opam - restricted.1.2.0

Limit which system operations and which parts of the filesystem your program can access

Call it as early as possible in your program so that the rest of the code runs with reduced privileges. Currently, actual enforced restrictions are implemented for these operating systems:

OpenBSD
Linux (only filesystem view)

Even on other operating systems, you can still use restricted to document which privileges your program needs. Users can then test if your program respects these promises with tools such as pledge on Linux. Enjoy :)

Tags	openbsd restricted
Author	Remove Wingman <ocaml@rw8.addy.io>
License	AGPL-3.0-or-later
Published	Jan 23, 2026
Homepage	https://codeberg.org/removewingman/restricted
Issue Tracker	https://codeberg.org/removewingman/restricted/issues
Maintainer	Remove Wingman <ocaml@rw8.addy.io>
Available	os-family != "debian"
Dependencies	dune>=3.17 ocaml>=5.1.0 ppx_inline_test odocwith-doc
Source [http]	https://codeberg.org/removewingman/restricted/releases/download/v1.2.0/ocaml-restricted-1.2.0.tar.gz md5=7395845f7dbb8d87920f739b9d65b00c sha512=967a9aef34b572363aae925f28ade2cbf900b1504b4eaa51e49b028414419e2dec6e498f34bfbaa15de93503bae9b75fa9f411202de61cb5464eb1040a9b3d51
Edit	https://github.com/ocaml/opam-repository/tree/master/packages/restricted/restricted.1.2.0/opam

No package is dependent

restrictedversion 1.2.0 (latest) 1.11.2.0 (latest)Documentation on ocaml.org

Limit which system operations and which parts of the filesystem your program can access

restrictedversion
1.2.0 (latest)
1.1
1.2.0 (latest)
Documentation on ocaml.org