[swift-dev] statically embedding the swift repl + sandboxing
alblue at apple.com
Wed Mar 1 11:16:36 CST 2017
> On 1 Mar 2017, at 16:54, Jason E. Aten via swift-dev <swift-dev at swift.org> wrote:
> I'm curious if the swift repl has hooks for embedding and sandboxing.
> I'd like to statically compile the swift repl, link it into other code, and then disable write access to the filesystem, for example.
> Could someone point me to the API functions or configuration settings that would let me sandbox or limit the reach of the repl?
Since Swift allows you to trivially call out to C, even if such functions were available in Swift it wouldn't be sufficient. Instead you should look at running Swift under a security policy like sandbox (on Darwin) or apparmor/selinux/grsecurity (on Linux).
More information about the swift-dev