Module ketos::restrict
[−]
[src]
Configuration of runtime execution restrictions
The RestrictConfig instance within an execution context configures
the restrictions imposed on code execution. These restrictions may include
limiting execution time and memory consumption.
However, use of RestrictConfig is not necessarily sufficient to isolate
an execution environment from the host system. Other steps should be taken,
such as:
- Installing a
GlobalIoinstance that does not allow access to systemstdoutandstdinstreams. - Installing a
ModuleLoaderinstance that restricts access to the filesystem and whitelists a small set of "safe" builtin modules.
Example
use std::rc::Rc; use ketos::{Builder, GlobalIo, BuiltinModuleLoader, RestrictConfig}; let interp = Builder::new() .restrict(RestrictConfig::strict()) .io(Rc::new(GlobalIo::null())) .module_loader(Box::new(BuiltinModuleLoader)) .finish(); // ...
Structs
| RestrictConfig |
Contains parameters configuring restrictions of runtime code execution |
Enums
| RestrictError |
Represents an error caused by breach of runtime execution restrictions |
Constants
| PERMISSIVE_CALL_STACK_SIZE |
Maximum size of call stack, with permissive configuration. |
| PERMISSIVE_VALUE_STACK_SIZE |
Maximum size of value stack, in values, with permissive configuration. |
| STRICT_CALL_STACK_SIZE |
Maximum size of call stack, with strict configuration. |
| STRICT_VALUE_STACK_SIZE |
Maximum size of value stack, in values, with strict configuration. |