will forbid a great number of operations but leaves enough allowed so that $foo could be a configuration file - written in Perl syntax. In that case, the rdo() method is also interesting:
my $result = $compartment->rdo($filename);
which is a safe replacement for my $result = do $filename; For information about the tags and names you can use in the permit() call, see the documentation to the Opcode module.
eval is a function that lets you execute a block of code, but it can be mighty tricky and I suggest you read up on it first. Of special use is $@, or EVAL_ERROR, which you can read about in perlvar, here.
I know that I did things which I thought made sense while I was starting out, and later realized were pretty dangerous because I wasn't checking $@, so I had no clue what was being spit out of the blocks I was trying to execute.
It's also really important to understand __DIE__ , but you'll get that feeling when you read the eval docs.