Sandboxing by disallowing file/network access?

[Boscop]

Is it possible to disallow file/network access for sandboxing purposes? :)

The only way to interface with the outside world should be through the FFI that the host provides.

(Related to my use case #936)

---

Bonus question:
How can I capture stdout/stderr output so that I can send it over the network?
(E.g. as two std channels that receive each line as it gets printed, or (if that's not possible) two Strings that contain the accumulated output at the end.)

[Marwes]

Is it possible to disallow file/network access for sandboxing purposes? :)

See #921 (disabling IO should disable any side effects, though there may be bugs of course)

If you want to provide a specific list of IO functions that are allowed, that is not directly possible. It ought to be possible to encode in the effect system, but that hasn't been exposed outside of the standard library (would need more work).

How can I capture stdout/stderr output so that I can send it over the network?

I'd define external stderr/stdout write functions and provide them to the environment and handle the capturing myself in those. The standard library does not provide any sort of capture.