You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This will let us do away with the shenanigans of modifying the "autograder" user's UID, but at the cost of only being able to limit total processes for the container. We believe that this is not a significant loss and will relieve the recurring process limit headaches we've had to deal with.
Problems with our current approach:
Using usermod -u on the "autograder" user does NOT update permissions on files owned by "autograder" outside of the home directory.
Calling usermod -u can take a long time if there are a lot of files in /home/autograder
Since ulimit applies to the user rather than the process, setting a per-command limit isn't truly a per-command limit (a service started in the background would count towards the limit for other tests).
Ptrace: Needs research, but could be used to completely block forking for a command. We lose some granularity this way, but this could satisfy users who's goal is to stop all forks.
A ptrace fork-blocker could be written and used separately by users without changing this library
The text was updated successfully, but these errors were encountered:
This will let us do away with the shenanigans of modifying the "autograder" user's UID, but at the cost of only being able to limit total processes for the container. We believe that this is not a significant loss and will relieve the recurring process limit headaches we've had to deal with.
Problems with our current approach:
usermod -u
on the "autograder" user does NOT update permissions on files owned by "autograder" outside of the home directory.usermod -u
can take a long time if there are a lot of files in/home/autograder
Potential (non-)solutions and their problems:
XCgroups: Mounting cgroups in a container requires disabling certain security features. See Investigate using cgroups in cmd_runner.py to limit processes #38The text was updated successfully, but these errors were encountered: