1/+18
| | | | According to https://github.com/google/nsjail/pull/119, the flag should be passed for NsJail to try to use cgroupv2. This commit will use the /sys/fs/cgroup structure to guess the installed version, and depending on the version add that flag.
* Merge pull request #120 from onerandomusername/patch-2Gravatar Joe Banks2021-12-02-1/+1
|\
| * update arrow to most recent versionGravatar aru2021-12-02-1/+1
|/
* Update deployment.yamlGravatar Joe Banks2021-11-11-0/+1
|
* Merge #117 - Bump To Python 3.10Gravatar Mark2021-10-11-129/+156
|\
| * Bumps Coverage VersionGravatar Hassan Abouelela2021-10-11-58/+39
| | | | | | | | Signed-off-by: Hassan Abouelela <[email protected]>
| * Updates Runtime Modules For 3.10Gravatar Hassan Abouelela2021-10-11-6/+4
| | | | | | | | Signed-off-by: Hassan Abouelela <[email protected]>
| * Bumps Python Version To 3.10Gravatar Hassan Abouelela2021-10-11-122/+170
|/ | | | Signed-off-by: Hassan Abouelela <[email protected]>
* Merge #112 - increase available PIDs to 5Gravatar Mark2021-07-17-7/+44
|\
| * test: add test_multiprocess_resource_limits to test memory limit sharingGravatar Joe Banks2021-07-17-0/+28
| | | | | | | | This test ensures that spawned child processes inherit the same resource group as the parent by spawning 2 child processes which each allocate a 40MB object, it then verifies that one of the child processes was killed with SIGKILL for violating the resource quota.
| * test: update pid limit tests to account for new increased limitGravatar Joe Banks2021-07-17-1/+10
| |
| * chore: increase 3rd party thread limit environment variablesGravatar Joe Banks2021-07-17-5/+5
| | | | | | | | We define a few environment variables to stop third party libraries trying to default to spawning more processes, with the PID limit modification we can increase these values.
| * feat: increased PID limitsGravatar Joe Banks2021-07-17-1/+1
|/ | | | Processes spawned in snekbox now have up to 5 PIDs available, each sharing the same memory limits and environment as the parent python process. As far as I could see in testing this does appear safe and processes behave as expected even when detatching from the parent or exceeding memory limits.
* add anyioGravatar Thomas Grainger2021-07-07-0/+1
|
* Merge pull request #110 from python-discord/env-deps/add-tzdataGravatar Joe Banks2021-06-19-0/+1
|\ | | | | Env deps: add tzdata
| * Env deps: add tzdataGravatar Matteo Bertucci2021-06-19-0/+1
|/ | | | | | | | Snekbox is lacking an IANA timezone database, this first-party `tzdata` package will provide them. It can be tested by running the following script: ```py import zoneinfo if len(zoneinfo.available_timezones()) == 0: print("The environment doesn't have a valid IANA database.") ```
* Bump urllib3 from 1.26.4 to 1.26.5Gravatar dependabot[bot]2021-06-01-33/+33
| | | | | | | | | | | | | | Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.4 to 1.26.5. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.4...1.26.5) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
* Merge #108 - allow custom arguments to be passed to evalGravatar Mark2021-05-19-7/+66
|\
| * chore: Use TestCase.subTestGravatar ToxicKidz2021-05-19-12/+12
| |
| * chore: Apply suggestions to improve documentationGravatar ToxicKidz2021-05-19-3/+5
| | | | | | | | Co-authored-by: Mark <[email protected]>
| * chore: Update the Nsjail.python3 docstring to use nsjail_argsGravatar ToxicKidz2021-05-19-1/+1
| |
| * Add a step to lint-test to show pre-commit logsGravatar ToxicKidz2021-05-18-1/+8
| |
| * chore: Fix some typosGravatar ToxicKidz2021-05-18-2/+2
| |
| * chore: Add tests for py_args and ns_jail argsGravatar ToxicKidz2021-05-18-1/+32
| |
| * chore: Improve documentation for arguments in /evalGravatar ToxicKidz2021-05-18-8/+16
| |
| * feat: Allow custom arguments to be passed to evalGravatar ToxicKidz2021-05-17-3/+14
|/
* Merge PR #100 - avoid decoding of invalid Unicode outputGravatar Mark2021-04-08-2/+28
|\ | | | | | | Use PYTHONIOENCODING to enable utf-8 stdout for the nsjail pipe, and handle the potential case where this is bypassable.
| * Clarify documentation of None return codeGravatar Mark2021-04-08-1/+1
| |
| * Note new return case in eval api fileGravatar Bast2021-04-08-1/+1
| |
| * Match new unicode eval tests and output to the format and functions of othersGravatar Bast2021-04-08-13/+9
| |
| * Use PYTHONIOENCODING to enable utf-8 stdout for the nsjail pipe, and handle ↵Gravatar Bast2021-04-06-1/+31
|/ | | | | | | | | | the potential case where this is bypassable Since snekbox does not run with a tty, stdout is technically raw bytes, and thus incomplete surrogate pairs can be printed without the client application erroring, and instead fail within _consume_stdout when we attempt to decode it to a str. This commit sets the PYTHONIOENCODING environment variable to inform python to open the pipe in utf-8 mode. However, clever use of execl and os.unsetenv() can unset this environment variable, so we add a safety check to _consume_stdout to fail out of parsing output if it contains invalid unicode. This should only happen in deliberate cases, or significant bugs in python or a c library where output is printed to stdout ignoring the python stdout encoding.
* Bump urllib3 from 1.26.3 to 1.26.4Gravatar dependabot[bot]2021-04-06-6/+6
| | | | | | | | Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.4. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.3...1.26.4) Signed-off-by: dependabot[bot] <[email protected]>
* Move from GHCR_TOKEN to GITHUB_TOKEN in Docker publish stageGravatar Joe Banks2021-04-05-1/+1
|
* Merge PR #98 - update policy documentsGravatar Mark2021-04-01-121/+8
|\
| * Update policy documentsGravatar Matteo Bertucci2021-04-01-121/+8
|/
* Remove binarytree packageGravatar Mark2021-03-23-1/+0
| | | | | It needs setuptools which requires --ignore-installed to be used. That causes all dependencies to be re-installed and therefore always invalidates the cache. Not worth it.
* Add binarytree package to eval environmentGravatar Mark2021-03-23-0/+1
|
* Merge pull request #97 from python-discord/dependabot/pip/urllib3-1.26.3Gravatar Joe Banks2021-03-19-39/+44
|\ | | | | Bump urllib3 from 1.26.2 to 1.26.3
| * Bump urllib3 from 1.26.2 to 1.26.3Gravatar dependabot[bot]2021-03-19-39/+44
|/ | | | | | | | Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.2 to 1.26.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.2...1.26.3) Signed-off-by: dependabot[bot] <[email protected]>
* Merge PR #96 - nsjail SIGKILL to SIGTERMGravatar Mark2021-03-16-16/+5
|\
| * Update flooding test to expect code 143Gravatar Joe Banks2021-03-16-1/+1
| | | | | | | | Test was relying on 137 which is SIGKILL, when instead it would receive 143, or SIGTERM.
| * Remove logic for removing remnant cgroupsGravatar Joe Banks2021-03-16-12/+0
| | | | | | | | This should be addressed by sending SIGTERM to nsjail instead of SIGKILL, since nsjail then gets an opportunity to run clean-up logic which includes removing cgroups.
| * Change SIGKILL to SIGTERMGravatar Joe Banks2021-03-16-3/+4
|/
* Remove the mixed line endings pre-commit hook because it is obsolete.Gravatar MarkKoz2021-03-13-2/+1
| | | | | | | | Relying on git to handle line endings means contributors have more flexibility with which line endings they want to use on check-out. The settings in .gitattributes only impose which line endings will be used upon check-in (LF), which should not impact local development; git will still respect the core.eol and core.autocrlf settings.
* master => mainGravatar Joe Banks2021-03-13-14/+14
|
* Merge PR #93 - fix NsJail testsGravatar Mark2021-03-08-30/+39
|\ | | | | | | A test is still broken, but it's due to a bug in the code being tested rather than in the test itself. It'll be fixed separately.
| * Merge master into bug/tests/nsjailGravatar MarkKoz2021-03-07-8/+34
| |\ | |/ |/| | | The branch needs the fixes from #94 to make the tests pass.
* | Merge pull request #94 from python-discord/recursive-remove-cgroupsGravatar Matteo Bertucci2021-02-26-0/+12
|\ \ | | | | | | Remove all child cgroups before removing parents
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-18 12:11:43 +0000