Neil Harris wrote:
Linux provides the setrlimit() system call for this
purpose -- you could
either call it as a wrapper around lilypond, or hack it into a de-fanged
version of Lilypond.
If you're going to be running an auxiliary rendering process or
special-use server anyway, a few moments Googling finds the "softlimit"
program, provided as part of the daemontools package, which looks like
it is intended for providing the sort of limited sandboxing required here.
- Neil
We already have several ulimit.sh inside phase3/bin for that.
If LilyPond extension were using wfShellExec instead of exec, it would
be automatically limited by $wgMaxShellTime, $wgMaxShellMemory and
$wgMaxShellFileSize (unless on Windows).