module Restricted:sig..end
Main entry point to restrict your program
module SystemOperation: module type of Types.SystemOperation
module PathAccess: module type of Types.PathAccess
module PathPermission: module type of Types.PathPermission
val run : system_operations:Types.SystemOperation.t list ->
accesses:Types.PathAccess.t list -> (unit -> unit) -> unitrun ~system_operations ~accesses f executes f with the given restrictions where f is the program to run.
Failure if system_operations:SystemOperation has same value twice or if accesses:PathAccess.permissions has same value twice or if accesses:PathAccess.permissions is empty.system_operations : allowed system callsaccesses : allowed filesystem view