mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-30 20:39:39 +02:00
[pitboss] phase 03: M3 — Docker backend + sandbox-escape regression suite
This commit is contained in:
parent
3a4f1b177b
commit
a8b9dcd72b
36 changed files with 1778 additions and 27 deletions
32
tests/dynamic_fixtures/escape/tmpfs_overflow.py
Normal file
32
tests/dynamic_fixtures/escape/tmpfs_overflow.py
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
"""Escape attempt: exhaust host disk/tmpfs by writing large files.
|
||||
|
||||
Expected outcome: ENOSPC or killed by cgroup memory limit.
|
||||
"""
|
||||
import sys
|
||||
import os
|
||||
|
||||
CHUNK = 1024 * 1024 # 1 MiB
|
||||
MAX_WRITES = 8192 # 8 GiB total — well above any reasonable tmpfs limit
|
||||
|
||||
try:
|
||||
written = 0
|
||||
files = []
|
||||
for i in range(MAX_WRITES):
|
||||
path = f"/tmp/nyx_overflow_{i}"
|
||||
files.append(path)
|
||||
with open(path, "wb") as f:
|
||||
f.write(b"\x00" * CHUNK)
|
||||
written += CHUNK
|
||||
print(f"NYX_ESCAPE_SUCCESS: wrote {written // (1024*1024)} MiB to /tmp")
|
||||
sys.exit(0)
|
||||
except (OSError, IOError) as e:
|
||||
# ENOSPC expected — disk/tmpfs is full, no host impact.
|
||||
print(f"BLOCKED: {e}", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
finally:
|
||||
# Cleanup: don't leave huge files even on partial success.
|
||||
for p in files:
|
||||
try:
|
||||
os.unlink(p)
|
||||
except OSError:
|
||||
pass
|
||||
Loading…
Add table
Add a link
Reference in a new issue