Use methoddesc and memberdesc, as needed.
Added description of BastionClass, since it is referred to in the Bastion
description as subclassable.
diff --git a/Doc/lib/librexec.tex b/Doc/lib/librexec.tex
index e301f81..03e8284 100644
--- a/Doc/lib/librexec.tex
+++ b/Doc/lib/librexec.tex
@@ -50,8 +50,7 @@
Instances of the new class will then use those new values. All these
attributes are tuples of strings.
-\setindexsubitem{(RExec object attribute)}
-\begin{datadesc}{nok_builtin_names}
+\begin{memberdesc}{nok_builtin_names}
Contains the names of built-in functions which will \emph{not} be
available to programs running in the restricted environment. The
value for \class{RExec} is \code{('open',} \code{'reload',}
@@ -61,9 +60,9 @@
base class and concatenate additional forbidden functions --- when new
dangerous built-in functions are added to Python, they will also be
added to this module.)
-\end{datadesc}
+\end{memberdesc}
-\begin{datadesc}{ok_builtin_modules}
+\begin{memberdesc}{ok_builtin_modules}
Contains the names of built-in modules which can be safely imported.
The value for \class{RExec} is \code{('audioop',} \code{'array',}
\code{'binascii',} \code{'cmath',} \code{'errno',} \code{'imageop',}
@@ -72,16 +71,16 @@
\code{'strop',} \code{'struct',} \code{'time')}. A similar remark
about overriding this variable applies --- use the value from the base
class as a starting point.
-\end{datadesc}
+\end{memberdesc}
-\begin{datadesc}{ok_path}
+\begin{memberdesc}{ok_path}
Contains the directories which will be searched when an \keyword{import}
is performed in the restricted environment.
The value for \class{RExec} is the same as \code{sys.path} (at the time
the module is loaded) for unrestricted code.
-\end{datadesc}
+\end{memberdesc}
-\begin{datadesc}{ok_posix_names}
+\begin{memberdesc}{ok_posix_names}
% Should this be called ok_os_names?
Contains the names of the functions in the \module{os} module which will be
available to programs running in the restricted environment. The
@@ -90,68 +89,69 @@
\code{'times',} \code{'uname',} \code{'getpid',} \code{'getppid',}
\code{'getcwd',} \code{'getuid',} \code{'getgid',} \code{'geteuid',}
\code{'getegid')}.
-\end{datadesc}
+\end{memberdesc}
-\begin{datadesc}{ok_sys_names}
+\begin{memberdesc}{ok_sys_names}
Contains the names of the functions and variables in the \module{sys}
module which will be available to programs running in the restricted
environment. The value for \class{RExec} is \code{('ps1',}
\code{'ps2',} \code{'copyright',} \code{'version',} \code{'platform',}
\code{'exit',} \code{'maxint')}.
-\end{datadesc}
+\end{memberdesc}
+
\class{RExec} instances support the following methods:
-\setindexsubitem{(RExec object method)}
-\begin{funcdesc}{r_eval}{code}
+\begin{methoddesc}{r_eval}{code}
\var{code} must either be a string containing a Python expression, or
a compiled code object, which will be evaluated in the restricted
environment's \module{__main__} module. The value of the expression or
code object will be returned.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{r_exec}{code}
+\begin{methoddesc}{r_exec}{code}
\var{code} must either be a string containing one or more lines of
Python code, or a compiled code object, which will be executed in the
restricted environment's \module{__main__} module.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{r_execfile}{filename}
+\begin{methoddesc}{r_execfile}{filename}
Execute the Python code contained in the file \var{filename} in the
restricted environment's \module{__main__} module.
-\end{funcdesc}
+\end{methoddesc}
Methods whose names begin with \samp{s_} are similar to the functions
beginning with \samp{r_}, but the code will be granted access to
restricted versions of the standard I/O streams \code{sys.stdin},
\code{sys.stderr}, and \code{sys.stdout}.
-\begin{funcdesc}{s_eval}{code}
+\begin{methoddesc}{s_eval}{code}
\var{code} must be a string containing a Python expression, which will
be evaluated in the restricted environment.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{s_exec}{code}
+\begin{methoddesc}{s_exec}{code}
\var{code} must be a string containing one or more lines of Python code,
which will be executed in the restricted environment.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{s_execfile}{code}
+\begin{methoddesc}{s_execfile}{code}
Execute the Python code contained in the file \var{filename} in the
restricted environment.
-\end{funcdesc}
+\end{methoddesc}
\class{RExec} objects must also support various methods which will be
implicitly called by code executing in the restricted environment.
Overriding these methods in a subclass is used to change the policies
enforced by a restricted environment.
-\begin{funcdesc}{r_import}{modulename\optional{, globals, locals, fromlist}}
+\begin{methoddesc}{r_import}{modulename\optional{, globals\optional{,
+ locals\optional{, fromlist}}}}
Import the module \var{modulename}, raising an \exception{ImportError}
exception if the module is considered unsafe.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{r_open}{filename\optional{, mode\optional{, bufsize}}}
+\begin{methoddesc}{r_open}{filename\optional{, mode\optional{, bufsize}}}
Method called when \function{open()} is called in the restricted
environment. The arguments are identical to those of \function{open()},
and a file object (or a class instance compatible with file objects)
@@ -159,32 +159,33 @@
any file for reading, but forbidding any attempt to write a file. See
the example below for an implementation of a less restrictive
\method{r_open()}.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{r_reload}{module}
+\begin{methoddesc}{r_reload}{module}
Reload the module object \var{module}, re-parsing and re-initializing it.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{r_unload}{module}
+\begin{methoddesc}{r_unload}{module}
Unload the module object \var{module} (i.e., remove it from the
restricted environment's \code{sys.modules} dictionary).
-\end{funcdesc}
+\end{methoddesc}
And their equivalents with access to restricted standard I/O streams:
-\begin{funcdesc}{s_import}{modulename\optional{, globals, locals, fromlist}}
+\begin{methoddesc}{s_import}{modulename\optional{, globals\optional{,
+ locals\optional{, fromlist}}}}
Import the module \var{modulename}, raising an \exception{ImportError}
exception if the module is considered unsafe.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{s_reload}{module}
+\begin{methoddesc}{s_reload}{module}
Reload the module object \var{module}, re-parsing and re-initializing it.
-\end{funcdesc}
+\end{methoddesc}
-\begin{funcdesc}{s_unload}{module}
+\begin{methoddesc}{s_unload}{module}
Unload the module object \var{module}.
% XXX what are the semantics of this?
-\end{funcdesc}
+\end{methoddesc}
\subsection{An example}