Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
54 lines (51 sloc) 2.02 KB
resource cpu .50
resource memory 20000000 # 20 Million bytes
resource diskused 10000000 # 10 MB
resource events 10
resource filewrite 10000
resource fileread 10000
resource filesopened 5
resource insockets 5
resource outsockets 5
resource netsend 10000
resource netrecv 10000
resource loopsend 1000000
resource looprecv 1000000
resource lograte 30000
resource random 100
resource messport 12345 # use for getting an NTP update
resource messport 12346
resource connport 12345
call gethostbyname_ex allow
call sendmess allow # the local port type
call stopcomm allow # it doesn't make sense to restrict
call recvmess allow # Allow listening on this port
call openconn allow # allow connections to this port
call waitforconn allow # allow listening on this port
call socket.close allow # let's not restrict
call socket.send allow # let's not restrict
call socket.recv allow # let's not restrict
# open and file.__init__ both have built in restrictions...
call open allow # can write to junk_test.out
call file.__init__ allow # can write to junk_test.out
call file.close allow # shouldn't restrict
call file.flush allow # they are free to use
call file.next allow # free to use as well...
call file.read allow # allow read
call file.readline allow # shouldn't restrict
call file.readlines allow # shouldn't restrict
call file.seek allow # seek doesn't restrict
call file.write allow # shouldn't restrict (open restricts)
call file.writelines allow # shouldn't restrict (open restricts)
call sleep allow # harmless
call settimer allow # we can't really do anything smart
call canceltimer allow # should be okay
call exitall allow # should be harmless
call log.write allow
call log.writelines allow
call getmyip allow # They can get the external IP address
call listdir allow # They can list the files they created
call removefile allow # They can remove the files they create
call randomfloat allow # can get random numbers
call getruntime allow # can get the elapsed time
call getlock allow # can get a mutex