2

I'm preparing a script to evaluate some code coming from other people, hence, I need to limit the execution environment as much as I can.

The script is developed under python3.4 using psutil and subprocess, the target file to run is a compiled c++ code with everything I should avoid (very huge memory allocation, high cpu usage, fork creation, etc).

As documentation, i've read this page and this repository and this tutorial, but still, when I call the process from python, it seems to ignore any of the limit imposed.

The instruction that executes my script:

PROC = subprocess.Popen(["sleep 1 ; ./local_tmp/test"], shell=True, preexec_fn=preExecFunction)

Why sleep 1? Because according to this question a process may be called without limitations, hence, i'm putting the sleep to delay it and give time for python to limit all the process.

What is doing preExecFunction ? Basically is limiting the environment through calls to resource's setrlimit function in python (doc in first link i've given)

Segment of CPP code:

struct rlimit rl;
getrlimit (RLIMIT_NPROC, &rl);
printf("Default value is : %lld\n", (long long int)rl.rlim_cur);
int pid = fork();
printf("Default value is : %lld\n", (long long int)rl.rlim_cur);
printf("%d\n",pid);

Output of CPP code

Default value is : 0
Default value is : 0
31670

Any help given will be greatly appreciated. Thanks!

edit : I'm running the python script as a root user because otherwise I cannot run the psutil library.

user2905333
  • 35
  • 1
  • 5
  • I've discovered that this behaviour is caused by the root user. When I ran the script manually from an unprivileged user it gave out and respected the limit, however, if called from python with root privileges it seems to not work at all... If I run the script as an unprivileged user the message 'Cannot fork' is displayed (I'm guessing because I need to be privileged user to use subprocess.popen). – user2905333 Nov 10 '17 at 23:12

0 Answers0