Expand description
Birdcage sandbox.
This crate provides a cross-platform API for an embedded sandbox for macOS and Linux.
§Example
use std::fs;
use birdcage::process::Command;
use birdcage::{Birdcage, Exception, Sandbox};
// Reads without sandbox work.
fs::read_to_string("./Cargo.toml").unwrap();
// Allow access to our test executable.
let mut sandbox = Birdcage::new();
sandbox.add_exception(Exception::ExecuteAndRead("/bin/cat".into())).unwrap();
let _ = sandbox.add_exception(Exception::ExecuteAndRead("/lib64".into()));
let _ = sandbox.add_exception(Exception::ExecuteAndRead("/lib".into()));
// Initialize the sandbox; by default everything is prohibited.
let mut command = Command::new("/bin/cat");
command.arg("./Cargo.toml");
let mut child = sandbox.spawn(command).unwrap();
// Reads with sandbox should fail.
let status = child.wait().unwrap();
assert!(!status.success());
Modules§
- Sandboxing errors.
Enums§
- Sandboxing exception rule.
Traits§
Type Aliases§
- Default platform sandbox.