exec_sandbox 0.2.3 → 0.2.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +8 -10
  3. data/Gemfile.lock +63 -30
  4. data/VERSION +1 -1
  5. data/exec_sandbox.gemspec +20 -22
  6. data/lib/exec_sandbox/sandbox.rb +1 -1
  7. data/lib/exec_sandbox/spawn.rb +35 -21
  8. data/lib/exec_sandbox/wait4.rb +6 -6
  9. data/spec/exec_sandbox/sandbox_spec.rb +43 -44
  10. data/spec/exec_sandbox/spawn_spec.rb +22 -22
  11. metadata +66 -58
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: a5ba917057f393e64b4b5543f35e9373beeb5bc0
4
+ data.tar.gz: ac8bd31a735584032a8801cb015a27affd5c0bdb
5
+ SHA512:
6
+ metadata.gz: 701e43695402f05185797c24998571bebd1ee687d707521a5071cea29f07e7a2fcb555e8fea2948121f2a8582d236443845d8839f1c0a09df823b7b21bdf0ac4
7
+ data.tar.gz: c8d0d3211d76cd99fcd7165ec984aee35eb5946b42e1030b0faa10eb3663fa07c78b4de88343f710f167264839e4980abedb6dda8c4a8cdc7dade2d88d8b8f78
data/Gemfile CHANGED
@@ -1,18 +1,16 @@
1
- source :rubygems
1
+ source 'https://rubygems.org'
2
+
2
3
  # Add dependencies required to use your gem here.
3
- # Example:
4
- # gem 'activesupport', '>= 2.3.5'
5
- gem 'ffi', '>= 1.0.11'
4
+ gem 'ffi', '>= 1.9.3'
6
5
 
7
6
  # Add dependencies to develop your gem here.
8
7
  # Include everything needed to run rake, tests, features, etc.
9
8
  group :development do
10
9
  gem 'rdoc', '>= 3.10'
11
- gem 'rspec', '>= 2.8.0'
12
- gem 'yard', '>= 0.7.5'
10
+ gem 'rspec', '>= 2.14.1'
11
+ gem 'yard', '>= 0.8.7.3'
13
12
  gem 'yard-rspec', '>= 0.1'
14
- gem 'bundler', '>= 1.0.21'
15
- gem 'jeweler', '>= 1.8.3'
16
- gem 'rcov', '>= 0', :platform => [:mri_18]
17
- gem 'simplecov', '>= 0', :platform => [:mri_19]
13
+ gem 'bundler', '>= 1.3.5'
14
+ gem 'jeweler', '>= 2.0.1'
15
+ gem 'simplecov', '>= 0', :platform => :mri
18
16
  end
data/Gemfile.lock CHANGED
@@ -1,33 +1,67 @@
1
1
  GEM
2
- remote: http://rubygems.org/
2
+ remote: https://rubygems.org/
3
3
  specs:
4
- diff-lcs (1.1.3)
5
- ffi (1.0.11)
6
- git (1.2.5)
7
- jeweler (1.8.3)
8
- bundler (~> 1.0)
4
+ addressable (2.3.5)
5
+ builder (3.2.2)
6
+ descendants_tracker (0.0.3)
7
+ diff-lcs (1.2.5)
8
+ docile (1.1.3)
9
+ faraday (0.9.0)
10
+ multipart-post (>= 1.2, < 3)
11
+ ffi (1.9.3)
12
+ git (1.2.6)
13
+ github_api (0.11.2)
14
+ addressable (~> 2.3)
15
+ descendants_tracker (~> 0.0.1)
16
+ faraday (~> 0.8, < 0.10)
17
+ hashie (>= 1.2)
18
+ multi_json (>= 1.7.5, < 2.0)
19
+ nokogiri (~> 1.6.0)
20
+ oauth2
21
+ hashie (2.0.5)
22
+ highline (1.6.20)
23
+ jeweler (2.0.1)
24
+ builder
25
+ bundler (>= 1.0)
9
26
  git (>= 1.2.5)
27
+ github_api
28
+ highline (>= 1.6.15)
29
+ nokogiri (>= 1.5.10)
10
30
  rake
11
31
  rdoc
12
- json (1.6.5)
13
- multi_json (1.0.4)
14
- rake (0.9.2.2)
15
- rcov (1.0.0)
16
- rdoc (3.12)
32
+ json (1.8.1)
33
+ jwt (0.1.11)
34
+ multi_json (>= 1.5)
35
+ mini_portile (0.5.2)
36
+ multi_json (1.8.4)
37
+ multi_xml (0.5.5)
38
+ multipart-post (2.0.0)
39
+ nokogiri (1.6.1)
40
+ mini_portile (~> 0.5.0)
41
+ oauth2 (0.9.3)
42
+ faraday (>= 0.8, < 0.10)
43
+ jwt (~> 0.1.8)
44
+ multi_json (~> 1.3)
45
+ multi_xml (~> 0.5)
46
+ rack (~> 1.2)
47
+ rack (1.5.2)
48
+ rake (10.1.1)
49
+ rdoc (4.1.1)
17
50
  json (~> 1.4)
18
- rspec (2.8.0)
19
- rspec-core (~> 2.8.0)
20
- rspec-expectations (~> 2.8.0)
21
- rspec-mocks (~> 2.8.0)
22
- rspec-core (2.8.0)
23
- rspec-expectations (2.8.0)
24
- diff-lcs (~> 1.1.2)
25
- rspec-mocks (2.8.0)
26
- simplecov (0.5.4)
27
- multi_json (~> 1.0.3)
28
- simplecov-html (~> 0.5.3)
29
- simplecov-html (0.5.3)
30
- yard (0.7.5)
51
+ rspec (2.14.1)
52
+ rspec-core (~> 2.14.0)
53
+ rspec-expectations (~> 2.14.0)
54
+ rspec-mocks (~> 2.14.0)
55
+ rspec-core (2.14.7)
56
+ rspec-expectations (2.14.5)
57
+ diff-lcs (>= 1.1.3, < 2.0)
58
+ rspec-mocks (2.14.5)
59
+ simplecov (0.8.2)
60
+ docile (~> 1.1.0)
61
+ multi_json
62
+ simplecov-html (~> 0.8.0)
63
+ simplecov-html (0.8.0)
64
+ yard (0.8.7.3)
31
65
  yard-rspec (0.1)
32
66
  yard
33
67
 
@@ -35,12 +69,11 @@ PLATFORMS
35
69
  ruby
36
70
 
37
71
  DEPENDENCIES
38
- bundler (>= 1.0.21)
39
- ffi (>= 1.0.11)
40
- jeweler (>= 1.8.3)
41
- rcov
72
+ bundler (>= 1.3.5)
73
+ ffi (>= 1.9.3)
74
+ jeweler (>= 2.0.1)
42
75
  rdoc (>= 3.10)
43
- rspec (>= 2.8.0)
76
+ rspec (>= 2.14.1)
44
77
  simplecov
45
- yard (>= 0.7.5)
78
+ yard (>= 0.8.7.3)
46
79
  yard-rspec (>= 0.1)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.3
1
+ 0.2.4
data/exec_sandbox.gemspec CHANGED
@@ -2,14 +2,15 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
+ # stub: exec_sandbox 0.2.4 ruby lib
5
6
 
6
7
  Gem::Specification.new do |s|
7
8
  s.name = "exec_sandbox"
8
- s.version = "0.2.3"
9
+ s.version = "0.2.4"
9
10
 
10
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
12
  s.authors = ["Victor Costan"]
12
- s.date = "2012-02-09"
13
+ s.date = "2014-02-05"
13
14
  s.description = "Temporary users and groups, rlimits"
14
15
  s.email = "costan@gmail.com"
15
16
  s.extra_rdoc_files = [
@@ -50,42 +51,39 @@ Gem::Specification.new do |s|
50
51
  s.homepage = "http://github.com/pwnall/exec_sandbox"
51
52
  s.licenses = ["MIT"]
52
53
  s.require_paths = ["lib"]
53
- s.rubygems_version = "1.8.15"
54
+ s.rubygems_version = "2.1.11"
54
55
  s.summary = "Run foreign binaries using POSIX sandboxing features"
55
56
 
56
57
  if s.respond_to? :specification_version then
57
- s.specification_version = 3
58
+ s.specification_version = 4
58
59
 
59
60
  if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
60
- s.add_runtime_dependency(%q<ffi>, [">= 1.0.11"])
61
+ s.add_runtime_dependency(%q<ffi>, [">= 1.9.3"])
61
62
  s.add_development_dependency(%q<rdoc>, [">= 3.10"])
62
- s.add_development_dependency(%q<rspec>, [">= 2.8.0"])
63
- s.add_development_dependency(%q<yard>, [">= 0.7.5"])
63
+ s.add_development_dependency(%q<rspec>, [">= 2.14.1"])
64
+ s.add_development_dependency(%q<yard>, [">= 0.8.7.3"])
64
65
  s.add_development_dependency(%q<yard-rspec>, [">= 0.1"])
65
- s.add_development_dependency(%q<bundler>, [">= 1.0.21"])
66
- s.add_development_dependency(%q<jeweler>, [">= 1.8.3"])
67
- s.add_development_dependency(%q<rcov>, [">= 0"])
66
+ s.add_development_dependency(%q<bundler>, [">= 1.3.5"])
67
+ s.add_development_dependency(%q<jeweler>, [">= 2.0.1"])
68
68
  s.add_development_dependency(%q<simplecov>, [">= 0"])
69
69
  else
70
- s.add_dependency(%q<ffi>, [">= 1.0.11"])
70
+ s.add_dependency(%q<ffi>, [">= 1.9.3"])
71
71
  s.add_dependency(%q<rdoc>, [">= 3.10"])
72
- s.add_dependency(%q<rspec>, [">= 2.8.0"])
73
- s.add_dependency(%q<yard>, [">= 0.7.5"])
72
+ s.add_dependency(%q<rspec>, [">= 2.14.1"])
73
+ s.add_dependency(%q<yard>, [">= 0.8.7.3"])
74
74
  s.add_dependency(%q<yard-rspec>, [">= 0.1"])
75
- s.add_dependency(%q<bundler>, [">= 1.0.21"])
76
- s.add_dependency(%q<jeweler>, [">= 1.8.3"])
77
- s.add_dependency(%q<rcov>, [">= 0"])
75
+ s.add_dependency(%q<bundler>, [">= 1.3.5"])
76
+ s.add_dependency(%q<jeweler>, [">= 2.0.1"])
78
77
  s.add_dependency(%q<simplecov>, [">= 0"])
79
78
  end
80
79
  else
81
- s.add_dependency(%q<ffi>, [">= 1.0.11"])
80
+ s.add_dependency(%q<ffi>, [">= 1.9.3"])
82
81
  s.add_dependency(%q<rdoc>, [">= 3.10"])
83
- s.add_dependency(%q<rspec>, [">= 2.8.0"])
84
- s.add_dependency(%q<yard>, [">= 0.7.5"])
82
+ s.add_dependency(%q<rspec>, [">= 2.14.1"])
83
+ s.add_dependency(%q<yard>, [">= 0.8.7.3"])
85
84
  s.add_dependency(%q<yard-rspec>, [">= 0.1"])
86
- s.add_dependency(%q<bundler>, [">= 1.0.21"])
87
- s.add_dependency(%q<jeweler>, [">= 1.8.3"])
88
- s.add_dependency(%q<rcov>, [">= 0"])
85
+ s.add_dependency(%q<bundler>, [">= 1.3.5"])
86
+ s.add_dependency(%q<jeweler>, [">= 2.0.1"])
89
87
  s.add_dependency(%q<simplecov>, [">= 0"])
90
88
  end
91
89
  end
data/lib/exec_sandbox/sandbox.rb CHANGED
@@ -26,7 +26,7 @@ class Sandbox
26
26
  @destroyed = false
27
27
 
28
28
  # principal argument for Spawn.spawn()
29
- @principal = { :uid => @user_uid, :gid => @user_gid, :dir => @path }
29
+ @principal = { uid: @user_uid, gid: @user_gid, dir: @path }
30
30
  end
31
31
 
32
32
  # Copies a file or directory to the sandbox.
data/lib/exec_sandbox/spawn.rb CHANGED
@@ -7,7 +7,7 @@ module Spawn
7
7
  #
8
8
  # @param [String, Array] command the command to be executed via exec
9
9
  # @param [Hash] io see limit_io
10
- # @param [Hash] principal the principal for the enw process
10
+ # @param [Hash] principal the principal for the new process
11
11
  # @param [Hash] resources see limit_resources
12
12
  # @return [Fixnum] the child's PID
13
13
  def self.spawn(command, io = {}, principal = {}, resources = {})
@@ -40,10 +40,10 @@ module Spawn
40
40
  redirects << [k, redirects.length, v]
41
41
  end
42
42
  end
43
-
43
+
44
44
  # Perform the redirections.
45
45
  redirects.sort!
46
- redirects.each do |fd_num, _, target|
46
+ redirects.each do |fd_num, _, target|
47
47
  if target.respond_to?(:fileno)
48
48
  # IO stream.
49
49
  if target.fileno != fd_num
@@ -60,26 +60,18 @@ module Spawn
60
60
  end
61
61
  end
62
62
  end
63
-
63
+
64
64
  # Close all file descriptors not in the redirection table.
65
65
  redirected_fds = Set.new redirects.map(&:first)
66
66
  max_fd = LibC.getdtablesize
67
67
  0.upto(max_fd) do |fd|
68
68
  next if redirected_fds.include?(fd)
69
-
70
- # TODO(pwnall): this is slow; consider detecting the Ruby version and
71
- # only running it on buggy MRIs
72
- begin
73
- # This fails if rb_reserved_fd_p returns 0.
74
- # In that case, we shouldn't close the FD, otherwise the VM will crash.
75
- IO.new(fd)
76
- rescue ArgumentError, Errno::EBADF
77
- next
78
- end
69
+
70
+ next if RubyVM.rb_reserved_fd_p(fd) != 0
79
71
  LibC.close fd
80
72
  end
81
73
  end
82
-
74
+
83
75
  # Sets the process' principal for access control.
84
76
  #
85
77
  # @param [Hash] principal information about the process' principal
@@ -88,7 +80,7 @@ module Spawn
88
80
  # @option principal [Fixnum] :gid the new group ID
89
81
  def self.set_principal(principal)
90
82
  Dir.chdir principal[:dir] if principal[:dir]
91
-
83
+
92
84
  if principal[:gid]
93
85
  begin
94
86
  Process::Sys.setresgid principal[:gid], principal[:gid], principal[:gid]
@@ -102,7 +94,7 @@ module Spawn
102
94
  principal[:gid] || Process.gid
103
95
  rescue NotImplementedError
104
96
  end
105
-
97
+
106
98
  begin
107
99
  Process::Sys.setresuid principal[:uid], principal[:uid], principal[:uid]
108
100
  rescue NotImplementedError
@@ -110,7 +102,7 @@ module Spawn
110
102
  end
111
103
  end
112
104
  end
113
-
105
+
114
106
  # Constrains the resource usage of the current process.
115
107
  #
116
108
  # @param [Hash{Symbol => Number}] limits the constraints to be applied
@@ -150,7 +142,7 @@ module Spawn
150
142
  _setrlimit Process::RLIMIT_RSS, limits[:data]
151
143
  end
152
144
  end
153
-
145
+
154
146
  # Wrapper for Process.setrlimit that eats exceptions.
155
147
  def self._setrlimit(limit, value)
156
148
  begin
@@ -159,7 +151,7 @@ module Spawn
159
151
  # The call failed, probably because the limit is already lower than this.
160
152
  end
161
153
  end
162
-
154
+
163
155
  # Maps raw I/O functions.
164
156
  module LibC
165
157
  extend FFI::Library
@@ -168,6 +160,28 @@ module Spawn
168
160
  attach_function :getdtablesize, [], :int
169
161
  attach_function :dup2, [:int, :int], :int
170
162
  end # module ExecSandbox::Spawn::Libc
163
+
164
+ # Maps an internal MRI function that we need.
165
+ module RubyVM
166
+ extend FFI::Library
167
+ ffi_lib RbConfig::CONFIG['LIBRUBY']
168
+ begin
169
+ attach_function :rb_reserved_fd_p, [:int], :int
170
+ rescue FFI::NotFoundError
171
+ # Emulation of internal MRI function.
172
+ #
173
+ # This is a fallback, used in case FFI can't find the MRI function.
174
+ def self.rb_reserved_fd_p(fd)
175
+ begin
176
+ # This fails if rb_reserved_fd_p returns a non-zero value.
177
+ IO.new fd
178
+ return 0
179
+ rescue ArgumentError, Errno::EBADF
180
+ return 1
181
+ end
182
+ end
183
+ end
184
+ end
171
185
  end # module ExecSandbox::Spawn
172
-
186
+
173
187
  end # namespace ExecSandbox
data/lib/exec_sandbox/wait4.rb CHANGED
@@ -13,15 +13,15 @@ module Wait4
13
13
  rusage = ExecSandbox::Wait4::Rusage.new
14
14
  returned_pid = LibC.wait4(pid, status_ptr, 0, rusage.pointer)
15
15
  raise SystemCallError, FFI.errno if returned_pid < 0
16
- status = { :bits => status_ptr.read_int }
16
+ status = { bits: status_ptr.read_int }
17
17
  status_ptr.free
18
-
18
+
19
19
  signal_code = status[:bits] & 0x7f
20
20
  status[:exit_code] = (signal_code != 0) ? -signal_code : status[:bits] >> 8
21
21
  status[:user_time] = rusage[:ru_utime_sec] +
22
22
  rusage[:ru_utime_usec] * 0.000_001
23
23
  status[:system_time] = rusage[:ru_stime_sec] +
24
- rusage[:ru_stime_usec] * 0.000_001
24
+ rusage[:ru_stime_usec] * 0.000_001
25
25
  status[:rss] = rusage[:ru_maxrss] / 1024.0
26
26
  return status
27
27
  end
@@ -31,9 +31,9 @@ module Wait4
31
31
  extend FFI::Library
32
32
  ffi_lib FFI::Library::LIBC
33
33
  attach_function :wait4, [:int, :pointer, :int, :pointer], :int,
34
- :blocking => true
34
+ blocking: true
35
35
  end # module ExecSandbox::Wait4::Libc
36
-
36
+
37
37
  # Maps struct rusage in sys/resource.h, used by wait4.
38
38
  class Rusage < FFI::Struct
39
39
  # Total amount of user time used.
@@ -81,5 +81,5 @@ module Wait4
81
81
  end # struct ExecSandbox::Wait4::Rusage
82
82
 
83
83
  end # module ExecSandbox::Wait4
84
-
84
+
85
85
  end # namespace ExecSandbox
data/spec/exec_sandbox/sandbox_spec.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
2
 
3
- describe ExecSandbox::Sandbox do
3
+ describe ExecSandbox::Sandbox do
4
4
  describe 'IO redirection' do
5
5
  before do
6
6
  @temp_in = Tempfile.new 'exec_sandbox_rspec'
@@ -17,55 +17,55 @@ describe ExecSandbox::Sandbox do
17
17
  describe 'duplicate.rb' do
18
18
  before do
19
19
  ExecSandbox.use do |s|
20
- @result = s.run bin_fixture(:duplicate), :in => @temp_in.path,
21
- :out => @temp_out.path
20
+ @result = s.run bin_fixture(:duplicate), in: @temp_in.path,
21
+ out: @temp_out.path
22
22
  end
23
23
  end
24
24
 
25
25
  it 'should not crash' do
26
26
  @result[:exit_code].should == 0
27
27
  end
28
-
28
+
29
29
  it 'should produce the correct result' do
30
- File.read(@temp_out.path).should == "I/O test\nI/O test\n"
30
+ File.read(@temp_out.path).should == "I/O test\nI/O test\n"
31
31
  end
32
32
  end
33
33
 
34
34
  describe 'count.rb' do
35
35
  before do
36
36
  ExecSandbox.use do |s|
37
- @result = s.run [bin_fixture(:count), '9'], :in => @temp_in.path,
38
- :out => @temp_out.path, :err => :out
37
+ @result = s.run [bin_fixture(:count), '9'], in: @temp_in.path,
38
+ out: @temp_out.path, err: :out
39
39
  end
40
40
  end
41
-
41
+
42
42
  it 'should not crash' do
43
43
  @result[:exit_code].should == 0
44
44
  end
45
-
45
+
46
46
  it 'should produce the correct result' do
47
47
  File.read(@temp_out.path).should == (1..9).map { |i| "#{i}\n" }.join('')
48
48
  end
49
49
  end
50
50
  end
51
-
51
+
52
52
  describe 'pipe redirection' do
53
53
  describe 'duplicate.rb' do
54
54
  before do
55
55
  ExecSandbox.use do |s|
56
- @result = s.run bin_fixture(:duplicate), :in_data => "Pipe test\n"
56
+ @result = s.run bin_fixture(:duplicate), in_data: "Pipe test\n"
57
57
  end
58
58
  end
59
-
59
+
60
60
  it 'should not crash' do
61
61
  @result[:exit_code].should == 0
62
62
  end
63
-
63
+
64
64
  it 'should produce the correct result' do
65
65
  @result[:out_data].should == "Pipe test\nPipe test\n"
66
66
  end
67
67
  end
68
-
68
+
69
69
  describe 'buffer.rb' do
70
70
  let(:buffer_size) { 1024 * 1024 }
71
71
  before do
@@ -73,34 +73,34 @@ describe ExecSandbox::Sandbox do
73
73
  @result = s.run [bin_fixture(:buffer), '', buffer_size.to_s]
74
74
  end
75
75
  end
76
-
76
+
77
77
  it 'should not crash' do
78
78
  @result[:exit_code].should == 0
79
79
  end
80
-
80
+
81
81
  it 'should produce the correct result' do
82
82
  @result[:out_data].should == "S" * buffer_size
83
83
  end
84
84
  end
85
-
85
+
86
86
  describe 'count.rb' do
87
87
  before do
88
88
  ExecSandbox.use do |s|
89
- @result = s.run [bin_fixture(:count), '9'], :err => :out
89
+ @result = s.run [bin_fixture(:count), '9'], err: :out
90
90
  end
91
91
  end
92
-
92
+
93
93
  it 'should not crash' do
94
94
  @result[:exit_code].should == 0
95
95
  end
96
-
96
+
97
97
  it 'should produce the correct result' do
98
98
  @result[:out_data].should == (1..9).map { |i| "#{i}\n" }.join('')
99
99
  end
100
100
  end
101
101
  end
102
-
103
-
102
+
103
+
104
104
  describe 'resource limitations' do
105
105
  describe 'churn.rb' do
106
106
  before do
@@ -110,7 +110,7 @@ describe ExecSandbox::Sandbox do
110
110
  after do
111
111
  @temp_out.unlink
112
112
  end
113
-
113
+
114
114
  describe 'without limitations' do
115
115
  before do
116
116
  ExecSandbox.use do |s|
@@ -118,44 +118,44 @@ describe ExecSandbox::Sandbox do
118
118
  s.pull 'stdout', @temp_out.path
119
119
  end
120
120
  end
121
-
121
+
122
122
  it 'should not crash' do
123
123
  @result[:exit_code].should == 0
124
124
  end
125
-
125
+
126
126
  it 'should run for at least 2 seconds' do
127
127
  (@result[:user_time] + @result[:system_time]).should > 2
128
128
  end
129
-
129
+
130
130
  it 'should output something' do
131
131
  File.stat(@temp_out.path).size.should > 0
132
132
  end
133
133
  end
134
-
134
+
135
135
  describe 'with CPU time limitation' do
136
136
  before do
137
137
  ExecSandbox.use do |s|
138
138
  @result = s.run [bin_fixture(:churn), 'stdout', 3.to_s],
139
- :limits => {:cpu => 1}
139
+ limits: {cpu: 1}
140
140
  s.pull 'stdout', @temp_out.path
141
141
  end
142
142
  end
143
-
143
+
144
144
  it 'should run for at least 0.5 seconds' do
145
145
  (@result[:user_time] + @result[:system_time]).should >= 0.5
146
146
  end
147
-
147
+
148
148
  it 'should run for less than 2 seconds' do
149
149
  (@result[:user_time] + @result[:system_time]).should < 2
150
150
  end
151
-
151
+
152
152
  it 'should not have a chance to output' do
153
153
  File.stat(@temp_out.path).size.should == 0
154
154
  end
155
155
  end
156
156
  end
157
157
  end
158
-
158
+
159
159
  describe '#push' do
160
160
  let(:test_user) { Etc.getlogin }
161
161
  let(:test_uid) { Etc.getpwnam(test_user).uid }
@@ -166,49 +166,48 @@ describe ExecSandbox::Sandbox do
166
166
  @sandbox = ExecSandbox.open test_user
167
167
  end
168
168
  after do
169
- @sandbox.close
169
+ @sandbox.close if @sandbox
170
170
  end
171
-
171
+
172
172
  describe 'a file' do
173
173
  before do
174
174
  @to = @sandbox.push __FILE__
175
175
  end
176
-
176
+
177
177
  it 'should copy straight to the sandbox directory' do
178
178
  File.dirname(@to).should == @sandbox.path
179
179
  end
180
-
180
+
181
181
  it 'should use the same file name' do
182
- File.basename(@to).should == 'sandbox_spec.rb'
182
+ File.basename(@to).should == 'sandbox_spec.rb'
183
183
  end
184
-
184
+
185
185
  it "should set the file's owner to the admin" do
186
186
  File.stat(@to).uid.should == test_uid
187
187
  end
188
-
188
+
189
189
  it "should not set the file's group to the admin" do
190
190
  File.stat(@to).gid.should_not == test_gid
191
191
  end
192
192
  end
193
193
  end
194
-
194
+
195
195
  describe '#cleanup' do
196
196
  describe 'in a system with an open sandbox' do
197
197
  before do
198
198
  @all_users = ExecSandbox::Users.named(/.*/).sort
199
-
199
+
200
200
  @sandbox = ExecSandbox.open
201
201
  @removed = ExecSandbox::Sandbox.cleanup
202
202
  end
203
-
203
+
204
204
  it 'should not remove the sandbox user' do
205
205
  ExecSandbox::Users.named(/.*/).sort.should == @all_users
206
206
  end
207
-
207
+
208
208
  it 'should return an array with the sandbox user' do
209
209
  @removed.should == [@sandbox.user_name]
210
210
  end
211
211
  end
212
-
213
212
  end
214
213
  end
data/spec/exec_sandbox/spawn_spec.rb CHANGED
@@ -49,8 +49,8 @@ describe ExecSandbox::Spawn do
49
49
  describe 'with paths' do
50
50
  before do
51
51
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
52
- {:in => @temp_in.path, :out => @temp_out.path,
53
- :err => @temp_out.path}
52
+ {in: @temp_in.path, out: @temp_out.path,
53
+ err: @temp_out.path}
54
54
  @status = ExecSandbox::Wait4.wait4 pid
55
55
  end
56
56
 
@@ -62,7 +62,7 @@ describe ExecSandbox::Spawn do
62
62
  File.open(@temp_in.path, 'r') do |in_io|
63
63
  File.open(@temp_out.path, 'w') do |out_io|
64
64
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
65
- {:in => in_io, :out => out_io, :err => STDERR}
65
+ {in: in_io, out: out_io, err: STDERR}
66
66
  @status = ExecSandbox::Wait4.wait4 pid
67
67
  end
68
68
  end
@@ -74,7 +74,7 @@ describe ExecSandbox::Spawn do
74
74
  describe 'without stdout' do
75
75
  before do
76
76
  pid = ExecSandbox::Spawn.spawn bin_fixture(:duplicate),
77
- {:in => @temp_in.path}
77
+ {in: @temp_in.path}
78
78
  @status = ExecSandbox::Wait4.wait4 pid
79
79
  end
80
80
 
@@ -103,7 +103,7 @@ describe ExecSandbox::Spawn do
103
103
  File.open(@temp_in.path, 'r') do |in_io|
104
104
  File.open(@temp_out.path, 'w') do |out_io|
105
105
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:count), '9'],
106
- {:in => in_io, :out => out_io, :err => STDOUT}
106
+ {in: in_io, out: out_io, err: STDOUT}
107
107
  @status = ExecSandbox::Wait4.wait4 pid
108
108
  end
109
109
  end
@@ -126,8 +126,8 @@ describe ExecSandbox::Spawn do
126
126
  describe 'with root credentials' do
127
127
  before do
128
128
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
129
- @temp_path, "Spawn uid test\n"], {:err => STDERR},
130
- {:uid => 0, :gid => 0}
129
+ @temp_path, "Spawn uid test\n"], {err: STDERR},
130
+ {uid: 0, gid: 0}
131
131
  @status = ExecSandbox::Wait4.wait4 pid
132
132
  @fstat = File.stat(@temp_path)
133
133
  end
@@ -152,8 +152,8 @@ describe ExecSandbox::Spawn do
152
152
  before do
153
153
  @temp.unlink
154
154
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
155
- @temp_path, "Spawn uid test\n"], {:err => STDERR},
156
- {:uid => test_uid, :gid => test_gid}
155
+ @temp_path, "Spawn uid test\n"], {err: STDERR},
156
+ {uid: test_uid, gid: test_gid}
157
157
  @status = ExecSandbox::Wait4.wait4 pid
158
158
  end
159
159
 
@@ -178,7 +178,7 @@ describe ExecSandbox::Spawn do
178
178
  File.chmod 0700, @temp_path
179
179
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg),
180
180
  @temp_path, "Spawn uid test\n"], {},
181
- {:uid => test_uid, :gid => test_gid}
181
+ {uid: test_uid, gid: test_gid}
182
182
  @status = ExecSandbox::Wait4.wait4 pid
183
183
  end
184
184
 
@@ -196,7 +196,7 @@ describe ExecSandbox::Spawn do
196
196
  File.chmod 070, @temp_path
197
197
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:write_arg), @temp_path,
198
198
  "Spawn uid test\n"], {},
199
- {:uid => test_uid, :gid => test_gid}
199
+ {uid: test_uid, gid: test_gid}
200
200
  @status = ExecSandbox::Wait4.wait4 pid
201
201
  end
202
202
 
@@ -213,7 +213,7 @@ describe ExecSandbox::Spawn do
213
213
  before do
214
214
  @temp_dir = Dir.mktmpdir 'exec_sandbox_rspec'
215
215
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:pwd), @temp_path],
216
- {}, {:dir => @temp_dir}
216
+ {}, {dir: @temp_dir}
217
217
  @status = ExecSandbox::Wait4.wait4 pid
218
218
  end
219
219
  after do
@@ -244,7 +244,7 @@ describe ExecSandbox::Spawn do
244
244
  describe 'without limitations' do
245
245
  before do
246
246
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
247
- (512 * 1024 * 1024).to_s], {:err => STDERR}, {}, {}
247
+ (512 * 1024 * 1024).to_s], {err: STDERR}, {}, {}
248
248
  @status = ExecSandbox::Wait4.wait4 pid
249
249
  end
250
250
 
@@ -260,7 +260,7 @@ describe ExecSandbox::Spawn do
260
260
  describe 'with 256mb memory limitation' do
261
261
  before do
262
262
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
263
- (512 * 1024 * 1024).to_s], {}, {}, {:data => 256 * 1024 * 1024}
263
+ (512 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
264
264
  @status = ExecSandbox::Wait4.wait4 pid
265
265
  end
266
266
 
@@ -277,7 +277,7 @@ describe ExecSandbox::Spawn do
277
277
  before do
278
278
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
279
279
  (512 * 1024 * 1024).to_s], {}, {},
280
- {:file_size => 64 * 1024 * 1024}
280
+ {file_size: 64 * 1024 * 1024}
281
281
  @status = ExecSandbox::Wait4.wait4 pid
282
282
  end
283
283
 
@@ -305,7 +305,7 @@ describe ExecSandbox::Spawn do
305
305
  describe 'without limitations' do
306
306
  before do
307
307
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
308
- (128 * 1024 * 1024).to_s], {:err => STDERR}, {}, {}
308
+ (128 * 1024 * 1024).to_s], {err: STDERR}, {}, {}
309
309
  @status = ExecSandbox::Wait4.wait4 pid
310
310
  end
311
311
 
@@ -315,7 +315,7 @@ describe ExecSandbox::Spawn do
315
315
  describe 'with 256mb memory limitation' do
316
316
  before do
317
317
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
318
- (128 * 1024 * 1024).to_s], {}, {}, {:data => 256 * 1024 * 1024}
318
+ (128 * 1024 * 1024).to_s], {}, {}, {data: 256 * 1024 * 1024}
319
319
  @status = ExecSandbox::Wait4.wait4 pid
320
320
  end
321
321
 
@@ -326,7 +326,7 @@ describe ExecSandbox::Spawn do
326
326
  before do
327
327
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:buffer), @temp_path,
328
328
  (128 * 1024 * 1024).to_s], {}, {},
329
- {:file_size => 256 * 1024 * 1024}
329
+ {file_size: 256 * 1024 * 1024}
330
330
  @status = ExecSandbox::Wait4.wait4 pid
331
331
  end
332
332
 
@@ -339,7 +339,7 @@ describe ExecSandbox::Spawn do
339
339
  describe 'without limitations' do
340
340
  before do
341
341
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
342
- 10.to_s], {:err => STDERR}, {}, {}
342
+ 10.to_s], {err: STDERR}, {}, {}
343
343
  @status = ExecSandbox::Wait4.wait4 pid
344
344
  end
345
345
 
@@ -355,7 +355,7 @@ describe ExecSandbox::Spawn do
355
355
  describe 'with sub-process limitation' do
356
356
  before do
357
357
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:fork), @temp_path,
358
- 10.to_s], {}, {}, {:processes => 4}
358
+ 10.to_s], {}, {}, {processes: 4}
359
359
  @status = ExecSandbox::Wait4.wait4 pid
360
360
  end
361
361
 
@@ -373,7 +373,7 @@ describe ExecSandbox::Spawn do
373
373
  describe 'without limitations' do
374
374
  before do
375
375
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
376
- 3.to_s], {:err => STDERR}, {}, {}
376
+ 3.to_s], {err: STDERR}, {}, {}
377
377
  @status = ExecSandbox::Wait4.wait4 pid
378
378
  end
379
379
 
@@ -393,7 +393,7 @@ describe ExecSandbox::Spawn do
393
393
  describe 'with CPU time limitation' do
394
394
  before do
395
395
  pid = ExecSandbox::Spawn.spawn [bin_fixture(:churn), @temp_path,
396
- 10.to_s], {}, {}, {:cpu => 1}
396
+ 10.to_s], {}, {}, {cpu: 1}
397
397
  @status = ExecSandbox::Wait4.wait4 pid
398
398
  end
399
399
 
metadata CHANGED
@@ -1,115 +1,127 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: exec_sandbox
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
5
- prerelease:
4
+ version: 0.2.4
6
5
  platform: ruby
7
6
  authors:
8
7
  - Victor Costan
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-02-09 00:00:00.000000000Z
11
+ date: 2014-02-05 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: ffi
16
- requirement: &25139320 !ruby/object:Gem::Requirement
17
- none: false
15
+ requirement: !ruby/object:Gem::Requirement
18
16
  requirements:
19
- - - ! '>='
17
+ - - '>='
20
18
  - !ruby/object:Gem::Version
21
- version: 1.0.11
19
+ version: 1.9.3
22
20
  type: :runtime
23
21
  prerelease: false
24
- version_requirements: *25139320
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '>='
25
+ - !ruby/object:Gem::Version
26
+ version: 1.9.3
25
27
  - !ruby/object:Gem::Dependency
26
28
  name: rdoc
27
- requirement: &25138680 !ruby/object:Gem::Requirement
28
- none: false
29
+ requirement: !ruby/object:Gem::Requirement
29
30
  requirements:
30
- - - ! '>='
31
+ - - '>='
31
32
  - !ruby/object:Gem::Version
32
33
  version: '3.10'
33
34
  type: :development
34
35
  prerelease: false
35
- version_requirements: *25138680
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '3.10'
36
41
  - !ruby/object:Gem::Dependency
37
42
  name: rspec
38
- requirement: &25138060 !ruby/object:Gem::Requirement
39
- none: false
43
+ requirement: !ruby/object:Gem::Requirement
40
44
  requirements:
41
- - - ! '>='
45
+ - - '>='
42
46
  - !ruby/object:Gem::Version
43
- version: 2.8.0
47
+ version: 2.14.1
44
48
  type: :development
45
49
  prerelease: false
46
- version_requirements: *25138060
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '>='
53
+ - !ruby/object:Gem::Version
54
+ version: 2.14.1
47
55
  - !ruby/object:Gem::Dependency
48
56
  name: yard
49
- requirement: &25137500 !ruby/object:Gem::Requirement
50
- none: false
57
+ requirement: !ruby/object:Gem::Requirement
51
58
  requirements:
52
- - - ! '>='
59
+ - - '>='
53
60
  - !ruby/object:Gem::Version
54
- version: 0.7.5
61
+ version: 0.8.7.3
55
62
  type: :development
56
63
  prerelease: false
57
- version_requirements: *25137500
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '>='
67
+ - !ruby/object:Gem::Version
68
+ version: 0.8.7.3
58
69
  - !ruby/object:Gem::Dependency
59
70
  name: yard-rspec
60
- requirement: &25136740 !ruby/object:Gem::Requirement
61
- none: false
71
+ requirement: !ruby/object:Gem::Requirement
62
72
  requirements:
63
- - - ! '>='
73
+ - - '>='
64
74
  - !ruby/object:Gem::Version
65
75
  version: '0.1'
66
76
  type: :development
67
77
  prerelease: false
68
- version_requirements: *25136740
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0.1'
69
83
  - !ruby/object:Gem::Dependency
70
84
  name: bundler
71
- requirement: &25135940 !ruby/object:Gem::Requirement
72
- none: false
85
+ requirement: !ruby/object:Gem::Requirement
73
86
  requirements:
74
- - - ! '>='
87
+ - - '>='
75
88
  - !ruby/object:Gem::Version
76
- version: 1.0.21
89
+ version: 1.3.5
77
90
  type: :development
78
91
  prerelease: false
79
- version_requirements: *25135940
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '>='
95
+ - !ruby/object:Gem::Version
96
+ version: 1.3.5
80
97
  - !ruby/object:Gem::Dependency
81
98
  name: jeweler
82
- requirement: &25119740 !ruby/object:Gem::Requirement
83
- none: false
99
+ requirement: !ruby/object:Gem::Requirement
84
100
  requirements:
85
- - - ! '>='
101
+ - - '>='
86
102
  - !ruby/object:Gem::Version
87
- version: 1.8.3
103
+ version: 2.0.1
88
104
  type: :development
89
105
  prerelease: false
90
- version_requirements: *25119740
91
- - !ruby/object:Gem::Dependency
92
- name: rcov
93
- requirement: &25119080 !ruby/object:Gem::Requirement
94
- none: false
106
+ version_requirements: !ruby/object:Gem::Requirement
95
107
  requirements:
96
- - - ! '>='
108
+ - - '>='
97
109
  - !ruby/object:Gem::Version
98
- version: '0'
99
- type: :development
100
- prerelease: false
101
- version_requirements: *25119080
110
+ version: 2.0.1
102
111
  - !ruby/object:Gem::Dependency
103
112
  name: simplecov
104
- requirement: &25117840 !ruby/object:Gem::Requirement
105
- none: false
113
+ requirement: !ruby/object:Gem::Requirement
106
114
  requirements:
107
- - - ! '>='
115
+ - - '>='
108
116
  - !ruby/object:Gem::Version
109
117
  version: '0'
110
118
  type: :development
111
119
  prerelease: false
112
- version_requirements: *25117840
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - '>='
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
113
125
  description: Temporary users and groups, rlimits
114
126
  email: costan@gmail.com
115
127
  executables: []
@@ -150,29 +162,25 @@ files:
150
162
  homepage: http://github.com/pwnall/exec_sandbox
151
163
  licenses:
152
164
  - MIT
165
+ metadata: {}
153
166
  post_install_message:
154
167
  rdoc_options: []
155
168
  require_paths:
156
169
  - lib
157
170
  required_ruby_version: !ruby/object:Gem::Requirement
158
- none: false
159
171
  requirements:
160
- - - ! '>='
172
+ - - '>='
161
173
  - !ruby/object:Gem::Version
162
174
  version: '0'
163
- segments:
164
- - 0
165
- hash: -1493873678505410753
166
175
  required_rubygems_version: !ruby/object:Gem::Requirement
167
- none: false
168
176
  requirements:
169
- - - ! '>='
177
+ - - '>='
170
178
  - !ruby/object:Gem::Version
171
179
  version: '0'
172
180
  requirements: []
173
181
  rubyforge_project:
174
- rubygems_version: 1.8.15
182
+ rubygems_version: 2.1.11
175
183
  signing_key:
176
- specification_version: 3
184
+ specification_version: 4
177
185
  summary: Run foreign binaries using POSIX sandboxing features
178
186
  test_files: []