That's confounding. I printed out the masks for both permit(qw(print readline)) and permit_only(qw(print readline)) using printf():
printf "%vd \n", $compartment->mask;
...and they are clearly different, which means a compartment allows some default operations that permit_only() must be erasing. Rereading the Safe docs, there is a set of default operations bundled under :default that are allowed. You have to check the Opcode docs to see which operations that :default includes. I'm not sure which ones I erased with permit_only() that are needed to reval() my sample code--but in any case it looks like if you want to use permit_only(), then you probably need a pretty good grasp of perl internals.
I did a bunch of trial and error, and to get permit_only() to work on my sample code, I need all these:
The :default bundle of operations that a compartment allows consists of a bevy of other bundles:
See the Opcode docs for which operations are included in each of those bundles.