I need to learn more about users being able to limit the capabilities of my (graalvm native-image compiled) SCI app (yamlscript). Things like: • limiting disk read access to specific directories • disabling disk write entirely • disabling network access • disabling IPC entirely and likely much more. I know that's a bit broad but if anyone has relevant links to share links or advice to give about this, I'd appreciate it.
You can select and adapt the functions that go into Sci and control these side effects
Here is an example of selective reading (with slurp) https://github.com/alekcz/pcp#pcpslurp there is also one for spit