Trait SandboxStrategy

Source

pub trait SandboxStrategy: Send + Sync {
    // Required methods
    fn name(&self) -> &'static str;
    fn wrap_command(&self, cmd: Command, policy: &SandboxPolicy) -> Command;
}

Expand description

Strategy trait for wrapping a subprocess command with OS-level isolation.

Required Methods§

Source

fn name(&self) -> &'static str

Short name for diagnostics and logging (e.g. "seatbelt", "noop").

Source

fn wrap_command(&self, cmd: Command, policy: &SandboxPolicy) -> Command

Wrap cmd so the spawned child runs inside the sandbox.

Implementations may build a new Command that invokes a helper (e.g. sandbox-exec) with the original program as its child. The returned command must preserve the original working directory and environment but does not need to re-apply stdio — the caller re-applies piped stdio via SandboxExecutor::wrap.

Implementors§

Source §

impl SandboxStrategy for BwrapStrategy

Source §

impl SandboxStrategy for SeatbeltStrategy

Source §

SandboxStrategy

Trait SandboxStrategy Copy item path

Required Methods§

fn name(&self) -> &'static str

fn wrap_command(&self, cmd: Command, policy: &SandboxPolicy) -> Command

Implementors§

impl SandboxStrategy for BwrapStrategy

impl SandboxStrategy for SeatbeltStrategy

impl SandboxStrategy for NoopStrategy

Trait SandboxStrategy