If you read through the examples, it's even better. The default case when you ca... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ghshephard on July 19, 2015 \| parent \| context \| favorite \| on: A subsystem to restrict programs into a “reduced f... If you read through the examples, it's even better. The default case when you call tame() is that you don't get any privileges, so you explicitly have to call and declare to the operating system, "I need to be able to do <x> - don't let me do anything else."

bch on July 19, 2015 [–]

This sounds like Tcl's "safe interpreter" [1], but for syscalls.

[1] http://www.tcl.tk/man/tcl8.4/TclCmd/safe.htm

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact