From: Marius Gavrilescu <marius@ieval.ro>
Date: Fri, 30 Jan 2015 11:57:56 +0000 (+0200)
Subject: Limit user programs to one process
X-Git-Tag: 5999.000_005~70
X-Git-Url: http://git.ieval.ro/?p=gruntmaster-daemon.git;a=commitdiff_plain;h=a6b04042057cffa40b01bb831c4c1d08604d84f0

Limit user programs to one process
---

diff --git a/gruntmaster-exec b/gruntmaster-exec
index e7d7363..319671e 100755
--- a/gruntmaster-exec
+++ b/gruntmaster-exec
@@ -22,7 +22,7 @@ use constant +{
 use constant USER => 65534;
 use constant GROUP => 65534;
 
-use BSD::Resource qw/setrlimit RLIMIT_AS RLIMIT_FSIZE/;
+use BSD::Resource qw/setrlimit RLIMIT_AS RLIMIT_FSIZE RLIMIT_NPROC/;
 use IPC::Signal qw/sig_name sig_num/;
 use sigtrap qw/XFSZ/;
 
@@ -73,6 +73,7 @@ if ($ret) {
 	%ENV = (ONLINE_JUDGE => 1, PATH => $ENV{PATH}, HOME => $ENV{HOME});
 	setrlimit RLIMIT_AS, $mlimit, $mlimit or die $! if $mlimit;
 	setrlimit RLIMIT_FSIZE, $olimit, $olimit or die $! if $olimit;
+	setrlimit RLIMIT_NPROC, 1, 1 or die $! if $nobody;
 	POSIX::setgid $nobody ? 65534 : USER;
 	POSIX::setuid $nobody ? 65534 : GROUP;
 	exec @ARGV;