restricted-workers: Running worker processes under system resource restrictions

[ bsd3, concurrency, data, library, system ] [ Propose Tags ] [ Report a vulnerability ]

This library provides an abstract interface for running various kinds of workers under resource restrictions. It was originally developed as part of the interactive-diagrams (http://github.com/co-dan/interactive-diagrams) project. To read more about the idia behind the library check out my GSoC report: http://parenz.wordpress.com/2013/07/15/interactive-diagrams-gsoc-progress-report/.

The library provides a convenient way of running worker processes, saving data obtained by the workers at start-up, a simple pool abstraction and a configurable security and resource limitations. Please consult https://github.com/co-dan/interactive-diagrams/tree/master/restricted-workers/README.md and https://github.com/co-dan/interactive-diagrams/wiki/Restricted-Workers for more details.

Warning: this library requires SELinux to function


[Skip to Readme]

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

  • No Candidates
Versions [RSS] 0.1.0, 0.1.1
Dependencies async (>=2.0 && <2.1), base (>=4.5 && <4.8), bytestring (>=0.10 && <0.13), cereal (>=0.3 && <0.4), data-default (>=0.5), directory (>=1.2 && <1.3), either (>=3.4), filepath (>=1), monad-control (>=0.3 && <0.4), mtl (>=2.1 && <2.2), network (>=2.4 && <2.5), selinux, stm (>=2.4 && <2.5), text (>=0.10), transformers (>=0.3 && <0.4), transformers-base (>=0.4 && <0.5), unix (>=2.6 && <2.8) [details]
License BSD-3-Clause
Copyright (c) 2013
Author Dan Frumin
Maintainer difrumin@gmail.com
Category System, Concurrency, Data
Home page https://github.com/co-dan/interactive-diagrams/wiki/Restricted-Workers
Source repo head: git clone https://github.com/co-dan/interactive-diagrams
Uploaded by DaniilFrumin at 2013-08-26T18:24:01Z
Distributions
Reverse Dependencies 1 direct, 0 indirect [details]
Downloads 1891 total (9 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs uploaded by user
Build status unknown [no reports yet]

Readme for restricted-workers-0.1.1

[back to package description]

Restricted Workers Library

This library provides an abstract interface for running various kinds of workers under resource restrictions. It was originally developed as part of the interactive-diagrams (http://github.com/co-dan/interactive-diagrams) project. You can read more about security restrictions in the wiki: https://github.com/co-dan/interactive-diagrams/wiki/Restricted-Workers

The library provides a convenient way of running worker processes, saving data obtained by the workers at start-up, a simple pool abstraction and a configurable security and resource limitations.

Right now there are several kinds of security restrictions that could be applied to the worker process:

  • RLimits
  • chroot jail
  • custom process euid
  • cgroups
  • process niceness
  • SELinux security context

Documentation

The easiest way to get a grip of the restricted-workers library is to look at the examples below showing off the basic concepts of the library. Another good idea would be to read haddock documentations which feature comments for each exported function and type in the library. Do not hesitate to bug me if you think that the documentation in some places can be improved.

Examples

The following examples will walk you through creating basic kinds of workers (IOWorker), handling a pool of workers, communicating with workers using 'System.Restricted.Workers.Protocol' and creating your own types of workers.

Wiki page

https://github.com/co-dan/interactive-diagrams/wiki/Restricted-Workers

External configurations

Some restrictions require external configuration, below we provide some example files for them that we use in interactive-diagrams: