Neil Harris wrote:
Linux provides the setrlimit() system call for this purpose -- you could either call it as a wrapper around lilypond, or hack it into a de-fanged version of Lilypond.
If you're going to be running an auxiliary rendering process or special-use server anyway, a few moments Googling finds the "softlimit" program, provided as part of the daemontools package, which looks like it is intended for providing the sort of limited sandboxing required here.
- Neil
We already have several ulimit.sh inside phase3/bin for that. If LilyPond extension were using wfShellExec instead of exec, it would be automatically limited by $wgMaxShellTime, $wgMaxShellMemory and $wgMaxShellFileSize (unless on Windows).