sandbox
core-api
cfunction
src/core/corelib.c on line 778, column 1
(sandbox & forbidden-capabilities)
Disable feature sets to prevent the interpreter from using certain
system resources. Once a feature is disabled, there is no way to
re-enable it. Capabilities can be:
* :all - disallow all (except IO to stdout, stderr, and stdin)
* :asm - disallow calling `asm` and `disasm` functions.
* :chroot - disallow calling `os/posix-chroot`
* :compile - disallow calling `compile`. This will disable a lot of
functionality, such as `eval`.
* :env - disallow reading and write env variables
* :ffi - disallow FFI (recommended if disabling anything else)
* :ffi-define - disallow loading new FFI modules and binding new
functions
* :ffi-jit - disallow calling `ffi/jitfn`
* :ffi-use - disallow using any previously bound FFI functions and
memory-unsafe functions.
* :fs - disallow access to the file system
* :fs-read - disallow read access to the file system
* :fs-temp - disallow creating temporary files
* :fs-write - disallow write access to the file system
* :hrtime - disallow high-resolution timers
* :modules - disallow load dynamic modules (natives)
* :net - disallow network access
* :net-connect - disallow making outbound network connections
* :net-listen - disallow accepting inbound network connections
* :sandbox - disallow calling this function
* :signal - disallow adding or removing signal handlers
* :subprocess - disallow running subprocesses
* :threads - disallow spawning threads with `ev/thread`. Certain
helper threads may still be spawned.
* :unmarshal - disallow calling the unmarshal function.