forked from SeattleTestbed/common
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrestrictions.test
53 lines (51 loc) · 2.13 KB
/
restrictions.test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
resource cpu .50
resource memory 20000000 # 20 Million bytes
resource diskused 100000000 # 100 MB
resource events 10
resource filewrite 10000000
resource fileread 10000000
resource filesopened 20
resource insockets 10
resource outsockets 10
resource netsend 10000
resource netrecv 10000
resource loopsend 1000000
resource looprecv 1000000
resource lograte 3000000
resource random 100000
resource messport 34612 # use for getting an NTP update
resource connport 12345 # Use for first source port for openconnection.
resource connport 12346 # Use for second source port for openconnection.
call gethostbyname_ex allow
call sendmess allow # the local port type
call stopcomm allow # it doesn't make sense to restrict
call recvmess allow # Allow listening on this port
call openconn allow # allow connections to this port
call waitforconn allow # allow listening on this port
call socket.close allow # let's not restrict
call socket.send allow # let's not restrict
call socket.recv allow # let's not restrict
# open and file.__init__ both have built in restrictions...
call open allow # can write to junk_test.out
call file.__init__ allow # can write to junk_test.out
call file.close allow # shouldn't restrict
call file.flush allow # they are free to use
call file.next allow # free to use as well...
call file.read allow # allow read
call file.readline allow # shouldn't restrict
call file.readlines allow # shouldn't restrict
call file.seek allow # seek doesn't restrict
call file.write allow # shouldn't restrict (open restricts)
call file.writelines allow # shouldn't restrict (open restricts)
call sleep allow # harmless
call settimer allow # we can't really do anything smart
call canceltimer allow # should be okay
call exitall allow # should be harmless
call log.write allow
call log.writelines allow
call getmyip allow # They can get the external IP address
call listdir allow # They can list the files they created
call removefile allow # They can remove the files they create
call randomfloat allow # can get random numbers
call getruntime allow # can get the elapsed time
call getlock allow # can get a mutex