This patch series is just FYI at the moment. However it
does pass the tests.
The daemon is a self-contained program. We don't need to write it all
in C. Writing parts of it in OCaml would make it simpler and less
error-prone. In particular if the daemon was written in a more sane
programming language then we could move the inspection code to run
entirely inside the appliance, which would be more secure, much faster
and much saner for the people implementing it.
This patch series allows individual APIs to be rewritten in OCaml (I
am _not_ proposing that we would ever reimplement all APIs this way).
The third patch reimplements the ‘file’ API this way, showing that the
code ends up smaller, safer and (because we can now use a chroot
properly) more accurate.
Rich.