-
Notifications
You must be signed in to change notification settings - Fork 1
/
restrictions.advertiseserver
52 lines (50 loc) · 2.05 KB
/
restrictions.advertiseserver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
resource cpu .50
resource memory 30000000 # 30 Million bytes
resource diskused 400000000 # 400 MB
resource events 50
resource filewrite 10000
resource fileread 10000
resource filesopened 5
resource insockets 5
resource outsockets 5
resource netsend 10000
resource netrecv 10000
resource loopsend 1000000
resource looprecv 1000000
resource lograte 30000
resource random 100
resource messport 34612 # use for getting an NTP update
resource connport 10101 # use for listening for client connections
call gethostbyname_ex allow
call sendmess allow # the local port type
call stopcomm allow # it doesn't make sense to restrict
call recvmess allow # Allow listening on this port
call openconn allow # allow connections to this port
call waitforconn allow # allow listening on this port
call socket.close allow # let's not restrict
call socket.send allow # let's not restrict
call socket.recv allow # let's not restrict
# open and file.__init__ both have built in restrictions...
call open allow # can write to junk_test.out
call file.__init__ allow # can write to junk_test.out
call file.close allow # shouldn't restrict
call file.flush allow # they are free to use
call file.next allow # free to use as well...
call file.read allow # allow read
call file.readline allow # shouldn't restrict
call file.readlines allow # shouldn't restrict
call file.seek allow # seek doesn't restrict
call file.write allow # shouldn't restrict (open restricts)
call file.writelines allow # shouldn't restrict (open restricts)
call sleep allow # harmless
call settimer allow # we can't really do anything smart
call canceltimer allow # should be okay
call exitall allow # should be harmless
call log.write allow
call log.writelines allow
call getmyip allow # They can get the external IP address
call listdir allow # They can list the files they created
call removefile allow # They can remove the files they create
call randomfloat allow # can get random numbers
call getruntime allow # can get the elapsed time
call getlock allow # can get a mutex