statically embedding the swift repl + sandboxing


(Jason E. Aten) #1

I'm curious if the swift repl has hooks for embedding and sandboxing.

I'd like to statically compile the swift repl, link it into other code, and
then disable write access to the filesystem, for example.

Could someone point me to the API functions or configuration settings that
would let me sandbox or limit the reach of the repl?

Thank you.

Jason


(Alex Blewitt) #2

Since Swift allows you to trivially call out to C, even if such functions were available in Swift it wouldn't be sufficient. Instead you should look at running Swift under a security policy like sandbox (on Darwin) or apparmor/selinux/grsecurity (on Linux).

Alex

ยทยทยท

On 1 Mar 2017, at 16:54, Jason E. Aten via swift-dev <swift-dev@swift.org> wrote:

I'm curious if the swift repl has hooks for embedding and sandboxing.

I'd like to statically compile the swift repl, link it into other code, and then disable write access to the filesystem, for example.

Could someone point me to the API functions or configuration settings that would let me sandbox or limit the reach of the repl?