Limit resources allowed in challenge containers

[C0deH4cker]

Challenge containers currently have no form of resource limitations. This means that a single player who achieves code execution would be able to consume all CPU/memory/process etc. resources, resulting in server instability. To combat this, there should be some sane limits applied by default, potentially with the ability for individual Build.mk project files to tweak these values for their containers.

[nil0x42]

Do you have recommandations on how to implement it with current version ? By adding some commands to docker file ?

[C0deH4cker]

Do you have recommandations on how to implement it with current version ? By adding some commands to docker file ?

You can set DOCKER_RUN_ARGS in your Build.mk file to provide any extra arguments to docker run, including those from the Docker documentation for limiting stuff like CPU time and memory. The proper fix for this issue is effectively just to make this easier by defining a new variable like DOCKER_CPU_LIMIT and similar that will end up being processed into DOCKER_RUN_ARGS.

[nil0x42]

Do you have recommandations on how to implement it with current version ? By adding some commands to docker file ?

You can set DOCKER_RUN_ARGS in your Build.mk file to provide any extra arguments to docker run, including those from the Docker documentation for limiting stuff like CPU time and memory. The proper fix for this issue is effectively just to make this easier by defining a new variable like DOCKER_CPU_LIMIT and similar that will end up being processed into DOCKER_RUN_ARGS.

Thank you !