nsjail
nsjail copied to clipboard
google
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
I'd like to see logs with timestamps with millisecond precision. I'm not super familiar with C++, but I think https://github.com/google/nsjail/blob/master/util.cc#L311 is where the change would need to be. It looks...
Could nsjail be packaged in a debian and/or rpm and/or apk package when released for ease of installation and management on Linux? https://github.com/goreleaser/nfpm could be used for that purpose
# Setup I'm running nsjail inside a docker container, using the last version from github repository today (27/04/2024). The container has the necessary privileges. The steps I'm using to build...
Hi, I am trying to run nsjail with a very simple python script and am getting the following: ``` Mode: STANDALONE_ONCE\n[I][2024-06-16T03:25:03+0000] Jail parameters: hostname:'python', chroot:'', process:'python3', bind:[::]:0, max_conns:0, max_conns_per_ip:0, time_limit:900,...
Sys-V shared memory (shmget, shmat, etc.), will not be immediately cleaned up by the kernel upon the exit of the jailed process (Linux cleans it up lazily using a workqueue),...
Bumped into this issue with current master (and older ones), where if there's a mount ``` mount { src: "/var/run/netns" dst: "/var/run/netns" rw: false is_bind: true mandatory: false } ```...
Hi, I'm trying to run a simple "pytorch tensor add" on GPU under nsjail on a GCP `nvidia-tesla-t4` node and i'm getting the following error. nsjail_pytorch.cfg ``` mount { src:...
