Module ketos::restrict
[−]
[src]
Configuration of runtime execution restrictions
The RestrictConfig
instance within an execution context configures
the restrictions imposed on code execution. These restrictions may include
limiting execution time and memory consumption.
However, use of RestrictConfig
is not necessarily sufficient to isolate
an execution environment from the host system. Other steps should be taken,
such as:
- Installing a
GlobalIo
instance that does not allow access to systemstdout
andstdin
streams. - Installing a
ModuleLoader
instance that restricts access to the filesystem and whitelists a small set of "safe" builtin modules.
Example
use std::rc::Rc; use ketos::{Builder, GlobalIo, BuiltinModuleLoader, RestrictConfig}; let interp = Builder::new() .restrict(RestrictConfig::strict()) .io(Rc::new(GlobalIo::null())) .module_loader(Box::new(BuiltinModuleLoader)) .finish(); // ...
Structs
RestrictConfig |
Contains parameters configuring restrictions of runtime code execution |
Enums
RestrictError |
Represents an error caused by breach of runtime execution restrictions |
Constants
PERMISSIVE_CALL_STACK_SIZE |
Maximum size of call stack, with permissive configuration. |
PERMISSIVE_VALUE_STACK_SIZE |
Maximum size of value stack, in values, with permissive configuration. |
STRICT_CALL_STACK_SIZE |
Maximum size of call stack, with strict configuration. |
STRICT_VALUE_STACK_SIZE |
Maximum size of value stack, in values, with strict configuration. |