Add sanboxing for signal handling.

src/core/corelib.c

@@ -741,6 +741,7 @@ static const SandboxOption sandbox_options[] = {
     {"net-connect", JANET_SANDBOX_NET_CONNECT},
     {"net-listen", JANET_SANDBOX_NET_LISTEN},
     {"sandbox", JANET_SANDBOX_SANDBOX},
+    {"signal", JANET_SANDBOX_SIGNAL},
     {"subprocess", JANET_SANDBOX_SUBPROCESS},
     {NULL, 0}
 };
@@ -765,6 +766,7 @@ JANET_CORE_FN(janet_core_sandbox,
               "* :net-connect - disallow making outbound network connections\n"
               "* :net-listen - disallow accepting inbound network connections\n"
               "* :sandbox - disallow calling this function\n"
+              "* :signal - disallow adding or removing signal handlers\n"
               "* :subprocess - disallow running subprocesses") {
     uint32_t flags = 0;
     for (int32_t i = 0; i < argc; i++) {

src/core/os.c

@@ -854,6 +854,7 @@ static void janet_signal_trampoline(int sig) {
 JANET_CORE_FN(os_sigaction,
               "(os/sigaction which &opt handler interrupt-interpreter)",
               "Add a signal handler for a given action. Use nil for the `handler` argument to remove a signal handler.") {
+    janet_sandbox_assert(JANET_SANDBOX_SIGNAL);
     janet_arity(argc, 1, 3);
 #ifdef JANET_WINDOWS
     janet_panic("unsupported on this platform");

src/include/janet.h

@@ -1822,6 +1822,7 @@ JANET_API void janet_stacktrace_ext(JanetFiber *fiber, Janet err, const char *pr
 #define JANET_SANDBOX_FS_TEMP 1024
 #define JANET_SANDBOX_FFI_USE 2048
 #define JANET_SANDBOX_FFI_JIT 4096
+#define JANET_SANDBOX_SIGNAL 8192
 #define JANET_SANDBOX_FFI (JANET_SANDBOX_FFI_DEFINE | JANET_SANDBOX_FFI_USE | JANET_SANDBOX_FFI_JIT)
 #define JANET_SANDBOX_FS (JANET_SANDBOX_FS_WRITE | JANET_SANDBOX_FS_READ | JANET_SANDBOX_FS_TEMP)
 #define JANET_SANDBOX_NET (JANET_SANDBOX_NET_CONNECT | JANET_SANDBOX_NET_LISTEN)