hst: optionally reject insecure options

This prevents inadvertent use of insecure compatibility features.

Closes #30.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/outcome/finalise.go

@@ -32,7 +32,14 @@ type outcome struct {
 	syscallDispatcher
 }
 
-func (k *outcome) finalise(ctx context.Context, msg message.Msg, id *hst.ID, config *hst.Config) error {
+// finalise prepares an outcome for main.
+func (k *outcome) finalise(
+	ctx context.Context,
+	msg message.Msg,
+	id *hst.ID,
+	config *hst.Config,
+	flags int,
+) error {
 	if ctx == nil || id == nil {
 		// unreachable
 		panic("invalid call to finalise")
@@ -43,7 +50,7 @@ func (k *outcome) finalise(ctx context.Context, msg message.Msg, id *hst.ID, con
 	}
 	k.ctx = ctx
 
-	if err := config.Validate(); err != nil {
+	if err := config.Validate(flags); err != nil {
 		return err
 	}
 

internal/outcome/run.go

@@ -18,7 +18,13 @@ import (
 func IsPollDescriptor(fd uintptr) bool
 
 // Main runs an app according to [hst.Config] and terminates. Main does not return.
-func Main(ctx context.Context, msg message.Msg, config *hst.Config, fd int) {
+func Main(
+	ctx context.Context,
+	msg message.Msg,
+	config *hst.Config,
+	flags int,
+	fd int,
+) {
 	// avoids runtime internals or standard streams
 	if fd >= 0 {
 		if IsPollDescriptor(uintptr(fd)) || fd < 3 {
@@ -34,7 +40,7 @@ func Main(ctx context.Context, msg message.Msg, config *hst.Config, fd int) {
 	k := outcome{syscallDispatcher: direct{msg}}
 
 	finaliseTime := time.Now()
-	if err := k.finalise(ctx, msg, &id, config); err != nil {
+	if err := k.finalise(ctx, msg, &id, config, flags); err != nil {
 		printMessageError(msg.GetLogger().Fatalln, "cannot seal app:", err)
 		panic("unreachable")
 	}