-
Notifications
You must be signed in to change notification settings - Fork 1
/
restrictions.tryrepy
64 lines (58 loc) · 2.21 KB
/
restrictions.tryrepy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
resource cpu .10
resource memory 15000000 # 15 Million bytes
resource diskused 100000000 # 100 MB
resource events 50
resource filewrite 100000000
resource fileread 100000000
resource filesopened 30
resource insockets 30
resource outsockets 30
resource netsend 100000000
resource netrecv 100000000
resource loopsend 100000000
resource looprecv 100000000
resource lograte 30000
resource random 100
resource messport 12345
resource connport 12345
resource messport 12346
resource connport 12346
resource messport 12347
resource connport 12347
resource messport 63134
resource connport 63134
call gethostbyname_ex allow
call sendmess allow
call stopcomm allow # it doesn't make sense to restrict
call recvmess allow
call openconn allow
call waitforconn allow
call socket.close allow # let's not restrict
call socket.send allow # let's not restrict
call socket.recv allow # let's not restrict
# open and file.__init__ both have built in restrictions...
call open allow # can write to junk_test.out
call file.__init__ allow # can write to junk_test.out
call file.close allow # shouldn't restrict
call file.flush allow # they are free to use
call file.next allow # free to use as well...
call file.read allow # allow read
call file.readline allow # shouldn't restrict
call file.readlines allow # shouldn't restrict
call file.seek allow # seek doesn't restrict
call file.write allow # shouldn't restrict (open restricts)
call file.writelines allow # shouldn't restrict (open restricts)
call sleep allow # harmless
call settimer allow # we can't really do anything smart
call canceltimer allow # should be okay
call exitall allow # should be harmless
call log.write allow
call log.writelines allow
call getmyip allow # They can get the external IP address
call listdir allow # They can list the files they created
call removefile allow # They can remove the files they create
call randomfloat allow # can get random numbers
call getruntime allow # can get the elapsed time
call getlock allow # can get a mutex
call get_thread_name allow # Allow getting the thread name
call VirtualNamespace allow # Allow using VirtualNamespace's