Hi,
Attached is a module that can evaluate an expression within a sandbox.
If the evaluation takes too long or allocates too much, it will be
cancelled. The evaluation will take place with respect to a module with
a "safe" set of imports. Those imports include most of the bindings
available in a
Hello!
Andy Wingo skribis:
> Any thoughts? I would like something like this for a web service that
> has to evaluate untrusted code.
Would be nice!
> (define (call-with-allocation-limit limit thunk limit-reached)
> "Call @var{thunk}, but cancel it if @var{limit} bytes have been
> allocated.
Hi!
Following on thoughts from earlier this month that Guix is the guildhall
that we always wanted, I think I have more of a plan.
s/guildhall/potluck/
Firstly, a name change: the guidhall was a somewhat unified, curated
thing that was Guile-specific, whereas I think I thin
On Fri 31 Mar 2017 13:33, l...@gnu.org (Ludovic Courtès) writes:
> Andy Wingo skribis:
>
> The allocations that trigger ‘after-gc-hook’ could be caused by a
> separate thread, right? That’s probably an acceptable limitation, but
> one to be aware of.
Ah yes, we should document this. Sadly we j
Andy Wingo skribis:
> On Fri 31 Mar 2017 13:33, l...@gnu.org (Ludovic Courtès) writes:
[...]
>>> ;; These can only form part of a safe binding set if no mutable
>>> ;; pair is exposed to the sandbox.
>>> (define *mutating-pair-bindings*
>>> '(((guile)
>>> set-car!
>>> set-cdr!)))
>>
