The code sent to a pengine is executed in the context of the module
pengine_sandbox
and the safety of goals is validated using safe_goal/1
prior to execution. Any pengine has access to the safe predicates
defined in library(sandbox)
. If a server wishes to extend
the set of predicates, it must:
domain_predicates.pl
:- use_module(pengine_sandbox:domain_predicates).
library(sandbox)
,
i.e., predicates that do not have side effects such as accessing the
file system, load foreign extensions, define other predicates outside
the sandbox environment, etc.
Note that the safety of Prolog predicate can typically be proven by library(sandbox)
.
This may not be the case if untracktable forms of meta-calling are used.
In this case it is adviced to avoid such code. If this is not possible,
the code must be carefully reviewed by hand and of proven to be safe it
may be registered with the sandbox library.
For example, basic RDF access can be granted to pengines using the code below. Please study the sandboxing code carefully before adding declarations.
:- use_module(pengine_sandbox:library(semweb/rdf_db)). :- use_module(library(sandbox)). :- multifile sandbox:safe_primitive/1. sandbox:safe_primitive(rdf_db:rdf(_,_,_)).