Redundancy regarding NsJail config values

[MarkKoz]

I dislike that the following code exists when it is already defined in the config

snekbox/snekbox/nsjail.py

Lines 23 to 24 in 7a212ed

	CGROUP_PIDS_PARENT = Path("/sys/fs/cgroup/pids/NSJAIL")
	CGROUP_MEMORY_PARENT = Path("/sys/fs/cgroup/memory/NSJAIL")

snekbox/snekbox/nsjail.py

Line 28 in 7a212ed

MEM_MAX = 52428800

snekbox/scripts/.profile

Line 2 in 7a212ed

local MEM_MAX=52428800

snekbox/scripts/.profile

Lines 12 to 15 in 7a212ed

	mkdir -p /sys/fs/cgroup/pids/NSJAIL
	mkdir -p /sys/fs/cgroup/memory/NSJAIL
	echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.limit_in_bytes
	echo "${MEM_MAX}" > /sys/fs/cgroup/memory/NSJAIL/memory.memsw.limit_in_bytes

These values are at risk of falling out of sync with the config. This applies more to MEM_MAX, since cgroup paths would be odd to modify.

Some ideas for solutions:

• Write a script to read the config and parse it into something Python can interact with.
  • The config format can ostensibly be parsed with simple regex, but I don't know how much I can trust its accuracy.
• Parse the file with protobuf, just like NsJail
  • This requires an extra dependency.
  • Their config.proto file is needed somehow.
    • Copying it over means that it has to be kept in sync with whatever NsJail version is being used in the Docker image.
    • Using a submodule seems overkill and kind of annoying to use, but would solve the problem with simply copying over the file. The submodule could be used to build the Docker image rather than cloning the repo again when building. That would ensure the submodule version is kept in sync with the Docker image.

Either way, some sort of command line utility would be needed so the .profile shell script can access these values. To avoid that, .profile would need to just become a proxy to another Python script, which means effectively rewriting it using Python (see #73).