sroettger

The `--exec-wrapper` proposal sounds nice. In kctf we just ship a shell script that does the PoW and then runs the real challenge: https://github.com/google/kctf/blob/alpha/base/nsjail-docker/files/proof_of_work/maybe_pow.sh The downside of this is that...

@sirdarckcat fyi

The --exec-wrapper is still something we would like to use for https://github.com/google/kctf. I.e. in kctf, we provide a proof-of-work as part of our infrastructure and the chroot is mostly controlled...

I implemented this as a poc (needs some polishing): https://github.com/sroettger/nsjail/commit/8f4c3a985d5eee5521da12343b8f1dd219e44192 Wdyt?

We're going to use socat + nsjail in mode "once" now for our usecase: https://github.com/google/kctf/pull/168