Roxen Mailing List Mirror

roxen.lists.pike.general

Subject	Author	Date
Re: More questions: timed thread IPC & Sandboxing	Linda Messerschmidt <linda[dot]messerschmidt[at]gmail[dot]com>	25-01-2009
(I finally got a chance to sit down and work on this some more, uninterrupted.) On Wed, Jan 21, 2009 at 3:35 AM, Marcus Agehall (Roxen IS) @ Pike (-) importmöte för mailinglistan <<6341[at]lyskom.lysator.liu.se>> wrote: > When it comes to limiting the users, I think you will have to write > your own master that prevents them from accessing modules that can be > "dangerous". Thanks to you (and everyone else) for the replies. That's what I was afraid of. I'll poke around at the base master and see what I can find. If I just want to allow a short list of pre-approved modules, maybe it won't be too complicated to add, though it sounds like some people are already working on similar stuff that may well be done by the time it becomes a factor. On Wed, Jan 21, 2009 at 7:11 AM, Henrik Grubbström <<grubba[at]roxen.com>> wrote: > Pike doesn't utilize pthread_cond_timedwait() yet, but the following should > be a fair approximation as long as you have a live backend thread: > > key = mutex->lock(); > // ... > while (keep_trying) { > // ... > mixed co = call_out(cond->broadcast, timeout); > cond->wait(key); > timeout = remove_call_out(co); > if (zero_type(timeout)) { > // The timeout triggered. > } > // ... > } I think I see what's going on there, but I can't get it to work. (The callout never gets called.) Based on what you wrote, I'm guessing that means I don't have "a live backend thread." I do have a thread that looks like this: void run() { for(int i=0; i<100; i++) { write("Heartbeat.\n"); sleep(1); } } (Someday it'll do something more impressive.) Here's my timed waiter: string\|void read(int\|float i_timeout) { mixed key = m_mtx->lock(); if (!m_que.is_empty()) return m_que.read(); mixed co = call_out(m_cnd->broadcast, i_timeout); m_cnd->wait(key); i_timeout = remove_call_out(co); if (!m_que.is_empty()) return m_que.read(); } (It doesn't matter whether it woke up from the timeout or not, only whether there's data there when it wakes up.) I tried replacing the m_cnd->broadcast with a Hello World function and didn't get the output after 10 seconds, so I think I'm missing the "go" switch. :) > Providing a subset of the module namespace to the programs being compiled is > usually done by using a custom CompilationHandler object. > See > http://pike.ida.liu.se/generated/manual/modref/ex/predef_3A_3A/CompilationHandler.html > for details. I'll check that out. Thanks!! -LM

Subject

Author

Date

Re: More questions: timed thread IPC & Sandboxing

Linda Messerschmidt <linda[dot]messerschmidt[at]gmail[dot]com>

25-01-2009

(I finally got a chance to sit down and work on this some more, uninterrupted.)

On Wed, Jan 21, 2009 at 3:35 AM, Marcus Agehall (Roxen IS) @ Pike (-)
importmöte för mailinglistan <<6341[at]lyskom.lysator.liu.se>> wrote:
> When it comes to limiting the users, I think you will have to write
> your own master that prevents them from accessing modules that can be
> "dangerous".

Thanks to you (and everyone else) for the replies.  That's what I was
afraid of.  I'll poke around at the base master and see what I can
find.  If I just want to allow a short list of pre-approved modules,
maybe it won't be too complicated to add, though it sounds like some
people are already working on similar stuff that may well be done by
the time it becomes a factor.

On Wed, Jan 21, 2009 at 7:11 AM, Henrik Grubbström <<grubba[at]roxen.com>> wrote:
> Pike doesn't utilize pthread_cond_timedwait() yet, but the following should
> be a fair approximation as long as you have a live backend thread:
>
>  key = mutex->lock();
>  // ...
>  while (keep_trying) {
>    // ...
>    mixed co = call_out(cond->broadcast, timeout);
>    cond->wait(key);
>    timeout = remove_call_out(co);
>    if (zero_type(timeout)) {
>      // The timeout triggered.
>    }
>    // ...
>  }

I think I see what's going on there, but I can't get it to work.  (The
callout never gets called.)  Based on what you wrote, I'm guessing
that means I don't have "a live backend thread."

I do have a thread that looks like this:

void run() {
	for(int i=0; i<100; i++) {
		write("Heartbeat.\n");
		sleep(1);
	}
}

(Someday it'll do something more impressive.)

Here's my timed waiter:

string|void read(int|float i_timeout) {
	mixed key = m_mtx->lock();

	if (!m_que.is_empty())
		return m_que.read();

	mixed co = call_out(m_cnd->broadcast, i_timeout);
	m_cnd->wait(key);
	i_timeout = remove_call_out(co);

	if (!m_que.is_empty())
		return m_que.read();
}

(It doesn't matter whether it woke up from the timeout or not, only
whether there's data there when it wakes up.)

I tried replacing the m_cnd->broadcast with a Hello World function and
didn't get the output after 10 seconds, so I think I'm missing the
"go" switch. :)

> Providing a subset of the module namespace to the programs being compiled is
> usually done by using a custom CompilationHandler object.
> See
>
http://pike.ida.liu.se/generated/manual/modref/ex/predef_3A_3A/CompilationHandler.html
> for details.

I'll check that out.

Thanks!!

-LM

Roxen & Pike List Archives

roxen.lists.pike.general