Added rlimits, support for objects.

[xavierbot.git] / ocamlbotwrapper.c.in

diff --git a/ocamlbotwrapper.c.in b/ocamlbotwrapper.c.in
index b10b9c7..2909182 100644 (file)
--- a/ocamlbotwrapper.c.in
+++ b/ocamlbotwrapper.c.in
@@ -1,5 +1,5 @@
 /* -*- C -*-
- * $Id: ocamlbotwrapper.c.in,v 1.2 2007/06/28 20:49:10 rjones Exp $
+ * $Id: ocamlbotwrapper.c.in,v 1.3 2007/06/28 23:18:28 rjones Exp $
  * SUID wrapper around ocaml program.
  */
 
@@ -7,6 +7,8 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 
 const char *new_environ[] = {
   "PATH=/usr/bin",
@@ -16,6 +18,8 @@ const char *new_environ[] = {
 int
 main ()
 {
+  struct rlimit lim;
+
   /* Don't worry about races here because we're just checking that
    * the installation looks reasonable.
    *
@@ -37,6 +41,44 @@ main ()
     exit (1);
   }
 
+  /* Set some limits. */
+#ifdef RLIMIT_AS
+  lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */
+  setrlimit (RLIMIT_AS, &lim);
+#endif
+#ifdef RLIMIT_CORE
+  lim.rlim_cur = lim.rlim_max = 0;
+  setrlimit (RLIMIT_CORE, &lim);
+#endif
+#ifdef RLIMIT_CPU
+  lim.rlim_cur = lim.rlim_max = 60; /* seconds */
+  setrlimit (RLIMIT_CPU, &lim);
+#endif
+#ifdef RLIMIT_MEMLOCK
+  lim.rlim_cur = lim.rlim_max = 0;
+  setrlimit (RLIMIT_MEMLOCK, &lim);
+#endif
+#ifdef RLIMIT_MSGQUEUE
+  lim.rlim_cur = lim.rlim_max = 0;
+  setrlimit (RLIMIT_MSGQUEUE, &lim);
+#endif
+#ifdef RLIMIT_NOFILE
+  lim.rlim_cur = lim.rlim_max = 10;
+  setrlimit (RLIMIT_NOFILE, &lim);
+#endif
+#ifdef RLIMIT_NPROC
+  lim.rlim_cur = lim.rlim_max = 2;
+  setrlimit (RLIMIT_NPROC, &lim);
+#endif
+#ifdef RLIMIT_SIGPENDING
+  lim.rlim_cur = lim.rlim_max = 5;
+  setrlimit (RLIMIT_SIGPENDING, &lim);
+#endif
+#ifdef RLIMIT_STACK
+  lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */
+  setrlimit (RLIMIT_STACK, &lim);
+#endif
+
   /* Run the ocaml program with the correct args. */
   execle ("@OCAML@", "@OCAML@",
          "-init", "@INITSCRIPT@",