module System.Restricted.Types
(
LimitSettings(..)
, RLimits(..)
, defaultLimits
) where
import Data.Default
import Data.Serialize (Serialize)
import GHC.Generics
import System.Linux.SELinux (SecurityContext)
import System.Posix.Resource (Resource (..), ResourceLimit (..),
ResourceLimits (..))
import System.Posix.Types (CUid (..), UserID)
data RLimits = RLimits
{ coreFileSizeLimit :: ResourceLimits
, cpuTimeLimit :: ResourceLimits
, dataSizeLimit :: ResourceLimits
, fileSizeLimit :: ResourceLimits
, openFilesLimit :: ResourceLimits
, stackSizeLimit :: ResourceLimits
, totalMemoryLimit :: ResourceLimits
} deriving (Eq, Show, Generic)
deriving instance Show ResourceLimits
deriving instance Show ResourceLimit
deriving instance Show Resource
deriving instance Generic ResourceLimit
deriving instance Generic ResourceLimits
instance Serialize ResourceLimit
instance Serialize ResourceLimits
instance Serialize RLimits
data LimitSettings = LimitSettings
{
timeout :: Int
, niceness :: Int
, rlimits :: Maybe RLimits
, chrootPath :: Maybe FilePath
, processUid :: Maybe UserID
, secontext :: Maybe SecurityContext
, cgroupPath :: Maybe FilePath
} deriving (Eq, Show, Generic)
deriving instance Generic CUid
instance Serialize CUid
instance Serialize LimitSettings
defaultLimits :: LimitSettings
defaultLimits = LimitSettings
{ timeout = 3
, niceness = 10
, rlimits = Nothing
, chrootPath = Nothing
, processUid = Nothing
, secontext = Nothing
, cgroupPath = Nothing
}
instance Default LimitSettings where
def = defaultLimits
instance Default RLimits where
def = RLimits
{ coreFileSizeLimit = mkLimits (coreSizeLimitSoft, coreSizeLimitHard)
, cpuTimeLimit = mkLimits (cpuTimeLimitSoft, cpuTimeLimitHard)
, dataSizeLimit = mkLimits (dataSizeLimitSoft, dataSizeLimitHard)
, fileSizeLimit = mkLimits (fileSizeLimitSoft, fileSizeLimitHard)
, openFilesLimit = mkLimits (openFilesLimitSoft, openFilesLimitHard)
, stackSizeLimit = mkLimits (stackSizeLimitSoft, stackSizeLimitHard)
, totalMemoryLimit = mkLimits (totalMemoryLimitSoft, totalMemoryLimitHard)
}
mkLimits :: (ResourceLimit, ResourceLimit) -> ResourceLimits
mkLimits = uncurry ResourceLimits
stackSizeLimitSoft, stackSizeLimitHard, totalMemoryLimitSoft, totalMemoryLimitHard,
dataSizeLimitSoft, openFilesLimitSoft, openFilesLimitHard, fileSizeLimitSoft, fileSizeLimitHard,
dataSizeLimitHard, cpuTimeLimitSoft, cpuTimeLimitHard, coreSizeLimitSoft, coreSizeLimitHard, zero :: ResourceLimit
totalMemoryLimitSoft = dataSizeLimitSoft
totalMemoryLimitHard = dataSizeLimitHard
stackSizeLimitSoft = ResourceLimitUnknown
stackSizeLimitHard = ResourceLimitUnknown
openFilesLimitSoft = ResourceLimit 20
openFilesLimitHard = ResourceLimit 50
fileSizeLimitSoft = fileSizeLimitHard
fileSizeLimitHard = ResourceLimitUnknown
dataSizeLimitSoft = dataSizeLimitHard
dataSizeLimitHard = ResourceLimit $ 104857600 * 5
cpuTimeLimitSoft = ResourceLimit 4
cpuTimeLimitHard = ResourceLimit 5
coreSizeLimitSoft = coreSizeLimitHard
coreSizeLimitHard = zero
zero = ResourceLimit 0