summaryrefslogtreecommitdiff
path: root/lib/supple/host.lua
diff options
context:
space:
mode:
Diffstat (limited to 'lib/supple/host.lua')
-rw-r--r--lib/supple/host.lua84
1 files changed, 83 insertions, 1 deletions
diff --git a/lib/supple/host.lua b/lib/supple/host.lua
index d782115..9f0e016 100644
--- a/lib/supple/host.lua
+++ b/lib/supple/host.lua
@@ -9,6 +9,17 @@
-- For licence terms, see COPYING
--
+--- Running the host-side of sandboxed code
+--
+-- When running code in Supple sandboxes, the starting point is this module.
+-- The host application should require supple and then begin from here...
+--
+-- local supple = require 'supple'
+-- print(supple.sandbox.run("return ...", "example code", "arg1", "arg2"))
+-- -- Expect: 'arg1 arg2' as output
+--
+
+
local luxio = require 'luxio'
local subprocess = require 'luxio.subprocess'
@@ -71,6 +82,21 @@ local function run_wrapper()
return proc, fds[2]
end
+--- Run some code in a Supple sandbox
+--
+-- Call this routine to run some code in a Supple sandbox. The code is
+-- compiled and run entirely within the sandbox process. Any kind of value
+-- can be passed to the code as an argument. Intrinsics are transferred
+-- immediately (numbers, booleans, nils, strings) but complex values (tables,
+-- userdata, and functions) are sent over as a proxy and actions on those
+-- values are proxied back to the host to be run. Users of Supple should be
+-- aware that those routines are therefore not sandboxed.
+--
+-- @tparam string codestr The code to run in the sandbox, as a string.
+-- @tparam string codename The name to give to the code running in the sandbox.
+-- @param[opt] ... Arguments to pass to the code running in the sandbox.
+-- @function run
+
local function run_sandbox(codestr, codename, ...)
-- Prepare and start a sandbox,
-- compiling the codestr and running it
@@ -78,7 +104,7 @@ local function run_sandbox(codestr, codename, ...)
local child, commsfd = run_wrapper()
counter = counter + 1
- objects.set_name(("host[%d,%%d]"):format(counter))
+ objects.set_name(("%s[%d,%%d]"):format(hostname,counter))
comms._set_fd(commsfd)
objects.set_proc_call(comms.call)
@@ -132,19 +158,75 @@ local function run_sandbox(codestr, codename, ...)
end
end
+---
+-- Load a string into the sandbox and return it as a wrappered function.
+--
+-- This loads the given string (with given name) into the sandbox interpreter
+-- and then wrappers the function and returns it to the caller. This can then
+-- be used to call code inside the sandbox. This is the entry point to load
+-- further code into the sandbox and should only be called during running
+-- sandboxed code (i.e. `supple.host.run` is running)
+--
+-- @tparam string codestr The code to be loaded in the sandboxed interpreter
+-- @tparam string codename The name to be given to the code when it is loaded
+-- @treturn function The wrappered function which can then be called or handed
+-- back to the sandbox as needed.
+-- @treturn table The function environment for the loaded sandboxed code.
+-- @function loadstring
+
local function sandboxed_loadstring(codestr, codename)
return comms.call("supple:loadstring", "__call", codestr, codename)
end
+---
+-- Set the name by which the host refers to itself in traces.
+--
+-- Calling this resets the host sandbox counter and sets the name of the host
+-- to the given new name. This mostly has an effect on object names and trace
+-- data which typically only appear if the user of Supple chooses to trace the
+-- activity of the sandbox, or if an error occurs.
+--
+-- @tparam string newname The new host name to set
+-- @function set_name
+
local function set_hostname(newname)
hostname = newname
counter = 0
end
+---
+-- Set a new limits table for use in a new sandbox instance.
+--
+-- When a sandbox is run (from `supple.host.run`) it has a number of soft
+-- limits sent to it to be honoured during the runtime of the sandbox.
+-- Normally the sandbox limits itself only by hard limits, but this call allows
+-- tighter soft limits to be set if so-desired.
+--
+-- The table provided takes the form:
+--
+-- { [count = maxopcodestorun], [memory = maxbytestouse] }
+--
+-- If you call this function then at least one, but optionally both of the
+-- count and memory table entries need to be present.
+--
+-- @tparam table newlimits The new soft-limits for any new sandboxes
+-- @function set_limits
+
local function set_limits(newlimits)
limits = newlimits
end
+---
+-- Set a new globals table to be used by new sandbox runs.
+--
+-- When a sandboxed function is run, it is run within a given globals table.
+-- The globals in question are provided by calling this function. Remember
+-- that the table will be passed *shallowly* and new globals created by the
+-- sandboxed code will not be copied back to the host.
+--
+-- @tparam table newglobals The set of globals to be passed to the sandbox
+-- @function set_globals
+
local function set_globals(newglobals)
globals = newglobals
end