Introducing: restricted-workers library, version 0.1.0.
This library provides an abstract interface for running various kinds of workers under resource restrictions. It is being developed as part of the interactive-diagrams project and you can read more about the origins of the library in my GSoC report: http://parenz.wordpress.com/2013/07/15/interactive-diagrams-gsoc-progress-report/
The library provides a convenient way of running worker processes, saving data obtained by the workers at start-up, a simple pool abstraction and a configurable security and resource limitations.
Right now there are several kinds of security restrictions that could be applied to the worker process:
- chroot jail
- custom process euid
- process niceness
- SELinux security context
You can read more about the library on the wiki: https://github.com/co-dan/interactive-diagrams/wiki/Restricted-Workers
The library has been uploaded to hackage and you can install it using cabal-install.