Sandboxing/resource limits

[8573]

Look into what rink has.

[8573]

My latest work on this, using Servo's gaol library, is in the wip/sandbox/gaol/1 branch.

Patrick Walton says that I will need to use both of gaol's Sandbox and ChildSandbox mechanisms for this to work. I'm not sure that's feasible with my current architecture; specifically, gaol seems to be intended for programs and to need an executable program to sandbox, whereas irc-bot is intended as merely a library.

[8573]

I guess I think of irc-bot no longer as a library to be used in arbitrary other crates but now rather as a framework specifically for writing IRC bots that would have a suitable executable, and indeed I for some time have assumed that I eventually will want to have the network-facing and command-handling parts of bots in one (restricted) process and other functions, such as writing to a database, in another process.

[8573]

If I do use gaol, gating it behind a check for the availability of user namespaces might be prudent: servo/gaol#41.

[8573]

Note to self: See also my conversation with eternaleye, FrozenFox, and danopia in #robigalia starting at 2019-06-16 02:49:12Z.