search

ioi / isolate

Sandbox for securely executing untrusted programs
Other
1.1k stars 161 forks source link

Failed to create control group /sys/fs/cgroup/memory/box-0/: Read-only file system. #111

Closed tallninja closed 2 years ago

tallninja commented 2 years ago

When I run isolate --cg -b 1 --init inside a docker container I get the following error Failed to create control group /sys/fs/cgroup/memory/box-0/: Read-only file system

Here is my docker file:

FROM buildpack-deps:jammy
RUN apt-get install -y gcc
RUN set -xe && \
    apt-get install -y --no-install-recommends git libcap-dev && \
    rm -rf /var/lib/apt/lists/* && \
    git clone https://github.com/ioi/isolate.git /tmp/isolate && \
    cd /tmp/isolate && \
    git checkout v1.8.1 && \
    make -j$(nproc) install && \
    rm -rf /tmp/*

Output:

root@719bfeb3110a:/# isolate --cg -b 1 --init
Failed to create control group /sys/fs/cgroup/memory/box-1/: Read-only file system
tallninja commented 2 years ago

I figured it out i just needed to run my container in privileged mode.

docker container run --privileged isolatecontainer isolate --cg -b 1 --init