From: rjones Date: Thu, 28 Jun 2007 23:18:28 +0000 (+0000) Subject: Added rlimits, support for objects. X-Git-Url: http://git.annexia.org/?p=xavierbot.git;a=commitdiff_plain;h=999637103a46eed68aa5051dd23f0ce0a3daf92e Added rlimits, support for objects. --- diff --git a/Makefile b/Makefile index 2570558..26991b6 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.2 2007/06/28 20:49:10 rjones Exp $ +# $Id: Makefile,v 1.3 2007/06/28 23:18:28 rjones Exp $ include Makefile.config @@ -33,9 +33,19 @@ pa_noexternal.cmo: pa_noexternal.ml ocamlfind ocamlc \ -pp "camlp4o pa_extend.cmo q_MLast.cmo" -I +camlp4 -c $< +test check: + perl -Tc xavierbot.pl + clean: rm -f ocamlbotwrapper *.o *.cmo *.cmi *~ +# Use this if you want to run without installing (see also +# instructions in Makefile.config): + +permissions: + chown root.root ocamlbotwrapper + chmod ug+s ocamlbotwrapper + # Distribution. dist: diff --git a/Makefile.config b/Makefile.config index a62fd57..39c3bab 100644 --- a/Makefile.config +++ b/Makefile.config @@ -1,7 +1,8 @@ -# $Id: Makefile.config,v 1.3 2007/06/28 20:57:49 rjones Exp $ +# -*- Makefile -*- +# $Id: Makefile.config,v 1.4 2007/06/28 23:18:28 rjones Exp $ PACKAGE := xavierbot -VERSION := 0.1 +VERSION := 0.2 # Prefix for installation. # - Binaries are installed in $(PREFIX)/sbin @@ -28,12 +29,12 @@ OCAML=/usr/bin/ocaml OCAMLUSER=nobody #---------------------------------------------------------------------- -# # If you want to run the bot without installing, leave the # following lines uncommented. # # You will also need to create directory $(CHROOTDIR), -# compile everything, and then: +# compile everything, and then 'sudo make permissions' +# which is just the same doing: # # chown root.root ocamlbotwrapper # chmod ug+s ocamlbotwrapper diff --git a/README b/README index 2cd54fb..ea53c40 100644 --- a/README +++ b/README @@ -10,6 +10,8 @@ I am Public Domain. I was originally written by Richard W.M. Jones . +DEPENDENCIES ---------------------------------------- + To run me, you will need the following packages: ocaml >= 3.10.0 @@ -18,4 +20,18 @@ To run me, you will need the following packages: POE::Component::IRC POE::Wheel::Run -Please read Makefile.config for configuration information. +INSTALLATION ---------------------------------------- + +Please read & edit these files: + + Makefile.config + xavierbot.pl.in + +Do: + + make + +Either: + sudo make install +or: + sudo make permissions diff --git a/init b/init index c8b1cbc..6025b0c 100644 --- a/init +++ b/init @@ -1,5 +1,5 @@ (* Initialise the toplevel environment. - * $Id: init,v 1.2 2007/06/28 20:49:10 rjones Exp $ + * $Id: init,v 1.3 2007/06/28 23:18:28 rjones Exp $ * - Removes the Pervasives module and any dangerous functions. * - Loads just the modules we want to give access to, and just * the functions within those modules that we want to give. @@ -122,6 +122,10 @@ module String : sig val compare: t -> t -> int end = struct include String end +(* Create an object, so we get the CamlinternalOO module. *) +(* XXX Are any of the methods unsafe? *) +let _ = object end + (* Load our custom grammar, which disables "external". *) #load "camlp4o.cma";; diff --git a/init.in b/init.in index 5dcc5ab..b419f2c 100644 --- a/init.in +++ b/init.in @@ -1,5 +1,5 @@ (* Initialise the toplevel environment. - * $Id: init.in,v 1.1 2007/06/28 19:47:26 rjones Exp $ + * $Id: init.in,v 1.2 2007/06/28 23:18:28 rjones Exp $ * - Removes the Pervasives module and any dangerous functions. * - Loads just the modules we want to give access to, and just * the functions within those modules that we want to give. @@ -122,6 +122,10 @@ module String : sig val compare: t -> t -> int end = struct include String end +(* Create an object, so we get the CamlinternalOO module. *) +(* XXX Are any of the methods unsafe? *) +let _ = object end + (* Load our custom grammar, which disables "external". *) #load "camlp4o.cma";; diff --git a/ocamlbotwrapper.c b/ocamlbotwrapper.c index d5f7127..16178c3 100644 --- a/ocamlbotwrapper.c +++ b/ocamlbotwrapper.c @@ -1,5 +1,5 @@ /* -*- C -*- - * $Id: ocamlbotwrapper.c,v 1.2 2007/06/28 20:49:10 rjones Exp $ + * $Id: ocamlbotwrapper.c,v 1.3 2007/06/28 23:18:28 rjones Exp $ * SUID wrapper around ocaml program. */ @@ -7,6 +7,8 @@ #include #include #include +#include +#include const char *new_environ[] = { "PATH=/usr/bin", @@ -16,6 +18,8 @@ const char *new_environ[] = { int main () { + struct rlimit lim; + /* Don't worry about races here because we're just checking that * the installation looks reasonable. * @@ -37,6 +41,44 @@ main () exit (1); } + /* Set some limits. */ +#ifdef RLIMIT_AS + lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */ + setrlimit (RLIMIT_AS, &lim); +#endif +#ifdef RLIMIT_CORE + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_CORE, &lim); +#endif +#ifdef RLIMIT_CPU + lim.rlim_cur = lim.rlim_max = 60; /* seconds */ + setrlimit (RLIMIT_CPU, &lim); +#endif +#ifdef RLIMIT_MEMLOCK + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_MEMLOCK, &lim); +#endif +#ifdef RLIMIT_MSGQUEUE + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_MSGQUEUE, &lim); +#endif +#ifdef RLIMIT_NOFILE + lim.rlim_cur = lim.rlim_max = 10; + setrlimit (RLIMIT_NOFILE, &lim); +#endif +#ifdef RLIMIT_NPROC + lim.rlim_cur = lim.rlim_max = 2; + setrlimit (RLIMIT_NPROC, &lim); +#endif +#ifdef RLIMIT_SIGPENDING + lim.rlim_cur = lim.rlim_max = 5; + setrlimit (RLIMIT_SIGPENDING, &lim); +#endif +#ifdef RLIMIT_STACK + lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */ + setrlimit (RLIMIT_STACK, &lim); +#endif + /* Run the ocaml program with the correct args. */ execle ("/usr/bin/ocaml", "@OCAML@", "-init", "init", diff --git a/ocamlbotwrapper.c.in b/ocamlbotwrapper.c.in index b10b9c7..2909182 100644 --- a/ocamlbotwrapper.c.in +++ b/ocamlbotwrapper.c.in @@ -1,5 +1,5 @@ /* -*- C -*- - * $Id: ocamlbotwrapper.c.in,v 1.2 2007/06/28 20:49:10 rjones Exp $ + * $Id: ocamlbotwrapper.c.in,v 1.3 2007/06/28 23:18:28 rjones Exp $ * SUID wrapper around ocaml program. */ @@ -7,6 +7,8 @@ #include #include #include +#include +#include const char *new_environ[] = { "PATH=/usr/bin", @@ -16,6 +18,8 @@ const char *new_environ[] = { int main () { + struct rlimit lim; + /* Don't worry about races here because we're just checking that * the installation looks reasonable. * @@ -37,6 +41,44 @@ main () exit (1); } + /* Set some limits. */ +#ifdef RLIMIT_AS + lim.rlim_cur = lim.rlim_max = 32 * 1024 * 1024; /* bytes!?! */ + setrlimit (RLIMIT_AS, &lim); +#endif +#ifdef RLIMIT_CORE + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_CORE, &lim); +#endif +#ifdef RLIMIT_CPU + lim.rlim_cur = lim.rlim_max = 60; /* seconds */ + setrlimit (RLIMIT_CPU, &lim); +#endif +#ifdef RLIMIT_MEMLOCK + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_MEMLOCK, &lim); +#endif +#ifdef RLIMIT_MSGQUEUE + lim.rlim_cur = lim.rlim_max = 0; + setrlimit (RLIMIT_MSGQUEUE, &lim); +#endif +#ifdef RLIMIT_NOFILE + lim.rlim_cur = lim.rlim_max = 10; + setrlimit (RLIMIT_NOFILE, &lim); +#endif +#ifdef RLIMIT_NPROC + lim.rlim_cur = lim.rlim_max = 2; + setrlimit (RLIMIT_NPROC, &lim); +#endif +#ifdef RLIMIT_SIGPENDING + lim.rlim_cur = lim.rlim_max = 5; + setrlimit (RLIMIT_SIGPENDING, &lim); +#endif +#ifdef RLIMIT_STACK + lim.rlim_cur = lim.rlim_max = 8 * 1024 * 1024; /* bytes */ + setrlimit (RLIMIT_STACK, &lim); +#endif + /* Run the ocaml program with the correct args. */ execle ("@OCAML@", "@OCAML@", "-init", "@INITSCRIPT@", diff --git a/xavierbot.pl b/xavierbot.pl index 7601136..230612b 100755 --- a/xavierbot.pl +++ b/xavierbot.pl @@ -2,14 +2,11 @@ # xavierbot : an OCaml interpreter IRC bot. # By Richard W.M. Jones . # This code is in the Public Domain. -# $Id: xavierbot.pl,v 1.4 2007/06/28 20:49:10 rjones Exp $ +# $Id: xavierbot.pl,v 1.5 2007/06/28 23:18:28 rjones Exp $ use strict; - use POE qw(Component::IRC Wheel::Run); -$ENV{PATH} = "/usr/bin:/bin"; - #---------------------------------------------------------------------- # Start of configuration. @@ -23,6 +20,8 @@ my $channel = "#ocaml"; # End of configuration. #---------------------------------------------------------------------- +$ENV{PATH} = "/usr/bin:/bin"; + POE::Session->create ( package_states => [ main => [ qw(_default _start irc_001 irc_public got_stdout) ], @@ -81,9 +80,11 @@ sub irc_public print "got: $what\n"; if (my ($stmt) = $what =~ /^\s*([^#].*;;)\s*$/) { - print "stmt = $stmt\n"; $heap->{ocaml}->put ("$stmt\n"); } + elsif ($what =~ /$nick.*restart/) { + print STDOUT "got instruction to restart ...\n" + } undef; } diff --git a/xavierbot.pl.in b/xavierbot.pl.in index 243dcbc..661c016 100755 --- a/xavierbot.pl.in +++ b/xavierbot.pl.in @@ -2,14 +2,11 @@ # xavierbot : an OCaml interpreter IRC bot. # By Richard W.M. Jones . # This code is in the Public Domain. -# $Id: xavierbot.pl.in,v 1.2 2007/06/28 20:49:10 rjones Exp $ +# $Id: xavierbot.pl.in,v 1.3 2007/06/28 23:18:28 rjones Exp $ use strict; - use POE qw(Component::IRC Wheel::Run); -$ENV{PATH} = "/usr/bin:/bin"; - #---------------------------------------------------------------------- # Start of configuration. @@ -23,6 +20,8 @@ my $channel = "#ocaml"; # End of configuration. #---------------------------------------------------------------------- +$ENV{PATH} = "/usr/bin:/bin"; + POE::Session->create ( package_states => [ main => [ qw(_default _start irc_001 irc_public got_stdout) ], @@ -81,9 +80,11 @@ sub irc_public print "got: $what\n"; if (my ($stmt) = $what =~ /^\s*([^#].*;;)\s*$/) { - print "stmt = $stmt\n"; $heap->{ocaml}->put ("$stmt\n"); } + elsif ($what =~ /$nick.*restart/) { + print STDOUT "got instruction to restart ...\n" + } undef; }