From 93dab0fa061fdfcf3fdb59210a220ae01c3b4a2e Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 14 Dec 2019 23:29:00 -0800 Subject: Use bash instead of ash Forgot to do this after switching to Debian. --- scripts/dev.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'scripts') diff --git a/scripts/dev.sh b/scripts/dev.sh index 8f5b24f..6aeb1de 100755 --- a/scripts/dev.sh +++ b/scripts/dev.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # Sets up a development environment and runs a shell in a docker container. -# Usage: dev.sh [--build [--clean]] [ash_args ...] +# Usage: dev.sh [--build [--clean]] [bash_args ...] if [ "$1" = "--build" ]; then shift @@ -42,15 +42,15 @@ docker run \ --hostname pdsnk-dev \ -e PYTHONDONTWRITEBYTECODE=1 \ -e PIPENV_PIPFILE="/snekbox/Pipfile" \ - -e ENV="${PWD}/scripts/.profile" \ + -e BASH_ENV="${PWD}/scripts/.profile" \ --volume "${PWD}":"${PWD}" \ --workdir "${PWD}"\ - --entrypoint /bin/ash \ + --entrypoint /bin/bash \ pythondiscord/snekbox-venv:dev \ >/dev/null \ # Execute the given command(s) -docker exec -it snekbox_test /bin/ash "$@" +docker exec -it snekbox_test /bin/bash --rcfile "${PWD}/scripts/.profile" "$@" # Fix ownership of coverage file # BusyBox doesn't support --reference for chown @@ -58,7 +58,7 @@ docker exec \ -it \ -e CWD="${PWD}" \ snekbox_test \ - /bin/ash \ + /bin/bash \ -c 'chown "$(stat -c "%u:%g" "${CWD}")" "${CWD}/.coverage"' docker rm -f snekbox_test >/dev/null # Stop and remove the container -- cgit v1.2.3 From 6380c69aa5c1c1d140239926a8ef131248c51416 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Mon, 16 Dec 2019 15:00:46 -0800 Subject: Limit numpy to using 1 thread --- scripts/.profile | 5 +++++ snekbox/nsjail.py | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'scripts') diff --git a/scripts/.profile b/scripts/.profile index bd46a17..daaf1dd 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -19,6 +19,11 @@ nsjpy() { --rlimit_as 700 \ --chroot / \ -E LANG=en_US.UTF-8 \ + -E OMP_NUM_THREADS=1 \ + -E OPENBLAS_NUM_THREADS=1 \ + -E MKL_NUM_THREADS=1 \ + -E VECLIB_MAXIMUM_THREADS=1 \ + -E NUMEXPR_NUM_THREADS=1 \ -R/usr -R/lib -R/lib64 \ --user 65534 \ --group 65534 \ diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index d3c893d..f160aa8 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -121,6 +121,11 @@ class NsJail: "--rlimit_as", "700", "--chroot", "/", "-E", "LANG=en_US.UTF-8", + "-E", "OMP_NUM_THREADS=1", + "-E", "OPENBLAS_NUM_THREADS=1", + "-E", "MKL_NUM_THREADS=1", + "-E", "VECLIB_MAXIMUM_THREADS=1", + "-E", "NUMEXPR_NUM_THREADS=1", "-R/usr", "-R/lib", "-R/lib64", "--user", "65534", # nobody "--group", "65534", # nobody/nogroup -- cgit v1.2.3 From 0e88b92e4b59e2cf460fe1c9fa08a38a3a2acba0 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 28 Dec 2019 13:31:06 -0800 Subject: Disable shared memory in Docker container --- docker-compose.yml | 1 + scripts/dev.sh | 1 + 2 files changed, 2 insertions(+) (limited to 'scripts') diff --git a/docker-compose.yml b/docker-compose.yml index d071a71..aeb2806 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,6 +6,7 @@ services: image: pythondiscord/snekbox:latest network_mode: "host" init: true + ipc: none build: context: . dockerfile: docker/Dockerfile diff --git a/scripts/dev.sh b/scripts/dev.sh index 6aeb1de..0275651 100755 --- a/scripts/dev.sh +++ b/scripts/dev.sh @@ -40,6 +40,7 @@ docker run \ --privileged \ --network host \ --hostname pdsnk-dev \ + --ipc="none" \ -e PYTHONDONTWRITEBYTECODE=1 \ -e PIPENV_PIPFILE="/snekbox/Pipfile" \ -e BASH_ENV="${PWD}/scripts/.profile" \ -- cgit v1.2.3 From b2fb654371a07a77ba4a39f11395836c6b593527 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 28 Dec 2019 15:17:34 -0800 Subject: Mount only what's needed in the chroot jail devfs and sysfs were problematic since they were being mounted as tmpfs, which is r/w. For example, the Python process could write to cgroups. Now, only what is needed to run Python gets mounted. This boils down to the venv itself and some shared libraries Python needs. * Use a config file for NsJail instead of command-line options * Map 65534 (nobody) user & group inside the user namespace to 65534 outside the namespace rather than mapping to current uid/guid (which was 0 AKA root) --- .dockerignore | 2 +- README.md | 2 +- docker/venv.Dockerfile | 2 +- scripts/.profile | 18 +--------- snekbox.cfg | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++ snekbox/nsjail.py | 22 +++--------- 6 files changed, 99 insertions(+), 37 deletions(-) create mode 100644 snekbox.cfg (limited to 'scripts') diff --git a/.dockerignore b/.dockerignore index afc786a..4f43e08 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,8 +2,8 @@ * # Make exceptions for what's needed -!docker/.profile !snekbox +!snekbox.cfg !tests !Pipfile !Pipfile.lock diff --git a/README.md b/README.md index f1fcac5..d90609e 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ result <- | |<----------| | <----------+ The code is executed in a Python process that is launched through [NsJail](https://github.com/google/nsjail), which is responsible for sandboxing the Python process. NsJail is configured as follows: -* Root directory is mounted as read-only +* All mounts are read-only * Time limit of 2 seconds * Maximum of 1 PID * Maximum memory of 52428800 bytes diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile index be15f08..b415430 100644 --- a/docker/venv.Dockerfile +++ b/docker/venv.Dockerfile @@ -7,7 +7,7 @@ ENV PIP_NO_CACHE_DIR=false \ PIPENV_NOSPIN=1 \ PIPENV_VENV_IN_PROJECT=1 -COPY Pipfile Pipfile.lock /snekbox/ +COPY Pipfile Pipfile.lock snekbox.cfg /snekbox/ WORKDIR /snekbox RUN if [ -n "${DEV}" ]; then pipenv sync --dev; else pipenv sync; fi diff --git a/scripts/.profile b/scripts/.profile index daaf1dd..47ee141 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -15,23 +15,7 @@ nsjpy() { echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.memsw.limit_in_bytes nsjail \ - -Mo \ - --rlimit_as 700 \ - --chroot / \ - -E LANG=en_US.UTF-8 \ - -E OMP_NUM_THREADS=1 \ - -E OPENBLAS_NUM_THREADS=1 \ - -E MKL_NUM_THREADS=1 \ - -E VECLIB_MAXIMUM_THREADS=1 \ - -E NUMEXPR_NUM_THREADS=1 \ - -R/usr -R/lib -R/lib64 \ - --user 65534 \ - --group 65534 \ - --time_limit 2 \ - --disable_proc \ - --iface_no_lo \ - --cgroup_pids_max=1 \ - --cgroup_mem_max="${MEM_MAX}" \ + --config "${NSJAIL_CFG:-/snekbox/snekbox.cfg}" \ $nsj_args -- \ /snekbox/.venv/bin/python3 -Iq -c "$@" } diff --git a/snekbox.cfg b/snekbox.cfg new file mode 100644 index 0000000..2f4a0e4 --- /dev/null +++ b/snekbox.cfg @@ -0,0 +1,90 @@ +name: "snekbox" +description: "Execute Python" + +mode: ONCE +hostname: "snekbox" +cwd: "/snekbox" + +time_limit: 2 + +keep_env: false +envar: "LANG=en_US.UTF-8" +envar: "OMP_NUM_THREADS=1" +envar: "OPENBLAS_NUM_THREADS=1" +envar: "MKL_NUM_THREADS=1" +envar: "VECLIB_MAXIMUM_THREADS=1" +envar: "NUMEXPR_NUM_THREADS=1" + +keep_caps: false + +rlimit_as: 700 + +clone_newnet: true +clone_newuser: true +clone_newns: true +clone_newpid: true +clone_newipc: true +clone_newuts: true +clone_newcgroup: true + +uidmap { + inside_id: "65534" + outside_id: "65534" +} + +gidmap { + inside_id: "65534" + outside_id: "65534" +} + +mount_proc: false + +mount { + src: "/etc/ld.so.cache" + dst: "/etc/ld.so.cache" + is_bind: true + rw: false +} + +mount { + src: "/lib" + dst: "/lib" + is_bind: true + rw: false +} + +mount { + src: "/lib64" + dst: "/lib64" + is_bind: true + rw: false +} + +mount { + src: "/snekbox" + dst: "/snekbox" + is_bind: true + rw: false +} + +mount { + src: "/usr/local/lib" + dst: "/usr/local/lib" + is_bind: true + rw: false +} + +cgroup_mem_max: 52428800 +cgroup_mem_mount: "/sys/fs/cgroup/memory" +cgroup_mem_parent: "NSJAIL" + +cgroup_pids_max: 1 +cgroup_pids_mount: "/sys/fs/cgroup/pids" +cgroup_pids_parent: "NSJAIL" + +iface_no_lo: true + +exec_bin { + path: "/snekbox/.venv/bin/python3" + arg: "-Iq" +} diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index f160aa8..83d3b8d 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -24,6 +24,7 @@ CGROUP_PIDS_PARENT = Path("/sys/fs/cgroup/pids/NSJAIL") CGROUP_MEMORY_PARENT = Path("/sys/fs/cgroup/memory/NSJAIL") NSJAIL_PATH = os.getenv("NSJAIL_PATH", "/usr/sbin/nsjail") +NSJAIL_CFG = os.getenv("NSJAIL_CFG", "./snekbox.cfg") MEM_MAX = 52428800 @@ -31,9 +32,9 @@ class NsJail: """ Core Snekbox functionality, providing safe execution of Python code. - NsJail configuration: + Default NsJail configuration (snekbox.cfg): - - Root directory is mounted as read-only + - All mounts are read-only - Time limit of 2 seconds - Maximum of 1 PID - Maximum memory of 52428800 bytes @@ -117,21 +118,8 @@ class NsJail: """Execute Python 3 code in an isolated environment and return the completed process.""" with NamedTemporaryFile() as nsj_log: args = ( - self.nsjail_binary, "-Mo", - "--rlimit_as", "700", - "--chroot", "/", - "-E", "LANG=en_US.UTF-8", - "-E", "OMP_NUM_THREADS=1", - "-E", "OPENBLAS_NUM_THREADS=1", - "-E", "MKL_NUM_THREADS=1", - "-E", "VECLIB_MAXIMUM_THREADS=1", - "-E", "NUMEXPR_NUM_THREADS=1", - "-R/usr", "-R/lib", "-R/lib64", - "--user", "65534", # nobody - "--group", "65534", # nobody/nogroup - "--time_limit", "2", - "--disable_proc", - "--iface_no_lo", + self.nsjail_binary, + "--config", NSJAIL_CFG, "--log", nsj_log.name, f"--cgroup_mem_max={MEM_MAX}", "--cgroup_mem_mount", str(CGROUP_MEMORY_PARENT.parent), -- cgit v1.2.3 From 83f1c49ab6ed6ff0b04f32f5031e4838131302d1 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Sat, 11 Jan 2020 13:50:47 -0800 Subject: Fix #56: stdout and stderr outputs in wrong order --- scripts/.profile | 2 +- snekbox.cfg | 2 +- snekbox/nsjail.py | 2 +- tests/test_nsjail.py | 16 ++++++++++++++++ 4 files changed, 19 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/.profile b/scripts/.profile index 47ee141..73fbb28 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -17,5 +17,5 @@ nsjpy() { nsjail \ --config "${NSJAIL_CFG:-/snekbox/snekbox.cfg}" \ $nsj_args -- \ - /snekbox/.venv/bin/python3 -Iq -c "$@" + /snekbox/.venv/bin/python3 -Iqu -c "$@" } diff --git a/snekbox.cfg b/snekbox.cfg index 4cb58de..1d58ea5 100644 --- a/snekbox.cfg +++ b/snekbox.cfg @@ -93,5 +93,5 @@ iface_no_lo: true exec_bin { path: "/snekbox/.venv/bin/python3" - arg: "-Iq" + arg: "-Iqu" } diff --git a/snekbox/nsjail.py b/snekbox/nsjail.py index 83d3b8d..df69e7a 100644 --- a/snekbox/nsjail.py +++ b/snekbox/nsjail.py @@ -128,7 +128,7 @@ class NsJail: "--cgroup_pids_mount", str(CGROUP_PIDS_PARENT.parent), "--cgroup_pids_parent", CGROUP_PIDS_PARENT.name, "--", - self.python_binary, "-Iq", "-c", code + self.python_binary, "-Iqu", "-c", code ) msg = "Executing code..." diff --git a/tests/test_nsjail.py b/tests/test_nsjail.py index f04d317..0b755b2 100644 --- a/tests/test_nsjail.py +++ b/tests/test_nsjail.py @@ -158,3 +158,19 @@ class NsJailTests(unittest.TestCase): self.assertEqual(result.returncode, 0) self.assertEqual(result.stdout, "") self.assertEqual(result.stderr, None) + + def test_output_order(self): + stdout_msg = "greetings from stdout!" + stderr_msg = "hello from stderr!" + code = dedent(f""" + print({stdout_msg!r}) + raise ValueError({stderr_msg!r}) + """).strip() + + result = self.nsjail.python3(code) + self.assertLess( + result.stdout.find(stdout_msg), + result.stdout.find(stderr_msg), + msg="stdout does not come before stderr" + ) + self.assertEqual(result.stderr, None) -- cgit v1.2.3 From f622e84607a8ecb4d8dd75d731063423ab38d189 Mon Sep 17 00:00:00 2001 From: MarkKoz Date: Fri, 21 Feb 2020 16:10:37 -0800 Subject: CI: install Pipfile into system interpreter A virtual environment is redundant in the context of deployment. It just increases the size and build time of the image. * Replace venv with system interpreter * Mount Python binaries in /usr/local/bin in NsJail * Fix #61: Python symlink in venv not resolving * Re-lock Pipfile because it wasn't up to date according to pipenv install --deploy --- Pipfile.lock | 292 ++++++++++++++++++++++++++----------------------- docker/venv.Dockerfile | 10 +- scripts/.profile | 2 +- snekbox.cfg | 23 +++- 4 files changed, 186 insertions(+), 141 deletions(-) (limited to 'scripts') diff --git a/Pipfile.lock b/Pipfile.lock index 578aec1..04765b6 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "abd28ace3bcd59d9ec30c2b4bf9c1b1598f54f33d75e08bb0179fe985946dad5" + "sha256": "4a760f24a649010040635541114b17cadfd785956cfd9216a6f8c9590a69cca1" }, "pipfile-spec": 6, "requires": { @@ -18,11 +18,11 @@ "default": { "arrow": { "hashes": [ - "sha256:01a16d8a93eddf86a29237f32ae36b29c27f047e79312eb4df5d55fd5a2b3183", - "sha256:e1a318a4c0b787833ae46302c02488b6eeef413c6a13324b3261ad320f21ec1e" + "sha256:5390e464e2c5f76971b60ffa7ee29c598c7501a294bc9f5e6dadcb251a5d027b", + "sha256:70729bcc831da496ca3cb4b7e89472c8e2d27d398908155e0796179f6d2d41ee" ], "index": "pypi", - "version": "==0.15.4" + "version": "==0.15.5" }, "attrs": { "hashes": [ @@ -34,12 +34,12 @@ }, "beautifulsoup4": { "hashes": [ - "sha256:5279c36b4b2ec2cb4298d723791467e3000e5384a43ea0cdf5d45207c7e97169", - "sha256:6135db2ba678168c07950f9a16c4031822c6f4aec75a65e0a97bc5ca09789931", - "sha256:dcdef580e18a76d54002088602eba453eec38ebbcafafeaabd8cab12b6155d57" + "sha256:05fd825eb01c290877657a56df4c6e4c311b3965bda790c613a3d6fb01a5462a", + "sha256:9fbb4d6e48ecd30bcacc5b63b94088192dcda178513b2ae3c394229f8911b887", + "sha256:e1505eeed31b0f4ce2dbb3bc8eb256c04cc2b3b72af7d551a4ab6efd5cbe5dae" ], "index": "pypi", - "version": "==4.8.1" + "version": "==4.8.2" }, "decorator": { "hashes": [ @@ -77,11 +77,11 @@ }, "fuzzywuzzy": { "hashes": [ - "sha256:5ac7c0b3f4658d2743aa17da53a55598144edbc5bee3c6863840636e6926f254", - "sha256:6f49de47db00e1c71d40ad16da42284ac357936fa9b66bea1df63fed07122d62" + "sha256:45016e92264780e58972dca1b3d939ac864b78437422beecebb3095f8efd00e8", + "sha256:928244b28db720d1e0ee7587acf660ea49d7e4c632569cad4f1cd7e68a5f0993" ], "index": "pypi", - "version": "==0.17.0" + "version": "==0.18.0" }, "gunicorn": { "hashes": [ @@ -93,10 +93,10 @@ }, "idna": { "hashes": [ - "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407", - "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c" + "sha256:7588d1c14ae4c77d74036e8c22ff447b26d0fde8f007354fd48a7814db15b7cb", + "sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa" ], - "version": "==2.8" + "version": "==2.9" }, "jsonschema": { "hashes": [ @@ -108,11 +108,11 @@ }, "more-itertools": { "hashes": [ - "sha256:b84b238cce0d9adad5ed87e745778d20a3f8487d0f0cb8b8a586816c7496458d", - "sha256:c833ef592a0324bcc6a60e48440da07645063c453880c9477ceb22490aec1564" + "sha256:5dd8bcf33e5f9513ffa06d5ad33d78f31e1931ac9a18f33d37e77a180d393a7c", + "sha256:b1ddb932186d8a6ac451e1d95844b382f55e12686d51ca0c68b6f61f2ab7a507" ], "index": "pypi", - "version": "==8.0.2" + "version": "==8.2.0" }, "mpmath": { "hashes": [ @@ -122,25 +122,25 @@ }, "multidict": { "hashes": [ - "sha256:09c19f642e055550c9319d5123221b7e07fc79bda58122aa93910e52f2ab2f29", - "sha256:0c1a5d5f7aa7189f7b83c4411c2af8f1d38d69c4360d5de3eea129c65d8d7ce2", - "sha256:12f22980e7ed0972a969520fb1e55682c9fca89a68b21b49ec43132e680be812", - "sha256:258660e9d6b52de1a75097944e12718d3aa59adc611b703361e3577d69167aaf", - "sha256:3374a23e707848f27b3438500db0c69eca82929337656fce556bd70031fbda74", - "sha256:503b7fce0054c73aa631cc910a470052df33d599f3401f3b77e54d31182525d5", - "sha256:6ce55f2c45ffc90239aab625bb1b4864eef33f73ea88487ef968291fbf09fb3f", - "sha256:725496dde5730f4ad0a627e1a58e2620c1bde0ad1c8080aae15d583eb23344ce", - "sha256:a3721078beff247d0cd4fb19d915c2c25f90907cf8d6cd49d0413a24915577c6", - "sha256:ba566518550f81daca649eded8b5c7dd09210a854637c82351410aa15c49324a", - "sha256:c42362750a51a15dc905cb891658f822ee5021bfbea898c03aa1ed833e2248a5", - "sha256:cf14aaf2ab067ca10bca0b14d5cbd751dd249e65d371734bc0e47ddd8fafc175", - "sha256:cf24e15986762f0e75a622eb19cfe39a042e952b8afba3e7408835b9af2be4fb", - "sha256:d7b6da08538302c5245cd3103f333655ba7f274915f1f5121c4f4b5fbdb3febe", - "sha256:e27e13b9ff0a914a6b8fb7e4947d4ac6be8e4f61ede17edffabd088817df9e26", - "sha256:e53b205f8afd76fc6c942ef39e8ee7c519c775d336291d32874082a87802c67c", - "sha256:ec804fc5f68695d91c24d716020278fcffd50890492690a7e1fef2e741f7172c" - ], - "version": "==4.7.1" + "sha256:317f96bc0950d249e96d8d29ab556d01dd38888fbe68324f46fd834b430169f1", + "sha256:42f56542166040b4474c0c608ed051732033cd821126493cf25b6c276df7dd35", + "sha256:4b7df040fb5fe826d689204f9b544af469593fb3ff3a069a6ad3409f742f5928", + "sha256:544fae9261232a97102e27a926019100a9db75bec7b37feedd74b3aa82f29969", + "sha256:620b37c3fea181dab09267cd5a84b0f23fa043beb8bc50d8474dd9694de1fa6e", + "sha256:6e6fef114741c4d7ca46da8449038ec8b1e880bbe68674c01ceeb1ac8a648e78", + "sha256:7774e9f6c9af3f12f296131453f7b81dabb7ebdb948483362f5afcaac8a826f1", + "sha256:85cb26c38c96f76b7ff38b86c9d560dea10cf3459bb5f4caf72fc1bb932c7136", + "sha256:a326f4240123a2ac66bb163eeba99578e9d63a8654a59f4688a79198f9aa10f8", + "sha256:ae402f43604e3b2bc41e8ea8b8526c7fa7139ed76b0d64fc48e28125925275b2", + "sha256:aee283c49601fa4c13adc64c09c978838a7e812f85377ae130a24d7198c0331e", + "sha256:b51249fdd2923739cd3efc95a3d6c363b67bbf779208e9f37fd5e68540d1a4d4", + "sha256:bb519becc46275c594410c6c28a8a0adc66fe24fef154a9addea54c1adb006f5", + "sha256:c2c37185fb0af79d5c117b8d2764f4321eeb12ba8c141a95d0aa8c2c1d0a11dd", + "sha256:dc561313279f9d05a3d0ffa89cd15ae477528ea37aa9795c4654588a3287a9ab", + "sha256:e439c9a10a95cb32abd708bb8be83b2134fa93790a4fb0535ca36db3dda94d20", + "sha256:fc3b4adc2ee8474cb3cd2a155305d5f8eda0a9c91320f83e55748e1fcb68f8e3" + ], + "version": "==4.7.5" }, "networkx": { "hashes": [ @@ -152,30 +152,30 @@ }, "numpy": { "hashes": [ - "sha256:0a7a1dd123aecc9f0076934288ceed7fd9a81ba3919f11a855a7887cbe82a02f", - "sha256:0c0763787133dfeec19904c22c7e358b231c87ba3206b211652f8cbe1241deb6", - "sha256:3d52298d0be333583739f1aec9026f3b09fdfe3ddf7c7028cb16d9d2af1cca7e", - "sha256:43bb4b70585f1c2d153e45323a886839f98af8bfa810f7014b20be714c37c447", - "sha256:475963c5b9e116c38ad7347e154e5651d05a2286d86455671f5b1eebba5feb76", - "sha256:64874913367f18eb3013b16123c9fed113962e75d809fca5b78ebfbb73ed93ba", - "sha256:683828e50c339fc9e68720396f2de14253992c495fdddef77a1e17de55f1decc", - "sha256:6ca4000c4a6f95a78c33c7dadbb9495c10880be9c89316aa536eac359ab820ae", - "sha256:75fd817b7061f6378e4659dd792c84c0b60533e867f83e0d1e52d5d8e53df88c", - "sha256:7d81d784bdbed30137aca242ab307f3e65c8d93f4c7b7d8f322110b2e90177f9", - "sha256:8d0af8d3664f142414fd5b15cabfd3b6cc3ef242a3c7a7493257025be5a6955f", - "sha256:9679831005fb16c6df3dd35d17aa31dc0d4d7573d84f0b44cc481490a65c7725", - "sha256:a8f67ebfae9f575d85fa859b54d3bdecaeece74e3274b0b5c5f804d7ca789fe1", - "sha256:acbf5c52db4adb366c064d0b7c7899e3e778d89db585feadd23b06b587d64761", - "sha256:ada4805ed51f5bcaa3a06d3dd94939351869c095e30a2b54264f5a5004b52170", - "sha256:c7354e8f0eca5c110b7e978034cd86ed98a7a5ffcf69ca97535445a595e07b8e", - "sha256:e2e9d8c87120ba2c591f60e32736b82b67f72c37ba88a4c23c81b5b8fa49c018", - "sha256:e467c57121fe1b78a8f68dd9255fbb3bb3f4f7547c6b9e109f31d14569f490c3", - "sha256:ede47b98de79565fcd7f2decb475e2dcc85ee4097743e551fe26cfc7eb3ff143", - "sha256:f58913e9227400f1395c7b800503ebfdb0772f1c33ff8cb4d6451c06cabdf316", - "sha256:fe39f5fd4103ec4ca3cb8600b19216cd1ff316b4990f4c0b6057ad982c0a34d5" - ], - "index": "pypi", - "version": "==1.17.4" + "sha256:1786a08236f2c92ae0e70423c45e1e62788ed33028f94ca99c4df03f5be6b3c6", + "sha256:17aa7a81fe7599a10f2b7d95856dc5cf84a4eefa45bc96123cbbc3ebc568994e", + "sha256:20b26aaa5b3da029942cdcce719b363dbe58696ad182aff0e5dcb1687ec946dc", + "sha256:2d75908ab3ced4223ccba595b48e538afa5ecc37405923d1fea6906d7c3a50bc", + "sha256:39d2c685af15d3ce682c99ce5925cc66efc824652e10990d2462dfe9b8918c6a", + "sha256:56bc8ded6fcd9adea90f65377438f9fea8c05fcf7c5ba766bef258d0da1554aa", + "sha256:590355aeade1a2eaba17617c19edccb7db8d78760175256e3cf94590a1a964f3", + "sha256:70a840a26f4e61defa7bdf811d7498a284ced303dfbc35acb7be12a39b2aa121", + "sha256:77c3bfe65d8560487052ad55c6998a04b654c2fbc36d546aef2b2e511e760971", + "sha256:9537eecf179f566fd1c160a2e912ca0b8e02d773af0a7a1120ad4f7507cd0d26", + "sha256:9acdf933c1fd263c513a2df3dceecea6f3ff4419d80bf238510976bf9bcb26cd", + "sha256:ae0975f42ab1f28364dcda3dde3cf6c1ddab3e1d4b2909da0cb0191fa9ca0480", + "sha256:b3af02ecc999c8003e538e60c89a2b37646b39b688d4e44d7373e11c2debabec", + "sha256:b6ff59cee96b454516e47e7721098e6ceebef435e3e21ac2d6c3b8b02628eb77", + "sha256:b765ed3930b92812aa698a455847141869ef755a87e099fddd4ccf9d81fffb57", + "sha256:c98c5ffd7d41611407a1103ae11c8b634ad6a43606eca3e2a5a269e5d6e8eb07", + "sha256:cf7eb6b1025d3e169989416b1adcd676624c2dbed9e3bcb7137f51bfc8cc2572", + "sha256:d92350c22b150c1cae7ebb0ee8b5670cc84848f6359cf6b5d8f86617098a9b73", + "sha256:e422c3152921cece8b6a2fb6b0b4d73b6579bd20ae075e7d15143e711f3ca2ca", + "sha256:e840f552a509e3380b0f0ec977e8124d0dc34dc0e68289ca28f4d7c1d0d79474", + "sha256:f3d0a94ad151870978fb93538e95411c83899c9dc63e6fb65542f769568ecfa5" + ], + "index": "pypi", + "version": "==1.18.1" }, "pandas": { "hashes": [ @@ -216,9 +216,9 @@ }, "pyrsistent": { "hashes": [ - "sha256:f3b280d030afb652f79d67c5586157c5c1355c9a58dfc7940566e28d28f3df1b" + "sha256:cdc7b5e3ed77bed61270a47d35434a30617b9becdf2478af76ad2c6ade307280" ], - "version": "==0.15.6" + "version": "==0.15.7" }, "python-dateutil": { "hashes": [ @@ -244,54 +244,54 @@ }, "pyyaml": { "hashes": [ - "sha256:0e7f69397d53155e55d10ff68fdfb2cf630a35e6daf65cf0bdeaf04f127c09dc", - "sha256:2e9f0b7c5914367b0916c3c104a024bb68f269a486b9d04a2e8ac6f6597b7803", - "sha256:35ace9b4147848cafac3db142795ee42deebe9d0dad885ce643928e88daebdcc", - "sha256:38a4f0d114101c58c0f3a88aeaa44d63efd588845c5a2df5290b73db8f246d15", - "sha256:483eb6a33b671408c8529106df3707270bfacb2447bf8ad856a4b4f57f6e3075", - "sha256:4b6be5edb9f6bb73680f5bf4ee08ff25416d1400fbd4535fe0069b2994da07cd", - "sha256:7f38e35c00e160db592091751d385cd7b3046d6d51f578b29943225178257b31", - "sha256:8100c896ecb361794d8bfdb9c11fce618c7cf83d624d73d5ab38aef3bc82d43f", - "sha256:c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c", - "sha256:e4c015484ff0ff197564917b4b4246ca03f411b9bd7f16e02a2f586eb48b6d04", - "sha256:ebc4ed52dcc93eeebeae5cf5deb2ae4347b3a81c3fa12b0b8c976544829396a4" + "sha256:059b2ee3194d718896c0ad077dd8c043e5e909d9180f387ce42012662a4946d6", + "sha256:1cf708e2ac57f3aabc87405f04b86354f66799c8e62c28c5fc5f88b5521b2dbf", + "sha256:24521fa2890642614558b492b473bee0ac1f8057a7263156b02e8b14c88ce6f5", + "sha256:4fee71aa5bc6ed9d5f116327c04273e25ae31a3020386916905767ec4fc5317e", + "sha256:70024e02197337533eef7b85b068212420f950319cc8c580261963aefc75f811", + "sha256:74782fbd4d4f87ff04159e986886931456a1894c61229be9eaf4de6f6e44b99e", + "sha256:940532b111b1952befd7db542c370887a8611660d2b9becff75d39355303d82d", + "sha256:cb1f2f5e426dc9f07a7681419fe39cee823bb74f723f36f70399123f439e9b20", + "sha256:dbbb2379c19ed6042e8f11f2a2c66d39cceb8aeace421bfc29d085d93eda3689", + "sha256:e3a057b7a64f1222b56e47bcff5e4b94c4f61faac04c7c4ecb1985e18caa3994", + "sha256:e9f45bd5b92c7974e59bcd2dcc8631a6b6cc380a904725fce7bc08872e691615" ], "index": "pypi", - "version": "==5.2" + "version": "==5.3" }, "scipy": { "hashes": [ - "sha256:0b8c9dc042b9a47912b18b036b4844029384a5b8d89b64a4901ac3e06876e5f6", - "sha256:18ad034be955df046b5a27924cdb3db0e8e1d76aaa22c635403fe7aee17f1482", - "sha256:225d0b5e140bb66df23d438c7b535303ce8e533f94454f4e5bde5f8d109103ea", - "sha256:2f690ba68ed7caa7c30b6dc48c1deed22c78f3840fa4736083ef4f2bd8baa19e", - "sha256:4b8746f4a755bdb2eeb39d6e253a60481e165cfd74fdfb54d27394bd2c9ec8ac", - "sha256:4ba2ce1a58fe117e993cf316a149cf9926c7c5000c0cdc4bc7c56ae8325612f6", - "sha256:546f0dc020b155b8711159d53c87b36591d31f3327c47974a4fb6b50d91589c2", - "sha256:583f2ccd6a112656c9feb2345761d2b19e9213a094cfced4e7d2c1cae4173272", - "sha256:64bf4e8ae0db2d42b58477817f648d81e77f0b381d0ea4427385bba3f959380a", - "sha256:7be424ee09bed7ced36c9457f99c826ce199fd0c0f5b272cf3d098ff7b29e3ae", - "sha256:869465c7ff89fc0a1e2ea1642b0c65f1b3c05030f3a4c0d53d6a57b2dba7c242", - "sha256:884e619821f47eccd42979488d10fa1e15dbe9f3b7660b1c8c928d203bd3c1a3", - "sha256:a42b0d02150ef4747e225c31c976a304de5dc8202ec35a27111b7bb8176e5f13", - "sha256:a70308bb065562afb936c963780deab359966d71ab4f230368b154dde3136ea4", - "sha256:b01ea5e4cf95a93dc335089f8fbe97852f56fdb74afff238cbdf09793103b6b7", - "sha256:b7b8cf45f9a48f23084f19deb9384a1cccb5e92fbc879b12f97dc4d56fb2eb92", - "sha256:bb0899d3f8b9fe8ef95b79210cf0deb6709542889fadaa438eeb3a28001e09e7", - "sha256:c008f1b58f99f1d1cc546957b3effe448365e0a217df1f1894e358906e91edad", - "sha256:cfee99d085d562a7e3c4afe51ac1fe9b434363489e565a130459307f30077973", - "sha256:dfcb0f0a2d8e958611e0b56536285bb435f03746b6feac0e29f045f7c6caf164", - "sha256:f5d47351aeb1cb6bda14a8908e56648926a6b2d714f89717c71f7ada41282141" - ], - "index": "pypi", - "version": "==1.3.3" + "sha256:00af72998a46c25bdb5824d2b729e7dabec0c765f9deb0b504f928591f5ff9d4", + "sha256:0902a620a381f101e184a958459b36d3ee50f5effd186db76e131cbefcbb96f7", + "sha256:1e3190466d669d658233e8a583b854f6386dd62d655539b77b3fa25bfb2abb70", + "sha256:2cce3f9847a1a51019e8c5b47620da93950e58ebc611f13e0d11f4980ca5fecb", + "sha256:3092857f36b690a321a662fe5496cb816a7f4eecd875e1d36793d92d3f884073", + "sha256:386086e2972ed2db17cebf88610aab7d7f6e2c0ca30042dc9a89cf18dcc363fa", + "sha256:71eb180f22c49066f25d6df16f8709f215723317cc951d99e54dc88020ea57be", + "sha256:770254a280d741dd3436919d47e35712fb081a6ff8bafc0f319382b954b77802", + "sha256:787cc50cab3020a865640aba3485e9fbd161d4d3b0d03a967df1a2881320512d", + "sha256:8a07760d5c7f3a92e440ad3aedcc98891e915ce857664282ae3c0220f3301eb6", + "sha256:8d3bc3993b8e4be7eade6dcc6fd59a412d96d3a33fa42b0fa45dc9e24495ede9", + "sha256:9508a7c628a165c2c835f2497837bf6ac80eb25291055f56c129df3c943cbaf8", + "sha256:a144811318853a23d32a07bc7fd5561ff0cac5da643d96ed94a4ffe967d89672", + "sha256:a1aae70d52d0b074d8121333bc807a485f9f1e6a69742010b33780df2e60cfe0", + "sha256:a2d6df9eb074af7f08866598e4ef068a2b310d98f87dc23bd1b90ec7bdcec802", + "sha256:bb517872058a1f087c4528e7429b4a44533a902644987e7b2fe35ecc223bc408", + "sha256:c5cac0c0387272ee0e789e94a570ac51deb01c796b37fb2aad1fb13f85e2f97d", + "sha256:cc971a82ea1170e677443108703a2ec9ff0f70752258d0e9f5433d00dda01f59", + "sha256:dba8306f6da99e37ea08c08fef6e274b5bf8567bb094d1dbe86a20e532aca088", + "sha256:dc60bb302f48acf6da8ca4444cfa17d52c63c5415302a9ee77b3b21618090521", + "sha256:dee1bbf3a6c8f73b6b218cb28eed8dd13347ea2f87d572ce19b289d6fd3fbc59" + ], + "index": "pypi", + "version": "==1.4.1" }, "six": { "hashes": [ - "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd", - "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66" + "sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a", + "sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c" ], - "version": "==1.13.0" + "version": "==1.14.0" }, "soupsieve": { "hashes": [ @@ -302,11 +302,11 @@ }, "sympy": { "hashes": [ - "sha256:31567dc010bff0967ef7a87210acf3f938c6ab24481581fc143536fb103e9ce8", - "sha256:8ae4a95378304ed4081921767fe46f0adf5921bf471c9f5df425abf2c655d751" + "sha256:4880d3a351558063bd89febda302f220dc4b88de393bba81fa6539a3966f03fa", + "sha256:d77901d748287d15281f5ffe5b0fef62dd38f357c2b827c44ff07f35695f4e7e" ], "index": "pypi", - "version": "==1.5" + "version": "==1.5.1" }, "toml": { "hashes": [ @@ -341,6 +341,13 @@ } }, "develop": { + "appdirs": { + "hashes": [ + "sha256:9e5896d1372858f8dd3344faf4e5014d21849c756c8d5701f78f8a103b372d92", + "sha256:d8b24664561d0d34ddfaec54636d502d7cea6e29c3eaf68f3df6180863e2166e" + ], + "version": "==1.4.3" + }, "aspy.yaml": { "hashes": [ "sha256:463372c043f70160a9ec950c3f1e4c3a82db5fca01d334b6bc89c7164d744bdc", @@ -358,10 +365,10 @@ }, "cfgv": { "hashes": [ - "sha256:edb387943b665bf9c434f717bf630fa78aecd53d5900d2e05da6ad6048553144", - "sha256:fbd93c9ab0a523bf7daec408f3be2ed99a980e20b2d19b50fc184ca6b820d289" + "sha256:04b093b14ddf9fd4d17c53ebfd55582d27b76ed30050193c14e560770c5360eb", + "sha256:f22b426ed59cd2ab2b54ff96608d846c33dfb8766a67f0b4a6ce130ce244414f" ], - "version": "==2.0.1" + "version": "==3.0.0" }, "coverage": { "hashes": [ @@ -401,6 +408,12 @@ "index": "pypi", "version": "==4.5.4" }, + "distlib": { + "hashes": [ + "sha256:2e166e231a26b36d6dfe35a48c4464346620f8645ed0ace01ee31822b288de21" + ], + "version": "==0.3.0" + }, "entrypoints": { "hashes": [ "sha256:589f874b313739ad35be6e0cd7efde2a4e9b6fea91edcc34e58ecbb8dbe56d19", @@ -408,6 +421,13 @@ ], "version": "==0.3" }, + "filelock": { + "hashes": [ + "sha256:18d82244ee114f543149c66a6e0c14e9c4f8a1044b5cdaadd0f82159d6a6ff59", + "sha256:929b7d63ec5b7d6b71b0fa5ac14e030b3f70b75747cef1b10da9b879fef15836" + ], + "version": "==3.0.12" + }, "flake8": { "hashes": [ "sha256:45681a117ecc81e870cbf1262835ae4af5e7a8b08e40b944a8a6e6b895914cfb", @@ -418,11 +438,11 @@ }, "flake8-annotations": { "hashes": [ - "sha256:5e0228cc4645931b574cdc73d855916a9fa9ea1d40dbda7b2c20d0b04d004f17", - "sha256:c7e5059bd62ff6636fe716b2c97bbe31ab35316da4ba69b57e285fb166ffe015" + "sha256:47705be09c6e56e9e3ac1656e8f5ed70862a4657116dc472f5a56c1bdc5172b1", + "sha256:564702ace354e1059252755be79d082a70ae1851c86044ae1a96d0f5453280e9" ], "index": "pypi", - "version": "==1.1.1" + "version": "==1.2.0" }, "flake8-bugbear": { "hashes": [ @@ -488,10 +508,10 @@ }, "identify": { "hashes": [ - "sha256:7782115794ec28b011702815d9f5e532244560cd2bf0789c4f09381d43befd90", - "sha256:9e7521e9abeaede4d2d1092a106e418c65ddf6b3182b43930bcb3c8cfb974488" + "sha256:1222b648251bdcb8deb240b294f450fbf704c7984e08baa92507e4ea10b436d5", + "sha256:d824ebe21f38325c771c41b08a95a761db1982f1fc0eee37c6c97df3f1636b96" ], - "version": "==1.4.8" + "version": "==1.4.11" }, "junit-xml": { "hashes": [ @@ -508,17 +528,17 @@ }, "nodeenv": { "hashes": [ - "sha256:ad8259494cf1c9034539f6cced78a1da4840a4b157e23640bc4a0c0546b0cb7a" + "sha256:5b2438f2e42af54ca968dd1b374d14a1194848955187b0e5e4be1f73813a5212" ], - "version": "==1.3.3" + "version": "==1.3.5" }, "pre-commit": { "hashes": [ - "sha256:9f152687127ec90642a2cc3e4d9e1e6240c4eb153615cb02aa1ad41d331cbb6e", - "sha256:c2e4810d2d3102d354947907514a78c5d30424d299dc0fe48f5aa049826e9b50" + "sha256:8f48d8637bdae6fa70cc97db9c1dd5aa7c5c8bf71968932a380628c25978b850", + "sha256:f92a359477f3252452ae2e8d3029de77aec59415c16ae4189bcfba40b757e029" ], "index": "pypi", - "version": "==1.20.0" + "version": "==1.21.0" }, "pycodestyle": { "hashes": [ @@ -544,27 +564,27 @@ }, "pyyaml": { "hashes": [ - "sha256:0e7f69397d53155e55d10ff68fdfb2cf630a35e6daf65cf0bdeaf04f127c09dc", - "sha256:2e9f0b7c5914367b0916c3c104a024bb68f269a486b9d04a2e8ac6f6597b7803", - "sha256:35ace9b4147848cafac3db142795ee42deebe9d0dad885ce643928e88daebdcc", - "sha256:38a4f0d114101c58c0f3a88aeaa44d63efd588845c5a2df5290b73db8f246d15", - "sha256:483eb6a33b671408c8529106df3707270bfacb2447bf8ad856a4b4f57f6e3075", - "sha256:4b6be5edb9f6bb73680f5bf4ee08ff25416d1400fbd4535fe0069b2994da07cd", - "sha256:7f38e35c00e160db592091751d385cd7b3046d6d51f578b29943225178257b31", - "sha256:8100c896ecb361794d8bfdb9c11fce618c7cf83d624d73d5ab38aef3bc82d43f", - "sha256:c0ee8eca2c582d29c3c2ec6e2c4f703d1b7f1fb10bc72317355a746057e7346c", - "sha256:e4c015484ff0ff197564917b4b4246ca03f411b9bd7f16e02a2f586eb48b6d04", - "sha256:ebc4ed52dcc93eeebeae5cf5deb2ae4347b3a81c3fa12b0b8c976544829396a4" + "sha256:059b2ee3194d718896c0ad077dd8c043e5e909d9180f387ce42012662a4946d6", + "sha256:1cf708e2ac57f3aabc87405f04b86354f66799c8e62c28c5fc5f88b5521b2dbf", + "sha256:24521fa2890642614558b492b473bee0ac1f8057a7263156b02e8b14c88ce6f5", + "sha256:4fee71aa5bc6ed9d5f116327c04273e25ae31a3020386916905767ec4fc5317e", + "sha256:70024e02197337533eef7b85b068212420f950319cc8c580261963aefc75f811", + "sha256:74782fbd4d4f87ff04159e986886931456a1894c61229be9eaf4de6f6e44b99e", + "sha256:940532b111b1952befd7db542c370887a8611660d2b9becff75d39355303d82d", + "sha256:cb1f2f5e426dc9f07a7681419fe39cee823bb74f723f36f70399123f439e9b20", + "sha256:dbbb2379c19ed6042e8f11f2a2c66d39cceb8aeace421bfc29d085d93eda3689", + "sha256:e3a057b7a64f1222b56e47bcff5e4b94c4f61faac04c7c4ecb1985e18caa3994", + "sha256:e9f45bd5b92c7974e59bcd2dcc8631a6b6cc380a904725fce7bc08872e691615" ], "index": "pypi", - "version": "==5.2" + "version": "==5.3" }, "six": { "hashes": [ - "sha256:1f1b7d42e254082a9db6279deae68afb421ceba6158efa6131de7b3003ee93fd", - "sha256:30f610279e8b2578cab6db20741130331735c781b56053c59c4076da27f06b66" + "sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a", + "sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c" ], - "version": "==1.13.0" + "version": "==1.14.0" }, "snowballstemmer": { "hashes": [ @@ -591,10 +611,10 @@ }, "virtualenv": { "hashes": [ - "sha256:0d62c70883c0342d59c11d0ddac0d954d0431321a41ab20851facf2b222598f3", - "sha256:55059a7a676e4e19498f1aad09b8313a38fcc0cdbe4fdddc0e9b06946d21b4bb" + "sha256:531b142e300d405bb9faedad4adbeb82b4098b918e35209af2adef3129274aae", + "sha256:5dd42a9f56307542bddc446cfd10ef6576f11910366a07609fe8d0d88fa8fb7e" ], - "version": "==16.7.9" + "version": "==20.0.5" } } } diff --git a/docker/venv.Dockerfile b/docker/venv.Dockerfile index b415430..fe5b10d 100644 --- a/docker/venv.Dockerfile +++ b/docker/venv.Dockerfile @@ -4,10 +4,14 @@ ARG DEV ENV PIP_NO_CACHE_DIR=false \ PIPENV_DONT_USE_PYENV=1 \ PIPENV_HIDE_EMOJIS=1 \ - PIPENV_NOSPIN=1 \ - PIPENV_VENV_IN_PROJECT=1 + PIPENV_NOSPIN=1 COPY Pipfile Pipfile.lock snekbox.cfg /snekbox/ WORKDIR /snekbox -RUN if [ -n "${DEV}" ]; then pipenv sync --dev; else pipenv sync; fi +RUN if [ -n "${DEV}" ]; \ + then \ + pipenv install --deploy --system --dev; \ + else \ + pipenv install --deploy --system; \ + fi diff --git a/scripts/.profile b/scripts/.profile index 73fbb28..69ad959 100644 --- a/scripts/.profile +++ b/scripts/.profile @@ -17,5 +17,5 @@ nsjpy() { nsjail \ --config "${NSJAIL_CFG:-/snekbox/snekbox.cfg}" \ $nsj_args -- \ - /snekbox/.venv/bin/python3 -Iqu -c "$@" + /usr/local/bin/python -Iqu -c "$@" } diff --git a/snekbox.cfg b/snekbox.cfg index 968271c..2e8b2e0 100644 --- a/snekbox.cfg +++ b/snekbox.cfg @@ -81,6 +81,27 @@ mount { rw: false } +mount { + src: "/usr/local/bin/python" + dst: "/usr/local/bin/python" + is_bind: true + rw: false +} + +mount { + src: "/usr/local/bin/python3" + dst: "/usr/local/bin/python3" + is_bind: true + rw: false +} + +mount { + src: "/usr/local/bin/python3.8" + dst: "/usr/local/bin/python3.8" + is_bind: true + rw: false +} + cgroup_mem_max: 52428800 cgroup_mem_mount: "/sys/fs/cgroup/memory" cgroup_mem_parent: "NSJAIL" @@ -92,6 +113,6 @@ cgroup_pids_parent: "NSJAIL" iface_no_lo: true exec_bin { - path: "/snekbox/.venv/bin/python3" + path: "/usr/local/bin/python" arg: "-Iqu" } -- cgit v1.2.3