Permalink
Browse files

sandbox: add instructions in INSTALL.md

  • Loading branch information...
1 parent 79debe2 commit a496030f33003825f0c22a17f4e2b605342cde8e @rurban rurban committed Oct 20, 2013
Showing with 14 additions and 3 deletions.
  1. +14 −3 INSTALL.md
View
@@ -32,11 +32,11 @@ clang produces better code than gcc, but is harder to debug.
## ~ external dependencies ~
build-time: gnu make, perl, sed, gcc or clang, echo, cat, expr, git
- (perl is only needed because of BSD/darwin sed problems)
+ perl is only needed because of BSD/darwin sed problems
run-time:
- libuv, sregex, libtommath are included, but external packagers
- should choose to use existing packages. see dist.mak
+ libuv (later: pcre, libtomath) is included, but external
+ packagers should choose to use existing packages. see dist.mak
optional:
@@ -67,6 +67,17 @@ clang produces better code than gcc, but is harder to debug.
apt-get install global, or
port install global
+## ~ sandboxing ~
+
+With `gmake SANDBOX=1` a static sandboxed `bin/potion-s` is built, which
+excludes all local filesystem and process accesses and includes all external
+modules in one executable. `load` is also disabled, so modules must include
+all dependent libraries.
+
+Network access is enabled via Aio. If you want to disable
+networking also, remove `lib/aio.c` from the SANDBOX SRC in `Makefile`,
+and `Potion_Init_aio(P)` from `core/internal.c`
+
## ~ installing ~
$ sudo make install

0 comments on commit a496030

Please sign in to comment.