Comments (6)
robertswiecki
commented on June 29, 2024
1
I attach another patch. Maybe this?
rlim02.patch.txt
from nsjail.
jvvv
commented on June 29, 2024
So far, I have tested building with the above patch applied on most recent releases of Arch, Debian, Fedora, openSUSE, and Ubuntu, all glibc based distrobutions. Builds on each ran without warning or error. Resultant binary worked correctly, though not extensively tested; merely ran some commands in a fully (except network) isolated chroot like container.
from nsjail.
robertswiecki
commented on June 29, 2024
Isn't it possible to use RLIM64_INFINITY and struct rlimit64 with musl?
These are defined in linux headers, maybe including <linux/resource.h> will help here?
Nothing prevents running 64-bit processes from 32-bit processes eg. under x86. If we used regular RLIM_INFINITY and struct rlimit64 then I'm worried the resources will be limited to 32-bit values for 64-bit processes.
Using syscall(__NR_prlimit64) instead of setrlimit64/getrlimit64 would help, but we still need those 64-bit structs/consts.
PS: I attached a patch using prlimit64, would it be possible to test it on musl-based systems?
from nsjail.
jvvv
commented on June 29, 2024
I have tested prlimit64.patch.txt; it still leaves occurences of rlimit64 and RLIM64_INFINITY, so compiling fails here. I tried your suggestion about including linux/resource.h, but failed due to redefinitions of several types.
I've spent some time this morning looking over both musl-libc and glibc source code. While I can't say that I didn't miss something, it looks to me that glibc typedefs or defines rlim64_t to rlim_t when FILE_OFFSET_BITS == 64 (similar handling of RLIM64_INFINITY also); for musl-libc, rlim_t is unsigned long long and the underlying code for getrlimit/setrlimit/prlimit uses the prlimit64 syscall. It is possible that I have missed some details in the code for glibc, so I will spend some more time later looking at it from that angle. I will try to get back about that in next day or so, time permitting.
from nsjail.
jvvv
commented on June 29, 2024
The rlim02.patch.txt works well here. Compiles cleanly and no runtime errors noticed so far. I was hoping to find a way to do it without any preprocessor ifdef's, but your approach seems straight forward and to the point.
from nsjail.
robertswiecki
commented on June 29, 2024
Applied in f388cad
Thanks for testing!
from nsjail.
Related Issues (20)
- Add millisecond precision to nsjail logs HOT 1
- Package nsjail for ease of installation on Linux
- Build fails on armv7l (32 bit) HOT 2
- mnt:mountPt fails with invalid argument HOT 1
- Better fs isolation HOT 2
- Using nsjail with GPU and OpenGL HOT 1
- Include installation instructions in the README HOT 1
- Compilation fails HOT 1
- Making configs
- Updated vendored kafel to enable build on gcc13 HOT 1
- Python Tracing and Runtime security
- Build failed on arm64 with clang-15 HOT 1
- config.cc uses old protobuf log handling API that was removed in protobuf 22.0 HOT 1
- SIGTERM Default Handler Issue HOT 1
- Exploring nsjail for Application Isolation with ROS2 HOT 1
- Error while loading shared libraries only when using config file HOT 9
- bind mounted /var/run/netns acts differently if nsjail started before or after network namespace is created HOT 1
- IPC resources should be explicitly cleaned up upon jail exit
- Invalid Argument - clone(flags=CLONE_NEWNS|CLONE_NEWCGROUP|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID) failed HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsjail.