Module Restricted

module Restricted: sig .. end

Main entry point to restrict your program

module SystemOperation: module type of Types.SystemOperation

module PathAccess: module type of Types.PathAccess

module PathPermission: module type of Types.PathPermission

val run : system_operations:Types.SystemOperation.t list ->
       ?exec_system_operations:Types.SystemOperation.t list ->
       ?accesses:Types.PathAccess.t list -> (unit -> unit) -> unit

run ~system_operations ?exec_system_operations ?accesses f executes f with the given restrictions where f is the program to run.

Raises Failure if system_operations:SystemOperation or exec_system_operations:SystemOperation has same value twice or if accesses:PathAccess.permissions has same value twice or if accesses:PathAccess.permissions is empty.

system_operations : allowed system calls

exec_system_operations : allowed system calls after exec

accesses : allowed filesystem view