module Restricted:sig..end
Main entry point to restrict your program
module SystemOperation: module type of Types.SystemOperation
module PathAccess: module type of Types.PathAccess
module PathPermission: module type of Types.PathPermission
val run : system_operations:Types.SystemOperation.t list ->
?exec_system_operations:Types.SystemOperation.t list ->
?accesses:Types.PathAccess.t list -> (unit -> unit) -> unitrun ~system_operations ?exec_system_operations ?accesses f executes f with the given restrictions where f is the program to run.
Failure if system_operations:SystemOperation or exec_system_operations:SystemOperation has same value twice or if accesses:PathAccess.permissions has same value twice or if accesses:PathAccess.permissions is empty.system_operations : allowed system callsexec_system_operations : allowed system calls after execaccesses : allowed filesystem view