Change test configuration - log path and cpu conf

- malort project will use "/var/log/malort" instead of "/tmp"
- malort project does not create child cgroup node of each "NSJAIL" process.

diff --git a/packaging/nsjail.sh b/packaging/nsjail.sh
index 972d73b09c7513cefa25f7317a90928cff0e576c..89d6068d5355c880a5926a769eedf9869ffa9f6c 100644 (file)
--- a/packaging/nsjail.sh
+++ b/packaging/nsjail.sh
@@ -13,9 +13,15 @@ then
 
        while [ ! -d /run/user/${OWNER_ID} ]; do sleep 1; done
 
+       #TODO: for limiting access privilege, smack access label should be modifed properly
        mkdir /run/user/${OWNER_ID}/nsjail
        chown owner:users /run/user/${OWNER_ID}/nsjail
        chsmack -a "*" /run/user/${OWNER_ID}/nsjail
+
+       #TODO: for limiting access privilege, smack access label should be modifed properly
+       mkdir /var/log/malort
+       chown owner:users /var/log/malort
+       chsmack -a "*" /var/log/malort
 else
        rmdir /sys/fs/cgroup/memory/malort/NSJAIL*
        rmdir /sys/fs/cgroup/memory/malort

diff --git a/test/runner-sandbox.cfg b/test/runner-sandbox.cfg
index 1d11ac4d024635222af3fe5bd49c2d32f60ecc30..f4ec2351c1e36230b1ac54e4fe0a7ac249089b87 100644 (file)
--- a/test/runner-sandbox.cfg
+++ b/test/runner-sandbox.cfg
@@ -60,11 +60,6 @@ clone_newipc: true
 clone_newuts: true
 clone_newcgroup: true
 
-log_file: "/tmp/nsjail.log"
-
-cgroup_mem_max: 10000000
-cgroup_cpu_ms_per_sec: 100
-
 ## Mount settings
 mount_proc: false
 
@@ -114,15 +109,6 @@ mount {
     rw: false
 }
 
-mount {
-    src: "/tmp"
-    dst: "/tmp"
-    is_bind: true
-    nosuid: true
-    nodev: true
-    rw: true
-}
-
 mount {
     src: "/dev"
     dst: "/dev"