forked from SeattleTestbed/common
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrestrictions.threeports
executable file
·65 lines (62 loc) · 2.47 KB
/
restrictions.threeports
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
resource cpu .10
resource memory 15000000 # 15 Million bytes
resource diskused 100000000 # 100 MB
resource events 10
resource filewrite 100000
resource fileread 100000
resource filesopened 5
resource insockets 5
resource outsockets 5
resource netsend 10000
resource netrecv 10000
resource loopsend 1000000
resource looprecv 1000000
resource lograte 30000
resource random 10000
resource messport 12345
resource connport 12345
resource messport 12346
resource connport 12346
resource messport 12347
resource connport 12347
call gethostbyname_ex allow
call sendmess allow
call stopcomm allow # it doesn't make sense to restrict
call recvmess allow
call openconn allow
call waitforconn allow
call socket.close allow # let's not restrict
call socket.send allow # let's not restrict
call socket.recv allow # let's not restrict
# open and file.__init__ both have built in restrictions...
call open arg 0 is junk_test.out allow # can write to junk_test.out
call open arg 1 is r allow # allow an explicit read
call open arg 1 is rb allow # allow an explicit read
call open noargs is 1 allow # allow an implicit read
call file.__init__ arg 0 is junk_test.out allow # can write to junk_test.out
call file.__init__ arg 1 is r allow # allow an explicit read
call file.__init__ arg 1 is rb allow # allow an explicit read
call file.__init__ noargs is 1 allow # allow an implicit read
call file.close allow # shouldn't restrict
call file.flush allow # they are free to use
call file.next allow # free to use as well...
call file.read allow # allow read
call file.readline allow # shouldn't restrict
call file.readlines allow # shouldn't restrict
call file.seek allow # seek doesn't restrict
call file.write allow # shouldn't restrict (open restricts)
call file.writelines allow # shouldn't restrict (open restricts)
call sleep allow # harmless
call settimer allow # we can't really do anything smart
call canceltimer allow # should be okay
call exitall allow # should be harmless
call log.write allow
call log.writelines allow
call getmyip allow # They can get the external IP address
call listdir allow # They can list the files they created
call removefile allow # They can remove the files they create
call randomfloat allow # can get random numbers
call getruntime allow # can get the elapsed time
call getlock allow # can get a mutex
call get_thread_name allow # Allow getting the thread name
call VirtualNamespace allow # Allow using VirtualNamespace's