Skip to content
/ parent Public
forked from gardenerik/parent

Simple wrapper to run programs with limited resources.

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Aiq0/parent

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
parent.py
parent.py
 
 
poetry.lock
poetry.lock
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Logo

Parent is a simple wrapper that allows you to run a program with limited resources and access.

Available options

Resource limits

The resources available for the program can be limited using these options. The limits are enforced using the Linux kernel's rlimit.

Option Description
-m / --memory N The program's maximum memory address space in kilobytes.
-t / --cpu-time N The program's maximum CPU time in milliseconds.
-r / --real-time N The program's maximum real-time execution time in milliseconds.
--stack N The program's stack size limit in kilobytes. (-1 for unlimited)
-f / --file-size N The program's maximum file size in kilobytes that it can create or modify.
-p / --processes N The number of threads, or processes, the program can use.

I/O

Program's stdin, stdout, and stderr will by default be redirected to parent's. You can change this behaviour using these options.

Option Description
--stdin FILE Redirect a file to the program's stdin.
--stdout FILE Redirect the program's stdout to a file.
--stderr FILE Redirect the program's stdout to a file.
--stderr-to-stdout Redirect the program's stderr to stdout.

File access

The program can access any file on the system by default. You can use these settings to restrict its access. Make sure you at least allow access to the program itself, since if you enable any of these options, the default behavior will be to prevent access to any files. File access is limited using Linux kernel's landlock. These options can be used multiple times to allow access to multiple paths.

Option Description
--fs-readonly PATH Allow the program read from files located under the provided path.
--fs-readwrite PATH Allow the program write to files located under the provided path.

Environment

The program inherits environment variables by default. It is possible to disable default inheritance and pass additional environment variables.

Option Description
--env NAME VALUE Set an environment variable.
--empty-env Do not inherit environment.

Miscelaneous options

Option Description
--drop-caps Drop the program's capabilities.
-s / --stats FILE Save execution statistics to a file.

About

Simple wrapper to run programs with limited resources.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Python 100.0%