nanos-pledge

1.1.0 • Public • Published

nanos-pledge

OpenBSD-style pledge syscall to restrict system operations on a Nanos unikernel

Usage

System operations in a running process can be restricted by calling the pledge function exported by this module, with the first argument (promises) set to a string containing a set of space-separated keywords, where each keyword identifies a functionality that the process needs to use; the second argument (execpromises) is unused (because it's not applicable to a single-process environment such as a unikernel) and is typically set to null. The pledge function returns 0 on success, and a negative error number on failure. Error codes are available as module attributes:

  • errPerm: the process is attempting to increase permissions, i.e. the promises string contains keywords that were not present in a previous call to the pledge function
  • errInval: promises is malformed or contains invalid keywords

Example:

pledge = require('nanos-pledge');
pledge.pledge("stdio rpath inet", null);

For more information, see the relevant OpenBSD man page.

Readme

Keywords

Package Sidebar

Install

npm i nanos-pledge

Weekly Downloads

1

Version

1.1.0

License

MIT

Unpacked Size

1.96 kB

Total Files

3

Last publish

Collaborators

  • francescolavra