This extension provides bindings to OpenBSD's pledge(2) system call.
The source for this egg is available here.
A single procedure is provided, which has the same interface as the system call.
(use pledge) (pledge "rpath")
- pledge promisesprocedure
Restricts the current process to the capabilities specified by promises, which should be a string.
On success, 0 is returned. On error, -1 is returned and errno should be consulted.
Refer to pledge(2) for more information.
Path whitelisting is not available (since, at the time of writing, pledge(2)'s whitelisting feature is itself unavailable).
Copyright © 2016, Evan Hanson, 3-clause BSD license.