[ANN] Openbsd 1.0

semarie · October 12, 2024, 7:12am

I would like to announce a new (somehow niche) package Openbsd, which provides bindings for some specifics OpenBSD syscalls pledge(2) and unveil(2).

These syscalls lets the kernel OS to know what the running processus is expected to do, and so it is possible to restrict a processus to do only filesystem or only network or only pure computation…

The package is designed to be installable on any platform and provides simple method to check if Pledge or Unveil are supported. This way, it is possible to easily write portable code using the package, as it could be a turned on “no-operation” on Windows or Linux hosts (or provides alternative code path for sandboxing).

Homepage : https://codeberg.org/semarie/ocaml-openbsd/
License : ISC
Documented Interface : lib/openbsd.mli

Examples

let open Openbsd in
if Pledge.supported then
  Pledge.promises "stdio rpath"

let open Openbsd in
if Unveil.supported then (
  Unveil.add "./lib" "r";
  Unveil.add "./logs" "rwc";
  Unveil.lock ())

Topic		Replies	Views
Ocamlopt & security wx-flag Ecosystem	4	683	November 29, 2021
OCaml CI and Opam Repo CI support for FreeBSD Ecosystem build , freebsd	12	859	January 7, 2024
Tooling/linker issue in FreeBSD Learning build , unix , cross-compilation , compilation	4	673	November 18, 2021
Porting to FreeBSD Ecosystem	5	550	April 11, 2020
[ANN] First release of bwrap Community announce	3	1318	November 6, 2018

[ANN] Openbsd 1.0

Examples

Related topics