update readme, fix bug where multiple args were appearing as one arg

lxc/executors/bash

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 bash code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 bash code.code"

lxc/executors/c

@@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 gcc -o binary -x c code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 ./binary"

lxc/executors/cpp

@@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 g++ -o binary -x c++ code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 ./binary"

lxc/executors/csharp

@@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 mcs $(echo code.code | sed 's/\///') -nowarn:0219 -out:binary
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 mono binary"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 mono binary"

lxc/executors/go

@@ -3,4 +3,4 @@ cp code.code interim.go
 file="interim.go"
 GOROOT=/usr/lib/go timeout -s KILL 10 go build $file
 file=${file%%.*}
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./$file"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 ./$file"

lxc/executors/java

@@ -3,4 +3,4 @@ cp code.code interim.java
 name=$(cat interim.java | grep -Eo 'public\s+class\s+([A-Za-z0-9]+)' | sed -n 's/  */ /gp' | cut -d' ' -f3)
 mv interim.java $name.java
 timeout -s KILL 10 javac $name.java
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 java $name"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 java $name"

lxc/executors/nasm

@@ -1,4 +1,4 @@
 cd /tmp/$2
 timeout -s KILL 10 nasm -f elf64 -o binary.o code.code
 timeout -s KILL 10 ld binary.o -o binary
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 ./binary"

lxc/executors/node

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 nodejs code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 nodejs code.code"

lxc/executors/php

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 php code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 php code.code"

lxc/executors/python2

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 python2 code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 python2 code.code"

lxc/executors/python3

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 python3.6 code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 python3.6 code.code"

lxc/executors/r

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 Rscript code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 Rscript code.code"

lxc/executors/ruby

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ruby code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 ruby code.code"

lxc/executors/rust

@@ -1,3 +1,3 @@
 cd /tmp/$2
 timeout -s KILL 10 rustc -o binary code.code
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 ./binary"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 ./binary"

lxc/executors/swift

@@ -1,2 +1,2 @@
 cd /tmp/$2
-runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs -d '\n' timeout -s KILL 3 swift code.code"
+runuser -l runner$1 -c "cd /tmp/$2 ; cat args.args | xargs timeout -s KILL 3 swift code.code"

readme.md

@@ -66,10 +66,10 @@ cd ../tests
 ```
 
 #### Usage
-- `lxc/execute [language] [path] [arg]...`
+- `lxc/execute [language] [file path] [arg]...`
 
 #### Supported Languages
-Currently python2, python3, c, c++, go, node, ruby, r, c#, nasm, php, java, and brainfuck is supported.
+Currently python2, python3, c, c++, go, node, ruby, r, c#, nasm, php, java, swift, brainfuck, rust, and bash is supported.
 
 #### Principle of Operation
 Piston utilizes LXC as the primary mechanism for sandboxing. There is a small API written in Go which takes
@@ -82,9 +82,10 @@ LXC provides a great deal of security out of the box in that it's separate from
 Piston takes additional steps to make it resistant to
 various privilege escalation, denial-of-service, and resource saturation threats. These steps include:
 - Disabling outgoing network interaction
-- Capping max processes at 16 (resists `:(){ :|: &}:;`, `while True: os.fork()`, etc.)
-- Capping max files at 256 (resists various file based attacks)
+- Capping max processes at 64 (resists `:(){ :|: &}:;`, `while True: os.fork()`, etc.)
+- Capping max files at 2048 (resists various file based attacks)
 - Mounting all resources read-only (resists `sudo rm -rf --no-preserve-root /`)
+- Running as a variety of unprivileged users
 - Capping runtime execution at 3 seconds
 - Capping stdout to 65536 characters (resists yes/no bombs and runaway output)
 - SIGKILLing misbehaving code