úÎlDg>      !"#$%&'()*+,-./0123456789:;<=None@Datastructure that holds the information about restrictions and & limitations for the worker process 2Maximum time for which the code is allowed to run  (in seconds) Process priority for the nice syscall. & -20 is the highest, 20 is the lowest Resource limits for the  setrlimit syscall 1The directory that the evaluator process will be chrooted = into. Please note that if chroot is applied, all the pathes  in  EvalSettings' will be calculated relatively to this  value. 3The UID that will be set after the call to chroot. 0SELinux security context under which the worker  process will be running. A filepath to the tasks file for the desired cgroup. #For example, if I have mounted the cpu controller at  cgroupscpu// and I want the evaluator to be running in the  cgroup  idiaworkers then the  would be  cgroupscpu/ idiaworkers Resource limits Default  >Set all the available rlimits. = These values have been determined through trial-and-error ?Set all the available rlimits. = These values have been determined through trial-and-error @Set all the available rlimits. = These values have been determined through trial-and-error ASet all the available rlimits. = These values have been determined through trial-and-error BSet all the available rlimits. = These values have been determined through trial-and-error CSet all the available rlimits. = These values have been determined through trial-and-error DSet all the available rlimits. = These values have been determined through trial-and-error ESet all the available rlimits. = These values have been determined through trial-and-error FSet all the available rlimits. = These values have been determined through trial-and-error GSet all the available rlimits. = These values have been determined through trial-and-error HSet all the available rlimits. = These values have been determined through trial-and-error ISet all the available rlimits. = These values have been determined through trial-and-error JSet all the available rlimits. = These values have been determined through trial-and-error KSet all the available rlimits. = These values have been determined through trial-and-error LSet all the available rlimits. = These values have been determined through trial-and-error * M>?@ABCDEFGHIJKLNOPQRST    M>?@ABCDEFGHIJKLNOPQRSTNoneAn exception type used by   0There has been an error while using the handler 3There has been an error during the conversion step 1A simple type of worker that executes IO actions The definition of the ( instance for IOWorker looks like this:  % instance WorkerData IOWorker where  type WData IOWorker = ()  type WMonad IOWorker = IO $Types of data attached to a worker. N This might be a configuration file, a size of the packet, session data, etc. Data that saves after restarts Monad in which the worker runs )A datatype representing a worker of type a Name of the worker +A filepath to the Unix socket that will be ) used for communicating with the worker. 3 If the file is already present it will be unliked  during the initializatin step %Security restrictions for the worker 'Just pid' if the worker's process ID is pid,  Nothing' if the worker is not active/ initialized A worker restarting function !(Check whether the worker is initialized  !UVWX ! !  !UVWXNone"Result of the deserialization #,Send some serialiazable data over a handle.  Returns Y* representing the encoded data. May throw   $0Read the data from a handle and deserialize it.  May throw  %Safe version of $ that doesn't throw  "#$Z[%"#$%#$%""#$Z[%  Safe-Inferred\\\None&#Waits for a certain period of time  and then kills the process 'Set the chroot jail (&Change the uid of the current process )Add a process to a cgroup *$Set rlimits using setrlimit syscall +Set the security context. / To be more precise, it only sets up the type.  Example usage: $ setupSELinuxCntx "my_restricted_t" ] splitBy (==x) is an inverse of ^ [x] , Apply the  _&ID of a process to be killed Time limit (in seconds) '()-The ID of a process to be added to the group *+],&'()*+,,*'()+& _&'()*+],None-Connect to the worker's socket and return a handle .3Remove a file if it exists. Should be thread-safe. /Create a new unix socket 0Fork a worker process 1,Kill a worker. Takes an initialized worker,  returns non-initialized one. 2#Waits for a certain period of time  and then kills the worker 3$Checks whether the process is alive  hacky 4#Checks whether the worker is alive -./0Where to redirect stdout Callback funcion 12ID of a process to be killed Time limit (in seconds) 34-./012341420-/.3-./01234None 5CA simple pool for workers. Workers are restarted from time to time `!Action for creating a new worker a&Maximum number of initialized workers b!Current number of active workers cA list of Workers dCHow long we should wait before restarting the workers (in seconds) 6Create a new workers pool 7Take worker from the pool. E The caller is responsible for putting the worker back into the pool  or destroying it with 9 8Put the worker back in pool 9-Destroy a worker. Frees up space in the pool :Like 7 + 82 but takes care of the exception handling for you 5e`abcd6JAn action that creates a new worker. Takes a unique number as an argument &Maximum number of workers in the pool Restart rate (in seconds) f789:56789:56:7895e`abcd6f789:None;Create an uninitialized worker < Start a general type of worker. EThe pre-forking action is a monadic action that will be run prior to  calling 04. It might be some initialization code, running the - DB query, anything you want. The resulting  will be passed to  the callback. >The socket that is passed to the callback is a server socket. =Start a worker of type  H The callback function is called every time a connectino is established HstartIOWorker "test" "/tmp/test.sock" $ \h -> hPutStrLn h "hello, world";<Name Socket !Where to redirect stdout, stderr  Restrictions Pre-forking action Socket callback =Name  Restrictions  UNIX socket  Callback  !"#$%-1456789:;<=;<=14-;<=g     !"##$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcde fghijklmnopqrsrestricted-workers-0.1.1System.Restricted.TypesSystem.Restricted.Worker.Types!System.Restricted.Worker.ProtocolSystem.Restricted.Limits!System.Restricted.Worker.InternalSystem.Restricted.Worker.PoolSystem.Restricted.Worker Eval.WorkerProtocolSignalHandlers LimitSettingstimeoutnicenessrlimits chrootPath processUid secontext cgroupPathRLimitscoreFileSizeLimit cpuTimeLimit dataSizeLimit fileSizeLimitopenFilesLimitstackSizeLimittotalMemoryLimit defaultLimitsProtocolExceptionHandleExceptionConversionExceptionIOWorker WorkerDataWDataWMonadWorker workerName workerSocket workerLimits workerPid RestartWorker initialized DecodeResultsendDatagetData getDataSafeprocessTimeoutchroot changeUserID setCGroup setRLimitssetupSELinuxCntx setLimitsconnectToWorkerremoveFileIfExistsmkSock forkWorker killWorker workerTimeout processAlive workerAlive WorkersPoolmkPool takeWorker putWorker destroyWorker withWorkermkDefaultWorker startWorker startIOWorkertotalMemoryLimitSofttotalMemoryLimitHardstackSizeLimitSoftstackSizeLimitHardopenFilesLimitSoftopenFilesLimitHardfileSizeLimitSoftfileSizeLimitHarddataSizeLimitSoftdataSizeLimitHardcpuTimeLimitSoftcpuTimeLimitHardcoreSizeLimitSoftcoreSizeLimitHardzeromkLimits$fDefaultRLimits$fDefaultLimitSettings$fSerializeLimitSettings$fSerializeCUid$fSerializeRLimits$fSerializeResourceLimits$fSerializeResourceLimit$fExceptionProtocolException$fWorkerDataIOWorker$fSerializeWorker$fSerializeCPidbytestring-0.10.0.2Data.ByteString.Internal ByteString sendData'getData'restoreHandlerssplitBybase Data.List interspersec_chroot newWorker maxWorkers activeWorkersworkers restartRatePoolreaper