restricted

Restrict possible system operations and filesystem view of your program. Try to call it as soon as possible in your program. Actual restricted calls currently implemented for these operating systems:

• OpenBSD

Even if your operating system is not currently actually implemented, you can still call restricted to make transparent to your users which privileges your program needs and your users can test these promises with tools like pledge on Linux. Enjoy ;)

Usage and Examples

opam install restricted

• Main Interface
• Types Interface

• basic functionality example
• file reading and writing example
• tmp path example
• networking example

Contribute

Feel free to open issues and pull requests, especially tests are more than welcome.

Dependencies

• for build and installation: OCaml, Dune
• for development: OCaml, Dune, ppx_inline_test, ocamlformat, make, shellcheck, shfmt

inspired by

• https://codeberg.org/semarie/ocaml-openbsd
• https://www.openbsd.org/

Thanks.

LICENSE

This work is licensed only under the GNU Affero General Public License version 3 (AGPLv3). See the LICENSE file for details.