From d0c478f2aa9b5cbe1a9fee65eeb9c402e28837c5 Mon Sep 17 00:00:00 2001 From: Kunhoon Baik Date: Thu, 29 Jul 2021 19:55:33 +0900 Subject: [PATCH] Change test configuration - log path and cpu conf - malort project will use "/var/log/malort" instead of "/tmp" - malort project does not create child cgroup node of each "NSJAIL" process. --- packaging/nsjail.sh | 6 ++++++ test/runner-sandbox.cfg | 14 -------------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/packaging/nsjail.sh b/packaging/nsjail.sh index 972d73b..89d6068 100644 --- a/packaging/nsjail.sh +++ b/packaging/nsjail.sh @@ -13,9 +13,15 @@ then while [ ! -d /run/user/${OWNER_ID} ]; do sleep 1; done + #TODO: for limiting access privilege, smack access label should be modifed properly mkdir /run/user/${OWNER_ID}/nsjail chown owner:users /run/user/${OWNER_ID}/nsjail chsmack -a "*" /run/user/${OWNER_ID}/nsjail + + #TODO: for limiting access privilege, smack access label should be modifed properly + mkdir /var/log/malort + chown owner:users /var/log/malort + chsmack -a "*" /var/log/malort else rmdir /sys/fs/cgroup/memory/malort/NSJAIL* rmdir /sys/fs/cgroup/memory/malort diff --git a/test/runner-sandbox.cfg b/test/runner-sandbox.cfg index 1d11ac4..f4ec235 100644 --- a/test/runner-sandbox.cfg +++ b/test/runner-sandbox.cfg @@ -60,11 +60,6 @@ clone_newipc: true clone_newuts: true clone_newcgroup: true -log_file: "/tmp/nsjail.log" - -cgroup_mem_max: 10000000 -cgroup_cpu_ms_per_sec: 100 - ## Mount settings mount_proc: false @@ -114,15 +109,6 @@ mount { rw: false } -mount { - src: "/tmp" - dst: "/tmp" - is_bind: true - nosuid: true - nodev: true - rw: true -} - mount { src: "/dev" dst: "/dev" -- 2.34.1