From 06173ee3322b5746c64ade3652331ce6c71bf636 Mon Sep 17 00:00:00 2001
From: Joe Banks <joseph@josephbanks.me>
Date: Fri, 26 Feb 2021 16:58:01 +0000
Subject: Remove all child cgroups before removing parents

---
 snekbox/nsjail.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py
index 3235ee0..06c3154 100644
--- a/snekbox/nsjail.py
+++ b/snekbox/nsjail.py
@@ -224,6 +224,18 @@ class NsJail:
 
         log.info(f"nsjail return code: {returncode}")
 
+        # If we hit a cgroup limit then there is a chance the nsjail cgroups did not
+        # get removed. If we don't remove them then when we try remove the parents
+        # we will get a "Device or resource busy" error.
+
+        children = []
+
+        children.extend(Path(self.config.cgroup_mem_mount, cgroup).glob("NSJAIL.*"))
+        children.extend(Path(self.config.cgroup_pids_mount, cgroup).glob("NSJAIL.*"))
+
+        for child in children:
+            child.rmdir()
+
         # Remove the dynamically created cgroups once we're done
         Path(self.config.cgroup_mem_mount, cgroup).rmdir()
         Path(self.config.cgroup_pids_mount, cgroup).rmdir()
-- 
cgit v1.2.3