sandbox

    cfunction
    src/core/corelib.c on line 769, column 1

    (sandbox & forbidden-capabilities)

    Disable feature sets to prevent the interpreter from using certain 
    system resources. Once a feature is disabled, there is no way to 
    re-enable it. Capabilities can be:

    $*$ :all $-$ disallow all (except IO to stdout, stderr, and stdin)
    $*$ :env $-$ disallow reading and write env variables
    $*$ :ffi $-$ disallow FFI (recommended if disabling anything else)
    $*$ :ffi-define $-$ disallow loading new FFI modules and binding new 
      functions
    $*$ :ffi-jit $-$ disallow calling `ffi/jitfn`
    $*$ :ffi-use $-$ disallow using any previously bound FFI functions and 
      memory-unsafe functions.
    $*$ :fs $-$ disallow access to the file system
    $*$ :fs-read $-$ disallow read access to the file system
    $*$ :fs-temp $-$ disallow creating temporary files
    $*$ :fs-write $-$ disallow write access to the file system
    $*$ :hrtime $-$ disallow high-resolution timers
    $*$ :modules $-$ disallow load dynamic modules (natives)
    $*$ :net $-$ disallow network access
    $*$ :net-connect $-$ disallow making outbound network connections
    $*$ :net-listen $-$ disallow accepting inbound network connections
    $*$ :sandbox $-$ disallow calling this function
    $*$ :signal $-$ disallow adding or removing signal handlers
    $*$ :subprocess $-$ disallow running subprocesses