* Check `sandbox-path-permissions' for bad values such as
'(<perm> <path1> <path2>) where <path2> would get silently ignored.
* Try to clarify the intent of `call-in-sandbox-context' as a meta tool
rather than a safe execution tool.
Previously, sandbox creation used `gui?', which is the result of
`gui-available?' at the time that `racket/sandbox' is instanited.
This change makes sandbox behavior less sensitive tothe order in
which modules `require'd into a program are intiantiated.
The change depends on a new `sandbox-make-namespace' default
function for `sandbox-namespace-specs'. The new function uses
either `make-base-namespace' or `make-gui-namespace', depending
on whether the GUI library is available at that point.
A new `sandbox-gui-enabled' parameter can disable use of the
GUI library even if it is available.
The `gui?' binding is still exported for backward compatibility,
but it shouldn't be used anymore.
The two became tangled in commit f7c16fc8, and then 952ae06105
adjusted the tangling in a way that broke code. This commit
further adjusts tangling in a way that hopefully causes fewer
compatibility problems, but it also splits inputs to
`make-evaluator' so that a programmer can choose more explicitly.
It now creates an inspector based on the original code inspector instead
of the (implicit) wrong default used by `make-inspector'. Change
`sandbox-make-inspector' too, to make it explicit.
* When `accept-lang?' is #t turn the reader flag on, but otherwise don't
change it
* turn on the `read-accept-reader' flag which is needed after all
* two refactoring typos
* some more reformatting
punctuations outside of the form, as it does with quote punctuations.
So things like this
#, @foo{...}
that required the space to make the @foo read as a scribble form are
now better written as
@#,foo{...}
This changes all such occurrences. (In case you see this change in
your files and are worried that there might be changes: I mechanically
verified that the result of `read'ing the modified files is identical
to the previous version.)
svn: r15111
kinds.
* The default exit handler kills the sandbox, with an appropriate
termination message.
* Also, sending an eof to the sandbox shows 'eof as the reason
* Added some tests for these.
* Still need to deal with termination messages for evaluator suicide.
svn: r12837
bindings
* Added `sandbox-make-code-inspector' to control this
* Changed the function form of `sandbox-security-guard' to be a thunk,
to make it uniform with other sandbox settings.
svn: r12831
* Removed `get-namespace' since it's generalized in the above.
* Deal with killing the current thread (or the current custodian) in
the sandbox code. (Works only without per-expression limits --
still need to find a solution for `call-with-limits'.)
* Added tests for this.
svn: r12670
try to do so...).
* Add tests for output collection under resources -- some are
commented since they're not working right, either a bug in this code
that I don't see, or some problem with memory accounting.
* Clarify in the docs that output collection is still under resource
limits.
svn: r12667
