aboutsummaryrefslogtreecommitdiffstats
path: root/scripts/protoc.py (unfollow)
Commit message (Collapse)AuthorLines
2021-12-20Set the max swap size through NsJailGravatar MarkKoz-4/+2
2021-12-20Update NsJailGravatar MarkKoz-979/+49
The updated versions adds support for telling NsJail to set the max swap memory in the cgroup. Resolve #125
2021-12-20Use the system locale's encoding for cgroup filesGravatar MarkKoz-2/+2
They're encoded with the system's locale, so that's what should be used to read them.
2021-12-20Add cgroupv2 initialisationGravatar MarkKoz-6/+46
Ensure the cgroupv2 mount exists, subtree_control is not empty, and swap is disabled. Fix #126 Fix #102
2021-12-20Account for NsJail's use_cgroupv2 setting when detecting cgroup versionGravatar MarkKoz-15/+38
2021-12-21Move cgroup functions to a new utility moduleGravatar MarkKoz-61/+69
2021-12-22Excluded the snekbox/config_pb2.py from coverage (#130)Gravatar Nightfurex-1/+3
2021-12-20Rename Generated ProtoBuf ConfigGravatar Hassan Abouelela-223/+199
Remove the rename step from the protobuf generation script to get around a bug causing failures in the test suite. Signed-off-by: Hassan Abouelela <[email protected]>
2021-12-19Bump & Lock Protobuf to 3.19Gravatar Hassan Abouelela-104/+125
Bumps protobuf from ~=3.14 to ==3.19. 3.19 was already a valid upgrade from ~=3.14, but it introduced a breaking bug. The dependency has been locked for now to avoid any more unintended bugs. Signed-off-by: Hassan Abouelela <[email protected]>
2021-12-10Remove myself from the codeownersGravatar Matteo Bertucci-1/+1
2021-12-07Log cgroup version at startupGravatar Matteo Bertucci-2/+4
2021-12-07Add the --use_cgroupv2 flag when relevantGravatar Matteo Bertucci-1/+18
According to https://github.com/google/nsjail/pull/119, the flag should be passed for NsJail to try to use cgroupv2. This commit will use the /sys/fs/cgroup structure to guess the installed version, and depending on the version add that flag.
2021-12-02update arrow to most recent versionGravatar aru-1/+1
2021-11-11Update deployment.yamlGravatar Joe Banks-0/+1
2021-10-11Bumps Coverage VersionGravatar Hassan Abouelela-58/+39
Signed-off-by: Hassan Abouelela <[email protected]>
2021-10-11Updates Runtime Modules For 3.10Gravatar Hassan Abouelela-6/+4
Signed-off-by: Hassan Abouelela <[email protected]>
2021-10-11Bumps Python Version To 3.10Gravatar Hassan Abouelela-122/+170
Signed-off-by: Hassan Abouelela <[email protected]>
2021-07-17test: add test_multiprocess_resource_limits to test memory limit sharingGravatar Joe Banks-0/+28
This test ensures that spawned child processes inherit the same resource group as the parent by spawning 2 child processes which each allocate a 40MB object, it then verifies that one of the child processes was killed with SIGKILL for violating the resource quota.
2021-07-17test: update pid limit tests to account for new increased limitGravatar Joe Banks-1/+10
2021-07-17chore: increase 3rd party thread limit environment variablesGravatar Joe Banks-5/+5
We define a few environment variables to stop third party libraries trying to default to spawning more processes, with the PID limit modification we can increase these values.
2021-07-17feat: increased PID limitsGravatar Joe Banks-1/+1
Processes spawned in snekbox now have up to 5 PIDs available, each sharing the same memory limits and environment as the parent python process. As far as I could see in testing this does appear safe and processes behave as expected even when detatching from the parent or exceeding memory limits.
2021-07-07add anyioGravatar Thomas Grainger-0/+1
2021-06-19Env deps: add tzdataGravatar Matteo Bertucci-0/+1
Snekbox is lacking an IANA timezone database, this first-party `tzdata` package will provide them. It can be tested by running the following script: ```py import zoneinfo if len(zoneinfo.available_timezones()) == 0: print("The environment doesn't have a valid IANA database.") ```
2021-06-01Bump urllib3 from 1.26.4 to 1.26.5Gravatar dependabot[bot]-33/+33
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.4 to 1.26.5. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.4...1.26.5) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
2021-05-19chore: Use TestCase.subTestGravatar ToxicKidz-12/+12
2021-05-19chore: Apply suggestions to improve documentationGravatar ToxicKidz-3/+5
Co-authored-by: Mark <[email protected]>
2021-05-19chore: Update the Nsjail.python3 docstring to use nsjail_argsGravatar ToxicKidz-1/+1
2021-05-18Add a step to lint-test to show pre-commit logsGravatar ToxicKidz-1/+8
2021-05-18chore: Fix some typosGravatar ToxicKidz-2/+2
2021-05-18chore: Add tests for py_args and ns_jail argsGravatar ToxicKidz-1/+32
2021-05-18chore: Improve documentation for arguments in /evalGravatar ToxicKidz-8/+16
2021-05-17feat: Allow custom arguments to be passed to evalGravatar ToxicKidz-3/+14
2021-04-08Clarify documentation of None return codeGravatar Mark-1/+1
2021-04-08Note new return case in eval api fileGravatar Bast-1/+1
2021-04-08Match new unicode eval tests and output to the format and functions of othersGravatar Bast-13/+9
2021-04-06Use PYTHONIOENCODING to enable utf-8 stdout for the nsjail pipe, and handle ↵Gravatar Bast-1/+31
the potential case where this is bypassable Since snekbox does not run with a tty, stdout is technically raw bytes, and thus incomplete surrogate pairs can be printed without the client application erroring, and instead fail within _consume_stdout when we attempt to decode it to a str. This commit sets the PYTHONIOENCODING environment variable to inform python to open the pipe in utf-8 mode. However, clever use of execl and os.unsetenv() can unset this environment variable, so we add a safety check to _consume_stdout to fail out of parsing output if it contains invalid unicode. This should only happen in deliberate cases, or significant bugs in python or a c library where output is printed to stdout ignoring the python stdout encoding.
2021-04-06Bump urllib3 from 1.26.3 to 1.26.4Gravatar dependabot[bot]-6/+6
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.4. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.3...1.26.4) Signed-off-by: dependabot[bot] <[email protected]>
2021-04-05Move from GHCR_TOKEN to GITHUB_TOKEN in Docker publish stageGravatar Joe Banks-1/+1
2021-04-01Update policy documentsGravatar Matteo Bertucci-121/+8
2021-03-23Remove binarytree packageGravatar Mark-1/+0
It needs setuptools which requires --ignore-installed to be used. That causes all dependencies to be re-installed and therefore always invalidates the cache. Not worth it.
2021-03-23Add binarytree package to eval environmentGravatar Mark-0/+1
2021-03-19Bump urllib3 from 1.26.2 to 1.26.3Gravatar dependabot[bot]-39/+44
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.2 to 1.26.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.2...1.26.3) Signed-off-by: dependabot[bot] <[email protected]>
2021-03-16Update flooding test to expect code 143Gravatar Joe Banks-1/+1
Test was relying on 137 which is SIGKILL, when instead it would receive 143, or SIGTERM.
2021-03-16Remove logic for removing remnant cgroupsGravatar Joe Banks-12/+0
This should be addressed by sending SIGTERM to nsjail instead of SIGKILL, since nsjail then gets an opportunity to run clean-up logic which includes removing cgroups.
2021-03-16Change SIGKILL to SIGTERMGravatar Joe Banks-3/+4
2021-03-13Remove the mixed line endings pre-commit hook because it is obsolete.Gravatar MarkKoz-2/+1
Relying on git to handle line endings means contributors have more flexibility with which line endings they want to use on check-out. The settings in .gitattributes only impose which line endings will be used upon check-in (LF), which should not impact local development; git will still respect the core.eol and core.autocrlf settings.
2021-03-13master => mainGravatar Joe Banks-14/+14
2021-03-07Docker: improve caching & install numpy in containerGravatar MarkKoz-9/+15
CI was building the image twice: once with dev dependencies and again without. Separating the pipenv command into separate layers allows the second build in CI to take advantage of the cache for the base dependencies that it will share across both builds. Install numpy along with the dev dependencies within the container. Previously it was installed in CI only, but this meant extra work for those running tests locally. Install numpy to the correct site.
2021-02-26Remove all child cgroups before removing parentsGravatar Joe Banks-0/+12
2021-02-04Fix patch for DEBUG value during testingGravatar MarkKoz-1/+1
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-06 18:23:14 +0000