tests/testthat/test-rlimit_nproc.R
In jeroenooms/RAppArmor: Bindings to AppArmor and Security Related Linux Tools
context("nproc limit")
test_that("Fork bombs get mitgated and are properly cleaned up afterwards", {
forkbomb <- function(){
repeat{
parallel::mcparallel(forkbomb());
}
}
regular <- function(){
parallel::mcparallel(matrix(rnorm(1e4), 1e2));
return(parallel::mccollect()[[1]])
}
#force non-root
me <- ifelse(getuid() == 0, 1000, getuid());
#forkbomb, assuming no more than 300 current procs :-)
for(i in 1:5){
Sys.sleep(0.5)
expect_that(eval_safe(forkbomb(), rlimits = list(nproc = 300), uid=me), throws_error("unable to fork"))
Sys.sleep(0.5)
expect_that(eval_safe(regular(), rlimits = list(nproc = 300), uid=me), is_a("matrix"))
gc();
}
});
test_that("Raising the limit should not be possible for non-root users", {
#force non-root
me <- ifelse(getuid() == 0, 1000, getuid());
#run test with several numbers
for(mylim in c(400, 200, 300)){
output <- list(cur = mylim-1, max = mylim);
expect_that(eval_safe(rlimit_nproc(mylim+1), rlimits = list(nproc = mylim), uid=me), throws_error("permi"));
expect_that(eval_safe(rlimit_nproc(mylim-1), rlimits = list(nproc = mylim), uid=me), equals(output));
rm(output)
}
});
jeroenooms/RAppArmor documentation built on Jan. 12, 2024, 9:57 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
context("nproc limit")
test_that("Fork bombs get mitgated and are properly cleaned up afterwards", {
forkbomb <- function(){
repeat{
parallel::mcparallel(forkbomb());
}
}
regular <- function(){
parallel::mcparallel(matrix(rnorm(1e4), 1e2));
return(parallel::mccollect()[[1]])
}
#force non-root
me <- ifelse(getuid() == 0, 1000, getuid());
#forkbomb, assuming no more than 300 current procs :-)
for(i in 1:5){
Sys.sleep(0.5)
expect_that(eval_safe(forkbomb(), rlimits = list(nproc = 300), uid=me), throws_error("unable to fork"))
Sys.sleep(0.5)
expect_that(eval_safe(regular(), rlimits = list(nproc = 300), uid=me), is_a("matrix"))
gc();
}
});
test_that("Raising the limit should not be possible for non-root users", {
#force non-root
me <- ifelse(getuid() == 0, 1000, getuid());
#run test with several numbers
for(mylim in c(400, 200, 300)){
output <- list(cur = mylim-1, max = mylim);
expect_that(eval_safe(rlimit_nproc(mylim+1), rlimits = list(nproc = mylim), uid=me), throws_error("permi"));
expect_that(eval_safe(rlimit_nproc(mylim-1), rlimits = list(nproc = mylim), uid=me), equals(output));
rm(output)
}
});
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.