Use proper return code for static_sandbox example

Also bump FSIZE limit to make it less likely to fail.

PiperOrigin-RevId: 268857718
Change-Id: I955ed4a10d8a49585ae330ab668a0bd891bb6ed6
This commit is contained in:
Wiktor Garbacz 2019-09-13 01:22:14 -07:00 committed by Copybara-Service
parent 2e22b13b39
commit d6ca9d9564

View File

@ -97,6 +97,13 @@ std::unique_ptr<sandbox2::Policy> GetPolicy() {
} }
int main(int argc, char** argv) { int main(int argc, char** argv) {
// This test is incompatible with sanitizers.
// The `SKIP_SANITIZERS_AND_COVERAGE` macro won't work for us here since we
// need to return something.
#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || \
defined(THREAD_SANITIZER)
return EXIT_SUCCESS;
#endif
gflags::ParseCommandLineFlags(&argc, &argv, true); gflags::ParseCommandLineFlags(&argc, &argv, true);
google::InitGoogleLogging(argv[0]); google::InitGoogleLogging(argv[0]);
@ -116,7 +123,7 @@ int main(int argc, char** argv) {
->set_rlimit_as(RLIM64_INFINITY) ->set_rlimit_as(RLIM64_INFINITY)
// Kill sandboxed processes with a signal (SIGXFSZ) if it writes more than // Kill sandboxed processes with a signal (SIGXFSZ) if it writes more than
// these many bytes to the file-system. // these many bytes to the file-system.
.set_rlimit_fsize(1024) .set_rlimit_fsize(1024 * 1024)
// The CPU time limit. // The CPU time limit.
.set_rlimit_cpu(60) .set_rlimit_cpu(60)
.set_walltime_limit(absl::Seconds(30)); .set_walltime_limit(absl::Seconds(30));
@ -135,5 +142,6 @@ int main(int argc, char** argv) {
LOG(INFO) << "Final execution status: " << result.ToString(); LOG(INFO) << "Final execution status: " << result.ToString();
return EXIT_SUCCESS; return result.final_status() == sandbox2::Result::OK ? EXIT_SUCCESS
: EXIT_FAILURE;
} }