| Commit message (Collapse) | Author | Age | Lines |
|---|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Signed-off-by: Hassan Abouelela <[email protected]>
|
| | |
| |
| |
| | |
Signed-off-by: Hassan Abouelela <[email protected]>
|
| |/
|
|
| |
Signed-off-by: Hassan Abouelela <[email protected]>
|
| |\ |
|
| | |
| |
| |
| | |
This test ensures that spawned child processes inherit the same resource group as the parent by spawning 2 child processes which each allocate a 40MB object, it then verifies that one of the child processes was killed with SIGKILL for violating the resource quota.
|
| | | |
|
| | |
| |
| |
| | |
We define a few environment variables to stop third party libraries trying to default to spawning more processes, with the PID limit modification we can increase these values.
|
| |/
|
|
| |
Processes spawned in snekbox now have up to 5 PIDs available, each sharing the same memory limits and environment as the parent python process. As far as I could see in testing this does appear safe and processes behave as expected even when detatching from the parent or exceeding memory limits.
|
| | |
|
| |\
| |
| | |
Env deps: add tzdata
|
| |/
|
|
|
|
|
|
| |
Snekbox is lacking an IANA timezone database, this first-party `tzdata` package will provide them. It can be tested by running the following script:
```py
import zoneinfo
if len(zoneinfo.available_timezones()) == 0:
print("The environment doesn't have a valid IANA database.")
```
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.4 to 1.26.5.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.4...1.26.5)
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <[email protected]>
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
Co-authored-by: Mark <[email protected]>
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| |
| | |
Use PYTHONIOENCODING to enable utf-8 stdout for the nsjail pipe,
and handle the potential case where this is bypassable.
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
the potential case where this is bypassable
Since snekbox does not run with a tty, stdout is technically raw bytes, and thus incomplete surrogate pairs can be printed without the client application erroring, and instead fail within _consume_stdout when we attempt to decode it to a str.
This commit sets the PYTHONIOENCODING environment variable to inform python to open the pipe in utf-8 mode.
However, clever use of execl and os.unsetenv() can unset this environment variable, so we add a safety check to _consume_stdout to fail out of parsing output if it contains invalid unicode. This should only happen in deliberate cases, or significant bugs in python or a c library where output is printed to stdout ignoring the python stdout encoding.
|
| |
|
|
|
|
|
|
| |
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.4.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.3...1.26.4)
Signed-off-by: dependabot[bot] <[email protected]>
|
| | |
|
| |\ |
|
| |/ |
|
| |
|
|
|
| |
It needs setuptools which requires --ignore-installed to be used.
That causes all dependencies to be re-installed and therefore always
invalidates the cache. Not worth it.
|
| | |
|
| |\
| |
| | |
Bump urllib3 from 1.26.2 to 1.26.3
|
| |/
|
|
|
|
|
|
| |
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.2 to 1.26.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.2...1.26.3)
Signed-off-by: dependabot[bot] <[email protected]>
|
| |\ |
|
| | |
| |
| |
| | |
Test was relying on 137 which is SIGKILL, when instead it would receive 143, or SIGTERM.
|
| | |
| |
| |
| | |
This should be addressed by sending SIGTERM to nsjail instead of SIGKILL, since nsjail then gets an opportunity to run clean-up logic which includes removing cgroups.
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Relying on git to handle line endings means contributors have more
flexibility with which line endings they want to use on check-out.
The settings in .gitattributes only impose which line endings will
be used upon check-in (LF), which should not impact local development;
git will still respect the core.eol and core.autocrlf settings.
|
| | |
|
| |\
| |
| |
| | |
A test is still broken, but it's due to a bug in the code being
tested rather than in the test itself. It'll be fixed separately.
|
| | |\
| |/
|/|
| | |
The branch needs the fixes from #94 to make the tests pass.
|
| |\ \
| | |
| | | |
Remove all child cgroups before removing parents
|
| |/ / |
|
| |\ \
| | |
| | | |
Dynamically create parent cgroups
|
| | |\ \
| |/ /
|/| | |
|
| | | | |
|
| | | | |
|
Joe Banks
Mark
Hassan Abouelela
Thomas Grainger
Joe Banks
Matteo Bertucci
dependabot[bot]
ToxicKidz
Bast
Joe Banks