Skip to content

Make --pids-limit a default feature #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 7, 2016
Merged

Make --pids-limit a default feature #49

merged 1 commit into from
Aug 7, 2016

Conversation

Byron
Copy link
Member

@Byron Byron commented Aug 7, 2016

That way it is possible to not use this flag by building like so:

cargo build --no-default-features

This is useful for local sandbox installations running on a different
OS which doesn't directly support limiting PIDs, or which works
differently in that regards.

I am using coreOS for example, but admittedly also didn't try
to find a way to make it work.

shepmaster
shepmaster reviewed Aug 7, 2016
View reviewed changes
ui/src/sandbox.rs
.arg("--volume")
.arg(&mount_input_file)
.arg("--volume")
.arg(&mount_output_dir)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you undo these changes? I'm attempting to keep it as name, value to more easily match up what it does.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do ! Sorry for that, it was a rustfmt slip-up. Had it enabled on file-save, which mangled the entire file. When I noticed that, I copied the entire function to keep my changes after checking the file back out. Lesson learned: Watch these diffs :) !

@Byron
Copy link
Member Author

Byron commented Aug 7, 2016

Alright, thanks for the feedback ! Please have a look to see whether the comments of been addressed.

@shepmaster
Copy link
Member

Great! I appreciate that you renamed the feature instead of just adding a comment.

Would you mind squashing the 3 commits into one? If you'd rather, I can do it on my side.

@Byron
Make fork-bomb-prevention a default feature
1c4d920 
That way it is possible to not use the associateed
`--pids-limit` flag by building like so:

`cargo build --no-default-features`

This is useful for local sandbox installations running on a different
OS which doesn't directly support limiting PIDs, or which works
differently in that regards.

I am using coreOS for example, but admittedly also didn't try
to find a way to make it work.
@Byron
Copy link
Member Author

Byron commented Aug 7, 2016

Squash successful ! Thanks for merging.

@shepmaster
Copy link
Member

For your own sanity, you may want to figure out how to enable PID limiting anyway.

On Alpine Linux (for EC2), I had to do something like:

vim /etc/cgconfig.conf
# Add:    pids       = /cgroup/pids;

To mount the appropriate cgroup. Having an up-to-date kernel and Docker was also useful. I'd be surprised if CoreOS doesn't support this in some manner.

@shepmaster shepmaster merged commit 374c47f into rust-lang:master Aug 7, 2016
@Byron
Copy link
Member Author

Byron commented Aug 7, 2016

Indeed, for a production system I wouldn't want to have it any other way either.

By the way, for inspiration I recommend having a look at the Crystal Playground implementation. You can run it simply using crystal play, and it looks like this:

screen shot 2016-08-07 at 16 48 46

@shepmaster shepmaster added the enhancement Something new the playground could do label Aug 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Something new the playground could do
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Byron @shepmaster