pledge

  1. pledge
  2. Description
  3. Usage
    1. API
  4. Limitations
  5. License

Description

This extension provides bindings to OpenBSD's pledge(2) system call.

The source for this egg is available here.

Usage

A single procedure is provided, which has the same interface as the system call.

(use pledge)
(pledge "rpath")

API

[procedure] (pledge promises) => fixnum

Restricts the current process to the capabilities specified by promises, which should be a string.

On success, 0 is returned. On error, -1 is returned and errno should be consulted.

Refer to pledge(2) for more information.

Limitations

Path whitelisting is not available (since, at the time of writing, pledge(2)'s whitelisting feature is itself unavailable).

License

Copyright © 2016, Evan Hanson, 3-clause BSD license.