2 * $Id: ocamlbotwrapper.c.in,v 1.4 2007/06/29 21:43:21 rjones Exp $
3 * SUID wrapper around ocaml program.
11 #include <sys/resource.h>
13 const char *new_environ[] = {
23 /* Don't worry about races here because we're just checking that
24 * the installation looks reasonable.
26 * Die if the init script does not exist. */
27 if (access ("@INITSCRIPT@", R_OK) == -1) {
28 perror ("@INITSCRIPT@");
32 /* Die if the ocaml program does not exist. */
33 if (access ("@OCAML@", R_OK|X_OK) == -1) {
38 /* Die if the chroot directory does not exist. */
39 if (access ("@CHROOTDIR@", R_OK|X_OK) == -1) {
40 perror ("@CHROOTDIR@");
44 /* Set some limits. */
46 lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */
47 setrlimit (RLIMIT_AS, &lim);
50 lim.rlim_cur = lim.rlim_max = 0;
51 setrlimit (RLIMIT_CORE, &lim);
54 lim.rlim_cur = lim.rlim_max = 10; /* seconds */
55 setrlimit (RLIMIT_CPU, &lim);
58 lim.rlim_cur = lim.rlim_max = 0;
59 setrlimit (RLIMIT_MEMLOCK, &lim);
61 #ifdef RLIMIT_MSGQUEUE
62 lim.rlim_cur = lim.rlim_max = 0;
63 setrlimit (RLIMIT_MSGQUEUE, &lim);
66 lim.rlim_cur = lim.rlim_max = 10;
67 setrlimit (RLIMIT_NOFILE, &lim);
70 lim.rlim_cur = lim.rlim_max = 2;
71 setrlimit (RLIMIT_NPROC, &lim);
73 #ifdef RLIMIT_SIGPENDING
74 lim.rlim_cur = lim.rlim_max = 5;
75 setrlimit (RLIMIT_SIGPENDING, &lim);
78 lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */
79 setrlimit (RLIMIT_STACK, &lim);
82 /* Run the ocaml program with the correct args. */
83 execle ("@OCAML@", "@OCAML@",
84 "-init", "@INITSCRIPT@",
88 /* If it failed, die with an error message. */