X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;ds=sidebyside;f=ocamlbotwrapper.c;h=27c334fcefb618ccc477a28fb8dc3f368cb835be;hb=e510484ab8b113b43cf95a18820ad3a0629edf4b;hp=d7ad40df0fc03cda81fe74763e34bb4532922b79;hpb=d165f93ed79c62a1fa76f391d87ffc4d215b9efe;p=xavierbot.git

diff --git a/ocamlbotwrapper.c b/ocamlbotwrapper.c
index d7ad40d..27c334f 100644
--- a/ocamlbotwrapper.c
+++ b/ocamlbotwrapper.c
@@ -1,5 +1,5 @@
 /* -*- C -*-
- * $Id: ocamlbotwrapper.c,v 1.1 2007/06/28 19:47:26 rjones Exp $
+ * $Id: ocamlbotwrapper.c,v 1.8 2008/02/13 17:35:32 rjones Exp $
  * SUID wrapper around ocaml program.
  */
 
@@ -7,6 +7,8 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 
 const char *new_environ[] = {
   "PATH=/usr/bin",
@@ -16,8 +18,72 @@ const char *new_environ[] = {
 int
 main ()
 {
+  struct rlimit lim;
+
+  /* Don't worry about races here because we're just checking that
+   * the installation looks reasonable.
+   *
+   * Die if the init script does not exist. */
+  if (access ("init", R_OK) == -1) {
+    perror ("init");
+    exit (1);
+  }
+
+  /* Die if the ocaml program does not exist. */
+  if (access ("/usr/bin/ocaml", R_OK|X_OK) == -1) {
+    perror ("/usr/bin/ocaml");
+    exit (1);
+  }
+
+  /* Die if the chroot directory does not exist. */
+  if (access ("/var/local/xavierbot/chroot", R_OK|X_OK) == -1) {
+    perror ("/var/local/xavierbot/chroot");
+    exit (1);
+  }
+
+  /* Set some limits. */
+#ifdef RLIMIT_AS
+  lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */
+  setrlimit (RLIMIT_AS, &lim);
+#endif
+#ifdef RLIMIT_CORE
+  lim.rlim_cur = lim.rlim_max = 0;
+  setrlimit (RLIMIT_CORE, &lim);
+#endif
+#ifdef RLIMIT_CPU
+  lim.rlim_cur = lim.rlim_max = 10; /* seconds */
+  setrlimit (RLIMIT_CPU, &lim);
+#endif
+#ifdef RLIMIT_MEMLOCK
+  lim.rlim_cur = lim.rlim_max = 0;
+  setrlimit (RLIMIT_MEMLOCK, &lim);
+#endif
+#ifdef RLIMIT_MSGQUEUE
+  lim.rlim_cur = lim.rlim_max = 0;
+  setrlimit (RLIMIT_MSGQUEUE, &lim);
+#endif
+#ifdef RLIMIT_NOFILE
+  lim.rlim_cur = lim.rlim_max = 10;
+  setrlimit (RLIMIT_NOFILE, &lim);
+#endif
+#ifdef RLIMIT_NPROC
+  lim.rlim_cur = lim.rlim_max = 2;
+  setrlimit (RLIMIT_NPROC, &lim);
+#endif
+#ifdef RLIMIT_SIGPENDING
+  lim.rlim_cur = lim.rlim_max = 5;
+  setrlimit (RLIMIT_SIGPENDING, &lim);
+#endif
+#ifdef RLIMIT_STACK
+  lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */
+  setrlimit (RLIMIT_STACK, &lim);
+#endif
+
   /* Run the ocaml program with the correct args. */
-  execle ("/usr/bin/ocaml", "@OCAML@", "-init", "xavierbot/share/xavierbot/init", NULL, new_environ);
+  execle ("/usr/bin/ocaml", "@OCAML@",
+	  "-init", "init",
+	  "-noprompt",
+	  NULL, new_environ);
 
   /* If it failed, die with an error message. */
   perror ("/usr/bin/ocaml");