This repository has been archived by the owner on Nov 17, 2024. It is now read-only.
Makefile: add an install rule #17
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
Increase default num boxes
This made it impossible to override the default rules (which is unlikely to do, though :)).
Also documented behavior wrt. std{in,out,err}.
It turned out that Isolate's signal handling is prone to race
conditions, especially if the machine is under heavy load. Among
other problems:
o If multiple SIGINT-like signals were received in a quick
succession, the "UGH" message appeared.
o SIGPIPE could have been caught when writing the meta-file
to a pipe. This could trigger the same problem as above.
o There was a short time window between starting the child
process and setting up signal handlers, where an interrupt
signal could have killed the master process and leave the
child running on its own.
o If the master process received a SIGSEGV-like signal,
it was reported as an error of the sandboxed process
instead of a proper internal error.
I switched to handling different signals differently:
o Interrupt signals are handled synchronously like we already
did with SIGALRM.
o Signals like SIGSEGV are reported as internal errors after
killing the child process.
o SIGPIPE, SIGUSR1, and SIGUSR2 are ignored.
Also, we set up the signal handlers right before calling clone()
and reset them inside the child process, so we should not catch
a signal unprepared.
This significantly decreases the latency of killing the process after it exceeds its time limit. Based on a patch by Alexander Crustev.
The previous location in /tmp/box/ was prone to symlink attacks.
Apparently, the switch is ignored for man pages and newer versions of asciidoc warn on its use.
Inspired by pull request #7 by @bblackham and patch by @austrin.
Closes #4.
It was broken by commit a40942b. The bug was probably harmless: the cpu/mem sets of the subgroup got initialized to empty strings by the kernel, which caused it to use the settings of the parent group anyway.
Added f to short_opts
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.