-
-
Notifications
You must be signed in to change notification settings - Fork 90
Sandboxing
Reini Urban edited this page Oct 21, 2013
·
1 revision
See INSTALL.md
for sandboxing.
With gmake SANDBOX=1
a static sandboxed bin/potion-s
is built, which
excludes all local filesystem and process accesses and includes all external
modules in this executable.
load
is disabled even for source files, so modules must include
all dependent libraries.
The -L
command-line switch is disabled.
Network access is enabled via Aio
. If you want to disable
networking also, remove lib/aio.c
from the SANDBOX SRC in Makefile
,
and Potion_Init_aio(P)
from core/internal.c