Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct file name in cgroupsv2 #122

Closed
wants to merge 1 commit into from
Closed

Correct file name in cgroupsv2 #122

wants to merge 1 commit into from

Conversation

Akarys42
Copy link
Contributor

@Akarys42 Akarys42 commented Dec 7, 2021

Cgroupsv2 renamed the limit file structure. This commit should fix that.

@Akarys42 Akarys42 added type: bug Something isn't working area: nsjail Related to NsJail and its configuration priority: 0 - critical Needs to be addressed ASAP labels Dec 7, 2021
@coveralls
Copy link

coveralls commented Dec 7, 2021
edited
Loading

Coverage Status

Coverage decreased (-0.9%) to 89.773% when pulling 72e8557 on cgroupsv2 into 94ba860 on main.

@Akarys42
Correct file name in cgroupsv2
72e8557 
Cgroupsv2 renamed the limit file structure. This commit should fix that.
MarkKoz
MarkKoz requested changes Dec 9, 2021
View reviewed changes
snekbox/nsjail.py
Comment on lines 51 to +55
@staticmethod
def _probe_cgroup_version() -> int:
"""Poll the filesystem and return the guessed cgroup version."""
# Right now we check whenever the controller path exists
version = 2 if CGROUPV2_PROBE_PATH.exists() else 1

if DEBUG:
log.info(f"Guessed cgroups version: {version}")

return version
return 2 if CGROUPV2_PROBE_PATH.exists() else 1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't even need to be a function. Just do self.cgroups_version = 2 if CGROUPV2_PROBE_PATH.exists() else 1.

snekbox/nsjail.py
Comment on lines 98 to 99
pids.mkdir(parents=True, exist_ok=True)
mem.mkdir(parents=True, exist_ok=True)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also needs to be adjusted, since v2 doesn't have subdirectories for each controller. NsJail doesn't even use cgroup_pids_mount and cgroup_mem_mount for v2. Instead, it's simply https://github.com/google/nsjail/blob/bf93e8a25d1b521797a319bc1f6182e894597224/cgroup2.cc#L42-L44

snekbox/nsjail.py
@@ -206,7 +210,7 @@ def python3(
cgroup = self._create_dynamic_cgroups()

with NamedTemporaryFile() as nsj_log:
if self._probe_cgroup_version() == 2:
if self.cgroups_version == 2:
nsjail_args = (["--use_cgroupv2"]).extend(nsjail_args)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if use_cgroupv2 is already in the NsJail config?

snekbox/nsjail.py
Comment on lines 119 to 120
# Swap limit is specified as the sum of the memory and swap limits.
# Therefore, setting it equal to the memory limit effectively disables swapping.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This description is for v1's behaviour. Does memory.swap.max in v2 also behave the same way?

@MarkKoz
Copy link
Member

MarkKoz commented Dec 12, 2021

@Akarys42 Are you still interested in working on this?

@Xithrius
Copy link
Member

@MarkKoz It seems they won't be able to work on this anymore.

because we lost write perms, we also won't be able to continue on this PR

From #dev-contrib, at this message.

I'm a bit late to updating these PRs, sorry about that.

@MarkKoz
Copy link
Member

MarkKoz commented Dec 13, 2021

@MarkKoz It seems they won't be able to work on this anymore.

because we lost write perms, we also won't be able to continue on this PR

From #dev-contrib, at this message.

I'm a bit late to updating these PRs, sorry about that.

I'm fine with the PR being re-opened using a different branch if Akarys wants to. Otherwise, I will try to finish the PR.

@MarkKoz MarkKoz self-assigned this Dec 17, 2021
@MarkKoz
Copy link
Member

MarkKoz commented Dec 17, 2021

I'm going to finish this PR.

@MarkKoz
Copy link
Member

MarkKoz commented Dec 22, 2021
edited
Loading

Closing in favour of #102. The approach taken here is inherently incorrect, and there wasn't any way to salvage it.

@MarkKoz MarkKoz closed this Dec 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MarkKoz MarkKoz MarkKoz requested changes

@Den4200 Den4200 Awaiting requested review from Den4200 Den4200 is a code owner

@jb3 jb3 Awaiting requested review from jb3 jb3 is a code owner

Assignees

@MarkKoz MarkKoz

Labels
area: nsjail Related to NsJail and its configuration priority: 0 - critical Needs to be addressed ASAP type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Akarys42 @coveralls @MarkKoz @Xithrius