Comments (3)
Inveracity
commented on May 3, 2024
I ended up doing this
nsjail -Mo \
--rlimit_as 700 \
--chroot / \
-E LANG=en_US.UTF-8 \
-R/usr -R/lib -R/lib64 \
--user nobody \
--group nogroup \
--time_limit 2 \
--disable_proc \
--iface_no_lo \
--quiet -- /usr/local/bin/python3.6 -ISq -c "print('test')"
and run the docker container in privileged mode
from nsjail.
robertswiecki
commented on May 3, 2024
Using --chroot / and -R /usr duplicates itself, as-in, both / will be mounted RO, and /usr will be mounted RO. But /usr would be there anyway as it's part of /. Try without --chroot /. Like this
nsjail -Mo --rlimit_as 700 -E LANG=en_US.UTF-8 -R/usr -R/lib -R/lib64 --user nobody --group nogroup --time_limit 2 --disable_proc --iface_no_lo --quiet -- /usr/bin/python3.6 -ISq -c "print('test')"
As for --disable_clone_newuser, it requires running nsjail from root (man user_namespaces for CLONE_NEWUSER)
from nsjail.
Inveracity
commented on May 3, 2024
Aha! Thank you 👍
from nsjail.
Related Issues (20)
- sched_setaffinity(max_cpus=1) failed: Invalid argument HOT 2
- Safe default /dev mounts? HOT 3
- check pid
- build fails after kafel update HOT 5
- build fails on 32 bit targets HOT 2
- Add millisecond precision to nsjail logs HOT 1
- Package nsjail for ease of installation on Linux
- Build fails on armv7l (32 bit) HOT 2
- mnt:mountPt fails with invalid argument HOT 1
- Better fs isolation HOT 3
- Using nsjail with GPU and OpenGL HOT 1
- Include installation instructions in the README HOT 1
- Compilation fails HOT 1
- Making configs HOT 1
- Updated vendored kafel to enable build on gcc13 HOT 1
- Python Tracing and Runtime security
- Build failed on arm64 with clang-15 HOT 1
- Build Fails when compiling on musl-libc system HOT 6
- config.cc uses old protobuf log handling API that was removed in protobuf 22.0 HOT 1
- SIGTERM Default Handler Issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nsjail.