plash — Shell for running programs with minimum authority
Plash is the Principle of Least Authority shell. It lets you run Linux programs with access only to the files and directories they need to run. Programs are given access to files which were passed as command line arguments.
Executes the given script on startup. Does not switch off interactive mode.
By default, the shell does not read any scripts on startup.
Execute the given command, and then exit. Disables interactive mode.
By default, files and directories are passed as read-only. The "=>" operator lets you pass files and directories with read-write access. Objects to the right of "=>" are passed as read-write slots, so the object doesn't have to exist in advance.
Files and directories that appear to the right of the "+" operator are not included in the argument list (the one used in execve()), but they are attached into the file namespace of the process.
Arguments that are not filenames should be quoted, unless they begin with '-'.
You can attach objects to arbitrary points in the file namespace.
expr typically evaluates to a file, directory, or
executable object. This will include
pathname in the argument
You can limit the scope of "+" or "=>" using curly brackets.
IO redirection. You can change the file descriptors that are passed to the process.
Arguments that were implicit before must now be made explicit. With the Bourne shell or Bash you can write `ls' to list the current directory's contents. With Plash you must add `.' to grant access to the current directory.
gcc -c foo.c => -o foo.o + .
make + => .
tar -cvzf => foo.tar.gz dir1
grep 'pattern' file | less
Pipes work as in conventional shells.
If you want to execute a command in the conventional way -- without running the process with a virtualised filesystem, in a chroot jail, etc. -- you can prefix it with "!!". This can be applied to individual command invocations in a pipeline. The syntax for command invocations is the same whether "!!" is used or not, but when it is used, files listed after the "+" operator are ignored.
Sets the current directory.
Puts the given job in the foreground. (Job numbers are not prefixed with `%', unlike in Bash.)
Puts the given job in the background.
Binds the object reference returned by the expression to a variable.
Returns the object reference that is bound to the variable.
Returns the file or directory object at the given path. Will follow symbolic links.
This expression returns a fabricated directory object containing
the files listed in
args. The object resides in a server
process started by the shell.
args is processed in the same way as argument lists to
commands, so read-only access will be given for files that are
listed unless "=>" is used, and objects can be attached at points
in the directory tree using
This built-in expression is similar to a normal command
invocation, except that it expects the resulting process to return
an object reference as a result. The shell passes the process a
return continuation argument (
return_cont; see the
PLASH_CAPS environment variable), which the process
invokes with the result.
This expression doesn't wait for the process to exit: the process will typically act as a server and stay running in the background to handle invocations of the object that it returned.
If the process drops the return continuation without invoking it (which will happen if it exits without passing the reference on), the expression results in an error.