exec_sandbox 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +8 -10
  3. data/Gemfile.lock +63 -30
  4. data/VERSION +1 -1
  5. data/exec_sandbox.gemspec +20 -22
  6. data/lib/exec_sandbox/sandbox.rb +1 -1
  7. data/lib/exec_sandbox/spawn.rb +35 -21
  8. data/lib/exec_sandbox/wait4.rb +6 -6
  9. data/spec/exec_sandbox/sandbox_spec.rb +43 -44
  10. data/spec/exec_sandbox/spawn_spec.rb +22 -22
  11. metadata +66 -58
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: a5ba917057f393e64b4b5543f35e9373beeb5bc0
4
+ data.tar.gz: ac8bd31a735584032a8801cb015a27affd5c0bdb
5
+ SHA512:
6
+ metadata.gz: 701e43695402f05185797c24998571bebd1ee687d707521a5071cea29f07e7a2fcb555e8fea2948121f2a8582d236443845d8839f1c0a09df823b7b21bdf0ac4
7
+ data.tar.gz: c8d0d3211d76cd99fcd7165ec984aee35eb5946b42e1030b0faa10eb3663fa07c78b4de88343f710f167264839e4980abedb6dda8c4a8cdc7dade2d88d8b8f78
data/Gemfile CHANGED
@@ -1,18 +1,16 @@
1
- source :rubygems
1
+ source 'https://rubygems.org'
2
+
2
3
  # Add dependencies required to use your gem here.
3
- # Example:
4
- # gem 'activesupport', '>= 2.3.5'
5
- gem 'ffi', '>= 1.0.11'
4
+ gem 'ffi', '>= 1.9.3'
6
5
 
7
6
  # Add dependencies to develop your gem here.
8
7
  # Include everything needed to run rake, tests, features, etc.
9
8
  group :development do
10
9
  gem 'rdoc', '>= 3.10'
11
- gem 'rspec', '>= 2.8.0'
12
- gem 'yard', '>= 0.7.5'
10
+ gem 'rspec', '>= 2.14.1'
11
+ gem 'yard', '>= 0.8.7.3'
13
12
  gem 'yard-rspec', '>= 0.1'
14
- gem 'bundler', '>= 1.0.21'
15
- gem 'jeweler', '>= 1.8.3'
16
- gem 'rcov', '>= 0', :platform => [:mri_18]
17
- gem 'simplecov', '>= 0', :platform => [:mri_19]
13
+ gem 'bundler', '>= 1.3.5'
14
+ gem 'jeweler', '>= 2.0.1'
15
+ gem 'simplecov', '>= 0', :platform => :mri
18
16
  end
data/Gemfile.lock CHANGED
@@ -1,33 +1,67 @@
1
1
  GEM
2
- remote: http://rubygems.org/
2
+ remote: https://rubygems.org/
3
3
  specs:
4
- diff-lcs (1.1.3)
5
- ffi (1.0.11)
6
- git (1.2.5)
7
- jeweler (1.8.3)
8
- bundler (~> 1.0)
4
+ addressable (2.3.5)
5
+ builder (3.2.2)
6
+ descendants_tracker (0.0.3)
7
+ diff-lcs (1.2.5)
8
+ docile (1.1.3)
9
+ faraday (0.9.0)
10
+ multipart-post (>= 1.2, < 3)
11
+ ffi (1.9.3)
12
+ git (1.2.6)
13
+ github_api (0.11.2)
14
+ addressable (~> 2.3)
15
+ descendants_tracker (~> 0.0.1)
16
+ faraday (~> 0.8, < 0.10)
17
+ hashie (>= 1.2)
18
+ multi_json (>= 1.7.5, < 2.0)
19
+ nokogiri (~> 1.6.0)
20
+ oauth2
21
+ hashie (2.0.5)
22
+ highline (1.6.20)
23
+ jeweler (2.0.1)
24
+ builder
25
+ bundler (>= 1.0)
9
26
  git (>= 1.2.5)
27
+ github_api
28
+ highline (>= 1.6.15)
29
+ nokogiri (>= 1.5.10)
10
30
  rake
11
31
  rdoc
12
- json (1.6.5)
13
- multi_json (1.0.4)
14
- rake (0.9.2.2)
15
- rcov (1.0.0)
16
- rdoc (3.12)
32
+ json (1.8.1)
33
+ jwt (0.1.11)
34
+ multi_json (>= 1.5)
35
+ mini_portile (0.5.2)
36
+ multi_json (1.8.4)
37
+ multi_xml (0.5.5)
38
+ multipart-post (2.0.0)
39
+ nokogiri (1.6.1)
40
+ mini_portile (~> 0.5.0)
41
+ oauth2 (0.9.3)
42
+ faraday (>= 0.8, < 0.10)
43
+ jwt (~> 0.1.8)
44
+ multi_json (~> 1.3)
45
+ multi_xml (~> 0.5)
46
+ rack (~> 1.2)
47
+ rack (1.5.2)
48
+ rake (10.1.1)
49
+ rdoc (4.1.1)
17
50
  json (~> 1.4)
18
- rspec (2.8.0)
19
- rspec-core (~> 2.8.0)
20
- rspec-expectations (~> 2.8.0)
21
- rspec-mocks (~> 2.8.0)
22
- rspec-core (2.8.0)
23
- rspec-expectations (2.8.0)
24
- diff-lcs (~> 1.1.2)
25
- rspec-mocks (2.8.0)
26
- simplecov (0.5.4)
27
- multi_json (~> 1.0.3)
28
- simplecov-html (~> 0.5.3)
29
- simplecov-html (0.5.3)
30
- yard (0.7.5)
51
+ rspec (2.14.1)
52
+ rspec-core (~> 2.14.0)
53
+ rspec-expectations (~> 2.14.0)
54
+ rspec-mocks (~> 2.14.0)
55
+ rspec-core (2.14.7)
56
+ rspec-expectations (2.14.5)
57
+ diff-lcs (>= 1.1.3, < 2.0)
58
+ rspec-mocks (2.14.5)
59
+ simplecov (0.8.2)
60
+ docile (~> 1.1.0)
61
+ multi_json
62
+ simplecov-html (~> 0.8.0)
63
+ simplecov-html (0.8.0)
64
+ yard (0.8.7.3)
31
65
  yard-rspec (0.1)
32
66
  yard
33
67
 
@@ -35,12 +69,11 @@ PLATFORMS
35
69
  ruby
36
70
 
37
71
  DEPENDENCIES
38
- bundler (>= 1.0.21)
39
- ffi (>= 1.0.11)
40
- jeweler (>= 1.8.3)
41
- rcov
72
+ bundler (>= 1.3.5)
73
+ ffi (>= 1.9.3)
74
+ jeweler (>= 2.0.1)
42
75
  rdoc (>= 3.10)
43
- rspec (>= 2.8.0)
76
+ rspec (>= 2.14.1)
44
77
  simplecov
45
- yard (>= 0.7.5)
78
+ yard (>= 0.8.7.3)
46
79
  yard-rspec (>= 0.1)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.3
1
+ 0.2.4
data/exec_sandbox.gemspec CHANGED
@@ -2,14 +2,15 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
+ # stub: exec_sandbox 0.2.4 ruby lib
5
6
 
6
7
  Gem::Specification.new do |s|
7
8
  s.name = "exec_sandbox"
8
- s.version = "0.2.3"
9
+ s.version = "0.2.4"
9
10
 
10
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
12
  s.authors = ["Victor Costan"]
12
- s.date = "2012-02-09"
13
+ s.date = "2014-02-05"
13
14
  s.description = "Temporary users and groups, rlimits"
14
15
  s.email = "costan@gmail.com"
15
16
  s.extra_rdoc_files = [
@@ -50,42 +51,39 @@ Gem::Specification.new do |s|
50
51
  s.homepage = "http://github.com/pwnall/exec_sandbox"
51
52
  s.licenses = ["MIT"]
52
53
  s.require_paths = ["lib"]
53
- s.rubygems_version = "1.8.15"
54
+ s.rubygems_version = "2.1.11"
54
55
  s.summary = "Run foreign binaries using POSIX sandboxing features"
55
56
 
56
57
  if s.respond_to? :specification_version then
57
- s.specification_version = 3
58
+ s.specification_version = 4
58
59
 
59
60
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
60
- s.add_runtime_dependency(%q<ffi>, [">= 1.0.11"])
61
+ s.add_runtime_dependency(%q<ffi>, [">= 1.9.3"])
61
62
  s.add_development_dependency(%q<rdoc>, [">= 3.10"])
62
- s.add_development_dependency(%q<rspec>, [">= 2.8.0"])
63
- s.add_development_dependency(%q<yard>, [">= 0.7.5"])
63
+ s.add_development_dependency(%q<rspec>, [">= 2.14.1"])
64
+ s.add_development_dependency(%q<yard>, [">= 0.8.7.3"])
64
65
  s.add_development_dependency(%q<yard-rspec>, [">= 0.1"])
65
- s.add_development_dependency(%q<bundler>, [">= 1.0.21"])
66
- s.add_development_dependency(%q<jeweler>, [">= 1.8.3"])
67
- s.add_development_dependency(%q<rcov>, [">= 0"])
66
+ s.add_development_dependency(%q<bundler>, [">= 1.3.5"])
67
+ s.add_development_dependency(%q<jeweler>, [">= 2.0.1"])
68
68
  s.add_development_dependency(%q<simplecov>, [">= 0"])
69
69
  else
70
- s.add_dependency(%q<ffi>, [">= 1.0.11"])
70
+ s.add_dependency(%q<ffi>, [">= 1.9.3"])
71
71
  s.add_dependency(%q<rdoc>, [">= 3.10"])
72
- s.add_dependency(%q<rspec>, [">= 2.8.0"])
73
- s.add_dependency(%q<yard>, [">= 0.7.5"])
72
+ s.add_dependency(%q<rspec>, [">= 2.14.1"])
73
+ s.add_dependency(%q<yard>, [">= 0.8.7.3"])
74
74
  s.add_dependency(%q<yard-rspec>, [">= 0.1"])
75
- s.add_dependency(%q<bundler>, [">= 1.0.21"])
76
- s.add_dependency(%q<jeweler>, [">= 1.8.3"])
77
- s.add_dependency(%q<rcov>, [">= 0"])
75
+ s.add_dependency(%q<bundler>, [">= 1.3.5"])
76
+ s.add_dependency(%q<jeweler>, [">= 2.0.1"])
78
77
  s.add_dependency(%q<simplecov>, [">= 0"])
79
78
  end
80
79
  else
81
- s.add_dependency(%q<ffi>, [">= 1.0.11"])
80
+ s.add_dependency(%q<ffi>, [">= 1.9.3"])
82
81
  s.add_dependency(%q<rdoc>, [">= 3.10"])
83
- s.add_dependency(%q<rspec>, [">= 2.8.0"])
84
- s.add_dependency(%q<yard>, [">= 0.7.5"])
82
+ s.add_dependency(%q<rspec>, [">= 2.14.1"])
83
+ s.add_dependency(%q<yard>, [">= 0.8.7.3"])
85
84
  s.add_dependency(%q<yard-rspec>, [">= 0.1"])
86
- s.add_dependency(%q<bundler>, [">= 1.0.21"])
87
- s.add_dependency(%q<jeweler>, [">= 1.8.3"])
88
- s.add_dependency(%q<rcov>, [">= 0"])
85
+ s.add_dependency(%q<bundler>, [">= 1.3.5"])
86
+ s.add_dependency(%q<jeweler>, [">= 2.0.1"])
89
87
  s.add_dependency(%q<simplecov>, [">= 0"])
90
88
  end
91
89
  end
data/lib/exec_sandbox/sandbox.rb CHANGED
@@ -26,7 +26,7 @@ class Sandbox
26
26
  @destroyed = false
27
27
 
28
28
  # principal argument for Spawn.spawn()
29
- @principal = { :uid => @user_uid, :gid => @user_gid, :dir => @path }
29
+ @principal = { uid: @user_uid, gid: @user_gid, dir: @path }
30
30
  end
31
31
 
32
32
  # Copies a file or directory to the sandbox.
data/lib/exec_sandbox/spawn.rb CHANGED
@@ -7,7 +7,7 @@ module Spawn
7
7
  #
8
8
  # @param [String, Array] command the command to be executed via exec
9
9
  # @param [Hash] io see limit_io
10
- # @param [Hash] principal the principal for the enw process
10
+ # @param [Hash] principal the principal for the new process
11
11
  # @param [Hash] resources see limit_resources
12
12
  # @return [Fixnum] the child's PID
13
13
  def self.spawn(command, io = {}, principal = {}, resources = {})
@@ -40,10 +40,10 @@ module Spawn
40
40
  redirects << [k, redirects.length, v]
41
41
  end
42
42
  end
43
-
43
+
44
44
  # Perform the redirections.
45
45
  redirects.sort!
46
- redirects.each do |fd_num, _, target|
46
+ redirects.each do |fd_num, _, target|
47
47
  if target.respond_to?(:fileno)
48
48
  # IO stream.
49
49
  if target.fileno != fd_num
@@ -60,26 +60,18 @@ module Spawn
60
60
  end
61
61
  end
62
62
  end
63
-
63
+
64
64
  # Close all file descriptors not in the redirection table.
65
65
  redirected_fds = Set.new redirects.map(&:first)
66
66
  max_fd = LibC.getdtablesize
67
67
  0.upto(max_fd) do |fd|
68
68
  next if redirected_fds.include?(fd)
69
-
70
- # TODO(pwnall): this is slow; consider detecting the Ruby version and
71
- # only running it on buggy MRIs
72
- begin
73
- # This fails if rb_reserved_fd_p returns 0.
74
- # In that case, we shouldn't close the FD, otherwise the VM will crash.
75
- IO.new(fd)
76
- rescue ArgumentError, Errno::EBADF
77
- next
78
- end
69
+
70
+ next if RubyVM.rb_reserved_fd_p(fd) != 0
79
71
  LibC.close fd
80
72
  end
81
73
  end
82
-
74
+
83
75
  # Sets the process' principal for access control.
84
76
  #
85
77
  # @param [Hash] principal information about the process' principal
@@ -88,7 +80,7 @@ module Spawn
88
80
  # @option principal [Fixnum] :gid the new group ID
89
81
  def self.set_principal(principal)
90
82
  Dir.chdir principal[:dir] if principal[:dir]
91
-
83
+
92
84
  if principal[:gid]
93
85
  begin
94
86
  Process::Sys.setresgid principal[:gid], principal[:gid], principal[:gid]
@@ -102,7 +94,7 @@ module Spawn
102
94
  principal[:gid] || Process.gid
103
95
  rescue NotImplementedError
104
96
  end
105
-
97
+
106
98
  begin
107
99
  Process::Sys.setresuid principal[:uid], principal[:uid], principal[:uid]
108
100
  rescue NotImplementedError
@@ -110,7 +102,7 @@ module Spawn
110
102
  end
111
103
  end
112
104
  end
113
-
105
+
114
106
  # Constrains the resource usage of the current process.
115
107
  #
116
108
  # @param [Hash{Symbol => Number}] limits the constraints to be applied
@@ -150,7 +142,7 @@ module Spawn
150
142
  _setrlimit Process::RLIMIT_RSS, limits[:data]
151
143
  end
152
144
  end
153
-
145
+
154
146
  # Wrapper for Process.setrlimit that eats exceptions.
155
147
  def self._setrlimit(limit, value)
156
148
  begin
@@ -159,7 +151,7 @@ module Spawn
159
151
  # The call failed, probably because the limit is already lower than this.
160
152
  end
161
153
  end
162
-
154
+
163
155
  # Maps raw I/O functions.
164
156
  module LibC
165
157
  extend FFI::Library
@@ -168,6 +160,28 @@ module Spawn
168
160
  attach_function :getdtablesize, [], :int
169
161
  attach_function :dup2, [:int, :int], :int
170
162
  end # module ExecSandbox::Spawn::Libc
163
+
164
+ # Maps an internal MRI function that we need.
165
+ module RubyVM
166
+ extend FFI::Library
167
+ ffi_lib RbConfig::CONFIG['LIBRUBY']
168
+ begin
169
+ attach_function :rb_reserved_fd_p, [:int], :int
170
+ rescue FFI::NotFoundError
171
+ # Emulation of internal MRI function.
172
+ #
173
+ # This is a fallback, used in case FFI can't find the MRI function.
174
+ def self.rb_reserved_fd_p(fd)
175
+ begin
176
+ # This fails if rb_reserved_fd_p returns a non-zero value.
177
+ IO.new fd
178
+ return 0
179
+ rescue ArgumentError, Errno::EBADF
180
+ return 1
181
+ end
182
+ end
183
+ end
184
+ end
171
185
  end # module ExecSandbox::Spawn
172
-
186
+
173
187
  end # namespace ExecSandbox
data/lib/exec_sandbox/wait4.rb CHANGED
@@ -13,15 +13,15 @@ module Wait4
13
13
  rusage = ExecSandbox::Wait4::Rusage.new
14
14
  returned_pid = LibC.wait4(pid, status_ptr, 0, rusage.pointer)
15
15
  raise SystemCallError, FFI.errno if returned_pid < 0
16
- status = { :bits => status_ptr.read_int }
16
+ status = { bits: status_ptr.read_int }
17
17
  status_ptr.free
18
-
18
+
19
19
  signal_code = status[:bits] & 0x7f
20
20
  status[:exit_code] = (signal_code != 0) ? -signal_code : status[:bits] >> 8
21
21
  status[:user_time] = rusage[:ru_utime_sec] +
22
22
  rusage[:ru_utime_usec] * 0.000_001
23
23
  status[:system_time] = rusage[:ru_stime_sec] +
24
- rusage[:ru_stime_usec] * 0.000_001
24
+ rusage[:ru_stime_usec] * 0.000_001
25
25
  status[:rss] = rusage[:ru_maxrss] / 1024.0
26
26
  return status
27
27
  end
@@ -31,9 +31,9 @@ module Wait4
31
31
  extend FFI::Library
32
32
  ffi_lib FFI::Library::LIBC
33
33
  attach_function :wait4, [:int, :pointer, :int, :pointer], :int,
34
- :blocking => true
34
+ blocking: true
35
35
  end # module ExecSandbox::Wait4::Libc
36
-
36
+
37
37
  # Maps struct rusage in sys/resource.h, used by wait4.
38
38
  class Rusage < FFI::Struct
39
39
  # Total amount of user time used.
@@ -81,5 +81,5 @@ module Wait4
81
81
  end # struct ExecSandbox::Wait4::Rusage
82
82
 
83
83
  end # module ExecSandbox::Wait4
84
-
84
+
85
85
  end # namespace ExecSandbox
data/spec/exec_sandbox/sandbox_spec.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
2
 
3
- describe ExecSandbox::Sandbox do
3
+ describe ExecSandbox::Sandbox do
4
4
  describe 'IO redirection' do
5
5
  before do
6
6
  @temp_in = Tempfile.new 'exec_sandbox_rspec'
@@ -17,55 +17,55 @@ describe ExecSandbox::Sandbox do
17
17
  describe 'duplicate.rb' do
18
18
  before do
19
19
  ExecSandbox.use do |s|
20
- @result = s.run bin_fixture(:duplicate), :in => @temp_in.path,
21
- :out => @temp_out.path
20
+ @result = s.run bin_fixture(:duplicate), in: @temp_in.path,
21
+ out: @temp_out.path
22
22
  end
23
23
  end
24
24
 
25
25
  it 'should not crash' do
26
26
  @result[:exit_code].should == 0
27
27
  end
28
-
28
+
29
29
  it 'should produce the correct result' do
30
- File.read(@temp_out.path).should == "I/O test\nI/O test\n"
30
+ File.read(@temp_out.path).should == "I/O test\nI/O test\n"
31
31
  end
32
32
  end
33
33
 
34
34
  describe 'count.rb' do
35
35
  before do
36
36
  ExecSandbox.use do |s|
37
- @result = s.run [bin_fixture(:count), '9'], :in => @temp_in.path,
38
- :out => @temp_out.path, :err => :out
37
+ @result = s.run [bin_fixture(:count), '9'], in: @temp_in.path,
38
+ out: @temp_out.path, err: :out
39
39
  end
40
40
  end
41
-
41
+
42
42
  it 'should not crash' do
43
43
  @result[:exit_code].should == 0
44
44
  end
45
-
45
+
46
46
  it 'should produce the correct result' do
47
47
  File.read(@temp_out.path).should == (1..9).map { |i| "#{i}\n" }.join('')
48
48
  end
49
49
  end
50
50
  end
51
-
51
+
52
52
  describe 'pipe redirection' do
53
53
  describe 'duplicate.rb' do
54
54
  before do
55
55
  ExecSandbox.use do |s|
56
- @result = s.run bin_fixture(:duplicate), :in_data => "Pipe test\n"
56
+ @result = s.run bin_fixture(:duplicate), in_data: "Pipe test\n"
57
57
  end
58
58
  end
59
-
59
+
60
60
  it 'should not crash' do
61
61
  @result[:exit_code].should == 0
62
62
  end
63
-
63
+
64
64
  it 'should produce the correct result' do
65
65
  @result[:out_data].should == "Pipe test\nPipe test\n"
66
66
  end
67
67
  end
68
-
68
+
69
69
  describe 'buffer.rb' do
70
70
  let(:buffer_size) { 1024 * 1024 }
71
71
  before do
@@ -73,34 +73,34 @@ describe ExecSandbox::Sandbox do
73
73
  @result = s.run [bin_fixture(:buffer), '', buffer_size.to_s]
74
74
  end
75
75
  end
76
-
76
+
77
77
  it 'should not crash' do
78
78
  @result[:exit_code].should == 0
79
79
  end
80
-
80
+
81
81
  it 'should produce the correct result' do
82
82
  @result[:out_data].should == "S" * buffer_size
83
83
  end
84
84
  end
85
-
85
+
86
86
  describe 'count.rb' do
87
87
  before do
88
88
  ExecSandbox.use do |s|
89
- @result = s.run [bin_fixture(:count), '9'], :err => :out
89
+ @result = s.run [bin_fixture(:count), '9'], err: :out
90
90
  end
91
91
  end
92
-
92
+
93
93
  it 'should not crash' do
94
94
  @result[:exit_code].should == 0
95
95
  end
96
-
96
+
97
97
  it 'should produce the correct result' do
98
98
  @result[:out_data].should == (1..9).map { |i| "#{i}\n" }.join('')
99
99
  end
100
100
  end
101
101
  end
102
-
103
-
102
+
103
+
104
104
  describe 'resource limitations' do
105
105
  describe 'churn.rb' do
106
106
  before do
@@ -110,7 +110,7 @@ describe ExecSandbox::Sandbox do
110
110
  after do
111
111
  @temp_out.unlink
112
112
  end
113
-
113
+
114
114
  describe 'without limitations' do
115
115
  before do
116
116
  ExecSandbox.use do |s|
@@ -118,44 +118,44 @@ describe ExecSandbox::Sandbox do
118
118
  s.pull 'stdout', @temp_out.path
119
119
  end
120
120
  end
121
-
121
+
122
122
  it 'should not crash' do
123
123
  @result[:exit_code].should == 0
124
124
  end
125
-
125
+
126
126
  it 'should run for at least 2 seconds' do
127
127
  (@result[:user_time] + @result[:system_time]).should > 2
128
128
  end
129
-
129
+
130
130
  it 'should output something' do
131
131
  File.stat(@temp_out.path).size.should > 0
132
132
  end
133
133
  end
134
-
134
+
135
135
  describe 'with CPU time limitation' do
136
136
  before do
137
137
  ExecSandbox.use do |s|
138
138
  @result = s.run [bin_fixture(:churn), 'stdout', 3.to_s],
139
- :limits => {:cpu => 1}
139
+ limits: {cpu: 1}
140
140
  s.pull 'stdout', @temp_out.path
141
141
  end
142
142
  end
143
-
143
+
144
144
  it 'should run for at least 0.5 seconds' do
145
145
  (@result[:user_time] + @result[:system_time]).should >= 0.5
146
146
  end
147
-
147
+
148
148
  it 'should run for less than 2 seconds' do
149
149
  (@result[:user_time] + @result[:system_time]).should < 2
150
150
  end
151
-
151
+
152
152
  it 'should not have a chance to output' do
153
153
  File.stat(@temp_out.path).size.should == 0
154
154
  end
155
155
  end
156
156
  end
157
157
  end
158
-
158
+
159
159
  describe '#push' do
160
160
  let(:test_user) { Etc.getlogin }
161
161
  let(:test_uid) { Etc.getpwnam(test_user).uid }
@@ -166,49 +166,48 @@ describe ExecSandbox::Sandbox do
166
166
  @sandbox = ExecSandbox.open test_user
167
167
  end
168
168
  after do
169
- @sandbox.close
169
+ @sandbox.close if @sandbox
170
170
  end
171
-
171
+
172
172
  describe 'a file' do
173
173
  before do
174
174
  @to = @sandbox.push __FILE__
175
175
  end
176
-
176
+
177
177
  it 'should copy straight to the sandbox directory' do
178
178
  File.dirname(@to).should == @sandbox.path
179
179
  end
180
-
180
+
181
181
  it 'should use the same file name' do
182
- File.basename(@to).should == 'sandbox_spec.rb'
182
+ File.basename(@to).should == 'sandbox_spec.rb'
183
183
  end
184
-
184
+
185
185
  it "should set the file's owner to the admin" do
186
186
  File.stat(@to).uid.should == test_uid
187
187
  end
188
-
188
+
189
189
  it "should not set the file's group to the admin" do
190
190
  File.stat(@to).gid.should_not == test_gid
191
191
  end
192
192
  end
193
193
  end
194
-
194
+
195
195
  describe '#cleanup' do
196
196
  describe 'in a system with an open sandbox' do
197
197
  before do
198
198
  @all_users = ExecSandbox::Users.named(/.*/).sort
199
-
199
+
200
200
  @sandbox = ExecSandbox.open
201
201
  @removed = ExecSandbox::Sandbox.cleanup
202
202
  end
203
-
203
+
204
204
  it 'should not remove the sandbox user' do
205
205
  ExecSandbox::Users.named(/.*/).sort.should == @all_users
206
206
  end
207
-
207
+
208
208
  it 'should return an array with the sandbox user' do
209
209
  @removed.should == [@sandbox.user_name]
210
210
  end
211
211
  end
212
-
213
212
  end
214
213
  end
data/spec/exec_sandbox/spawn_spec.rb CHANGED
@@ -49,8 +49,8 @@ describe ExecSandbox::Spawn do
49
49
  describe 'with paths' do
50
50
  before do
51
51
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
52
- {:in => @temp_in.path, :out => @temp_out.path,
53
- :err => @temp_out.path}
52
+ {in: @temp_in.path, out: @temp_out.path,
53
+ err: @temp_out.path}
54
54
  @status = ExecSandbox::Wait4.wait4 pid
55
55
  end
56
56
 
@@ -62,7 +62,7 @@ describe ExecSandbox::Spawn do
62
62
  File.open(@temp_in.path, 'r') do |in_io|
63
63
  File.open(@temp_out.path, 'w') do |out_io|
64
64
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
65
- {:in => in_io, :out => out_io, :err => STDERR}
65
+ {in: in_io, out: out_io, err: STDERR}
66
66
  @status = ExecSandbox::Wait4.wait4 pid
67
67
  end
68
68
  end
@@ -74,7 +74,7 @@ describe ExecSandbox::Spawn do
74
74
  describe 'without stdout' do
75
75
  before do
76
76
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
77
- {:in => @temp_in.path}
77
+ {in: @temp_in.path}
78
78
  @status = ExecSandbox::Wait4.wait4 pid
79
79
  end
80
80
 
@@ -103,7 +103,7 @@ describe ExecSandbox::Spawn do
103
103
  File.open(@temp_in.path, 'r') do |in_io|
104
104
  File.open(@temp_out.path, 'w') do |out_io|
105
105
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:count), '9'],
106
- {:in => in_io, :out => out_io, :err => STDOUT}
106
+ {in: in_io, out: out_io, err: STDOUT}
107
107
  @status = ExecSandbox::Wait4.wait4 pid
108
108
  end
109
109
  end
@@ -126,8 +126,8 @@ describe ExecSandbox::Spawn do
126
126
  describe 'with root credentials' do
127
127
  before do
128
128
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
129
- @temp_path, "Spawn uid test\n"], {:err => STDERR},
130
- {:uid => 0, :gid => 0}
129
+ @temp_path, "Spawn uid test\n"], {err: STDERR},
130
+ {uid: 0, gid: 0}
131
131
  @status = ExecSandbox::Wait4.wait4 pid
132
132
  @fstat = File.stat(@temp_path)
133
133
  end
@@ -152,8 +152,8 @@ describe ExecSandbox::Spawn do
152
152
  before do
153
153
  @temp.unlink
154
154
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
155
- @temp_path, "Spawn uid test\n"], {:err => STDERR},
156
- {:uid => test_uid, :gid => test_gid}
155
+ @temp_path, "Spawn uid test\n"], {err: STDERR},
156
+ {uid: test_uid, gid: test_gid}
157
157
  @status = ExecSandbox::Wait4.wait4 pid
158
158
  end
159
159
 
@@ -178,7 +178,7 @@ describe ExecSandbox::Spawn do
178
178
  File.chmod 0700, @temp_path
179
179
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
180
180
  @temp_path, "Spawn uid test\n"], {},
181
- {:uid => test_uid, :gid => test_gid}
181
+ {uid: test_uid, gid: test_gid}
182
182
  @status = ExecSandbox::Wait4.wait4 pid
183
183
  end
184
184
 
@@ -196,7 +196,7 @@ describe ExecSandbox::Spawn do
196
196
  File.chmod 070, @temp_path
197
197
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg), @temp_path,
198
198
  "Spawn uid test\n"], {},
199
- {:uid => test_uid, :gid => test_gid}
199
+ {uid: test_uid, gid: test_gid}
200
200
  @status = ExecSandbox::Wait4.wait4 pid
201
201
  end
202
202
 
@@ -213,7 +213,7 @@ describe ExecSandbox::Spawn do
213
213
  before do
214
214
  @temp_dir = Dir.mktmpdir 'exec_sandbox_rspec'
215
215
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:pwd), @temp_path],
216
- {}, {:dir => @temp_dir}
216
+ {}, {dir: @temp_dir}
217
217
  @status = ExecSandbox::Wait4.wait4 pid
218
218
  end
219
219
  after do
@@ -244,7 +244,7 @@ describe ExecSandbox::Spawn do
244
244
  describe 'without limitations' do
245
245
  before do
246
246
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
247
- (512 * 1024 * 1024).to_s], {:err => STDERR}, {}, {}
247
+ (512 * 1024 * 1024).to_s], {err: STDERR}, {}, {}
248
248
  @status = ExecSandbox::Wait4.wait4 pid
249
249
  end
250
250
 
@@ -260,7 +260,7 @@ describe ExecSandbox::Spawn do
260
260
  describe 'with 256mb memory limitation' do
261
261
  before do
262
262
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
263
- (512 * 1024 * 1024).to_s], {}, {}, {:data => 256 * 1024 * 1024}
263
+ (512 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
264
264
  @status = ExecSandbox::Wait4.wait4 pid
265
265
  end
266
266
 
@@ -277,7 +277,7 @@ describe ExecSandbox::Spawn do
277
277
  before do
278
278
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
279
279
  (512 * 1024 * 1024).to_s], {}, {},
280
- {:file_size => 64 * 1024 * 1024}
280
+ {file_size: 64 * 1024 * 1024}
281
281
  @status = ExecSandbox::Wait4.wait4 pid
282
282
  end
283
283
 
@@ -305,7 +305,7 @@ describe ExecSandbox::Spawn do
305
305
  describe 'without limitations' do
306
306
  before do
307
307
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
308
- (128 * 1024 * 1024).to_s], {:err => STDERR}, {}, {}
308
+ (128 * 1024 * 1024).to_s], {err: STDERR}, {}, {}
309
309
  @status = ExecSandbox::Wait4.wait4 pid
310
310
  end
311
311
 
@@ -315,7 +315,7 @@ describe ExecSandbox::Spawn do
315
315
  describe 'with 256mb memory limitation' do
316
316
  before do
317
317
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
318
- (128 * 1024 * 1024).to_s], {}, {}, {:data => 256 * 1024 * 1024}
318
+ (128 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
319
319
  @status = ExecSandbox::Wait4.wait4 pid
320
320
  end
321
321
 
@@ -326,7 +326,7 @@ describe ExecSandbox::Spawn do
326
326
  before do
327
327
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
328
328
  (128 * 1024 * 1024).to_s], {}, {},
329
- {:file_size => 256 * 1024 * 1024}
329
+ {file_size: 256 * 1024 * 1024}
330
330
  @status = ExecSandbox::Wait4.wait4 pid
331
331
  end
332
332
 
@@ -339,7 +339,7 @@ describe ExecSandbox::Spawn do
339
339
  describe 'without limitations' do
340
340
  before do
341
341
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
342
- 10.to_s], {:err => STDERR}, {}, {}
342
+ 10.to_s], {err: STDERR}, {}, {}
343
343
  @status = ExecSandbox::Wait4.wait4 pid
344
344
  end
345
345
 
@@ -355,7 +355,7 @@ describe ExecSandbox::Spawn do
355
355
  describe 'with sub-process limitation' do
356
356
  before do
357
357
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
358
- 10.to_s], {}, {}, {:processes => 4}
358
+ 10.to_s], {}, {}, {processes: 4}
359
359
  @status = ExecSandbox::Wait4.wait4 pid
360
360
  end
361
361
 
@@ -373,7 +373,7 @@ describe ExecSandbox::Spawn do
373
373
  describe 'without limitations' do
374
374
  before do
375
375
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
376
- 3.to_s], {:err => STDERR}, {}, {}
376
+ 3.to_s], {err: STDERR}, {}, {}
377
377
  @status = ExecSandbox::Wait4.wait4 pid
378
378
  end
379
379
 
@@ -393,7 +393,7 @@ describe ExecSandbox::Spawn do
393
393
  describe 'with CPU time limitation' do
394
394
  before do
395
395
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
396
- 10.to_s], {}, {}, {:cpu => 1}
396
+ 10.to_s], {}, {}, {cpu: 1}
397
397
  @status = ExecSandbox::Wait4.wait4 pid
398
398
  end
399
399
 
metadata CHANGED
@@ -1,115 +1,127 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: exec_sandbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
5
- prerelease:
4
+ version: 0.2.4
6
5
  platform: ruby
7
6
  authors:
8
7
  - Victor Costan
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-02-09 00:00:00.000000000Z
11
+ date: 2014-02-05 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: ffi
16
- requirement: &25139320 !ruby/object:Gem::Requirement
17
- none: false
15
+ requirement: !ruby/object:Gem::Requirement
18
16
  requirements:
19
- - - ! '>='
17
+ - - '>='
20
18
  - !ruby/object:Gem::Version
21
- version: 1.0.11
19
+ version: 1.9.3
22
20
  type: :runtime
23
21
  prerelease: false
24
- version_requirements: *25139320
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '>='
25
+ - !ruby/object:Gem::Version
26
+ version: 1.9.3
25
27
  - !ruby/object:Gem::Dependency
26
28
  name: rdoc
27
- requirement: &25138680 !ruby/object:Gem::Requirement
28
- none: false
29
+ requirement: !ruby/object:Gem::Requirement
29
30
  requirements:
30
- - - ! '>='
31
+ - - '>='
31
32
  - !ruby/object:Gem::Version
32
33
  version: '3.10'
33
34
  type: :development
34
35
  prerelease: false
35
- version_requirements: *25138680
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '3.10'
36
41
  - !ruby/object:Gem::Dependency
37
42
  name: rspec
38
- requirement: &25138060 !ruby/object:Gem::Requirement
39
- none: false
43
+ requirement: !ruby/object:Gem::Requirement
40
44
  requirements:
41
- - - ! '>='
45
+ - - '>='
42
46
  - !ruby/object:Gem::Version
43
- version: 2.8.0
47
+ version: 2.14.1
44
48
  type: :development
45
49
  prerelease: false
46
- version_requirements: *25138060
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '>='
53
+ - !ruby/object:Gem::Version
54
+ version: 2.14.1
47
55
  - !ruby/object:Gem::Dependency
48
56
  name: yard
49
- requirement: &25137500 !ruby/object:Gem::Requirement
50
- none: false
57
+ requirement: !ruby/object:Gem::Requirement
51
58
  requirements:
52
- - - ! '>='
59
+ - - '>='
53
60
  - !ruby/object:Gem::Version
54
- version: 0.7.5
61
+ version: 0.8.7.3
55
62
  type: :development
56
63
  prerelease: false
57
- version_requirements: *25137500
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '>='
67
+ - !ruby/object:Gem::Version
68
+ version: 0.8.7.3
58
69
  - !ruby/object:Gem::Dependency
59
70
  name: yard-rspec
60
- requirement: &25136740 !ruby/object:Gem::Requirement
61
- none: false
71
+ requirement: !ruby/object:Gem::Requirement
62
72
  requirements:
63
- - - ! '>='
73
+ - - '>='
64
74
  - !ruby/object:Gem::Version
65
75
  version: '0.1'
66
76
  type: :development
67
77
  prerelease: false
68
- version_requirements: *25136740
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0.1'
69
83
  - !ruby/object:Gem::Dependency
70
84
  name: bundler
71
- requirement: &25135940 !ruby/object:Gem::Requirement
72
- none: false
85
+ requirement: !ruby/object:Gem::Requirement
73
86
  requirements:
74
- - - ! '>='
87
+ - - '>='
75
88
  - !ruby/object:Gem::Version
76
- version: 1.0.21
89
+ version: 1.3.5
77
90
  type: :development
78
91
  prerelease: false
79
- version_requirements: *25135940
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '>='
95
+ - !ruby/object:Gem::Version
96
+ version: 1.3.5
80
97
  - !ruby/object:Gem::Dependency
81
98
  name: jeweler
82
- requirement: &25119740 !ruby/object:Gem::Requirement
83
- none: false
99
+ requirement: !ruby/object:Gem::Requirement
84
100
  requirements:
85
- - - ! '>='
101
+ - - '>='
86
102
  - !ruby/object:Gem::Version
87
- version: 1.8.3
103
+ version: 2.0.1
88
104
  type: :development
89
105
  prerelease: false
90
- version_requirements: *25119740
91
- - !ruby/object:Gem::Dependency
92
- name: rcov
93
- requirement: &25119080 !ruby/object:Gem::Requirement
94
- none: false
106
+ version_requirements: !ruby/object:Gem::Requirement
95
107
  requirements:
96
- - - ! '>='
108
+ - - '>='
97
109
  - !ruby/object:Gem::Version
98
- version: '0'
99
- type: :development
100
- prerelease: false
101
- version_requirements: *25119080
110
+ version: 2.0.1
102
111
  - !ruby/object:Gem::Dependency
103
112
  name: simplecov
104
- requirement: &25117840 !ruby/object:Gem::Requirement
105
- none: false
113
+ requirement: !ruby/object:Gem::Requirement
106
114
  requirements:
107
- - - ! '>='
115
+ - - '>='
108
116
  - !ruby/object:Gem::Version
109
117
  version: '0'
110
118
  type: :development
111
119
  prerelease: false
112
- version_requirements: *25117840
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - '>='
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
113
125
  description: Temporary users and groups, rlimits
114
126
  email: costan@gmail.com
115
127
  executables: []
@@ -150,29 +162,25 @@ files:
150
162
  homepage: http://github.com/pwnall/exec_sandbox
151
163
  licenses:
152
164
  - MIT
165
+ metadata: {}
153
166
  post_install_message:
154
167
  rdoc_options: []
155
168
  require_paths:
156
169
  - lib
157
170
  required_ruby_version: !ruby/object:Gem::Requirement
158
- none: false
159
171
  requirements:
160
- - - ! '>='
172
+ - - '>='
161
173
  - !ruby/object:Gem::Version
162
174
  version: '0'
163
- segments:
164
- - 0
165
- hash: -1493873678505410753
166
175
  required_rubygems_version: !ruby/object:Gem::Requirement
167
- none: false
168
176
  requirements:
169
- - - ! '>='
177
+ - - '>='
170
178
  - !ruby/object:Gem::Version
171
179
  version: '0'
172
180
  requirements: []
173
181
  rubyforge_project:
174
- rubygems_version: 1.8.15
182
+ rubygems_version: 2.1.11
175
183
  signing_key:
176
- specification_version: 3
184
+ specification_version: 4
177
185
  summary: Run foreign binaries using POSIX sandboxing features
178
186
  test_files: []