Comments (3)
STANDALONE_ONCE
should be fixed now.
For STANDALONE_EXECVE
we cannot really do the cleanup, as in this case nsjail is replaced by the target binary on execve()
call and no nsjail code is executed after this point. (This is totally 'Works as intended').
@mtis88 this is probably expected and documented as such
Which pre-existing cpu cgroup to use as a parent (default: 'NSJAIL')
Nsjail does not attempt to create the cgroup parent as this would in most cases require more privileges than nsjail is running with.
from nsjail.
Another but similar issue, is that using cgroups and STANDALONE_EXECVE
mode always leaves /sys/fs/cgroup/pids/NSJAIL/NSJAIL.*
not cleaned up.
from nsjail.
I have to manually create the NSJAIL directory under the relevant cgroup (cpu in my case), is this expected?
from nsjail.
Related Issues (20)
- Add millisecond precision to nsjail logs HOT 1
- Package nsjail for ease of installation on Linux
- Build fails on armv7l (32 bit) HOT 2
- mnt:mountPt fails with invalid argument HOT 1
- Better fs isolation HOT 2
- Using nsjail with GPU and OpenGL HOT 1
- Include installation instructions in the README HOT 1
- Compilation fails HOT 1
- Making configs
- Updated vendored kafel to enable build on gcc13 HOT 1
- Python Tracing and Runtime security
- Build failed on arm64 with clang-15 HOT 1
- Build Fails when compiling on musl-libc system HOT 6
- config.cc uses old protobuf log handling API that was removed in protobuf 22.0 HOT 1
- SIGTERM Default Handler Issue HOT 1
- Exploring nsjail for Application Isolation with ROS2 HOT 1
- Error while loading shared libraries only when using config file HOT 9
- bind mounted /var/run/netns acts differently if nsjail started before or after network namespace is created HOT 1
- IPC resources should be explicitly cleaned up upon jail exit
- Invalid Argument - clone(flags=CLONE_NEWNS|CLONE_NEWCGROUP|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID) failed HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsjail.