X-Git-Url: http://git.annexia.org/?p=xavierbot.git;a=blobdiff_plain;f=ocamlbotwrapper.c.in;h=4835b3abce8f843fe3863d12f4c0fb773443e8ac;hp=b10b9c75cfe2cc30544cd97a1fbe1549ae3587c0;hb=62c2a700f26885ebc8462788f524547a018d56fc;hpb=1e6d6c08bec29a317316f107b7d9bde285c1f798 diff --git a/ocamlbotwrapper.c.in b/ocamlbotwrapper.c.in index b10b9c7..4835b3a 100644 --- a/ocamlbotwrapper.c.in +++ b/ocamlbotwrapper.c.in @@ -1,5 +1,5 @@ /* -*- C -*- - * $Id: ocamlbotwrapper.c.in,v 1.2 2007/06/28 20:49:10 rjones Exp $ + * $Id: ocamlbotwrapper.c.in,v 1.4 2007/06/29 21:43:21 rjones Exp $ * SUID wrapper around ocaml program. */ @@ -7,6 +7,8 @@ #include #include #include +#include +#include const char *new_environ[] = { "PATH=/usr/bin", @@ -16,6 +18,8 @@ const char *new_environ[] = { int main () { + struct rlimit lim; + /* Don't worry about races here because we're just checking that * the installation looks reasonable. * @@ -37,6 +41,44 @@ main () exit (1); } + /* Set some limits. */ +#ifdef RLIMIT_AS + lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */ + setrlimit (RLIMIT_AS, &lim); +#endif +#ifdef RLIMIT_CORE + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_CORE, &lim); +#endif +#ifdef RLIMIT_CPU + lim.rlim_cur = lim.rlim_max = 10; /* seconds */ + setrlimit (RLIMIT_CPU, &lim); +#endif +#ifdef RLIMIT_MEMLOCK + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_MEMLOCK, &lim); +#endif +#ifdef RLIMIT_MSGQUEUE + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_MSGQUEUE, &lim); +#endif +#ifdef RLIMIT_NOFILE + lim.rlim_cur = lim.rlim_max = 10; + setrlimit (RLIMIT_NOFILE, &lim); +#endif +#ifdef RLIMIT_NPROC + lim.rlim_cur = lim.rlim_max = 2; + setrlimit (RLIMIT_NPROC, &lim); +#endif +#ifdef RLIMIT_SIGPENDING + lim.rlim_cur = lim.rlim_max = 5; + setrlimit (RLIMIT_SIGPENDING, &lim); +#endif +#ifdef RLIMIT_STACK + lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */ + setrlimit (RLIMIT_STACK, &lim); +#endif + /* Run the ocaml program with the correct args. */ execle ("@OCAML@", "@OCAML@", "-init", "@INITSCRIPT@",