deck_sandbox/
profile.rs

1//! Sandbox profile description, decoupled from any kernel API.
2
3use std::path::PathBuf;
4
5use serde::{Deserialize, Serialize};
6
7#[derive(Debug, Clone, Default, Serialize, Deserialize)]
8pub struct SandboxProfile {
9    /// Paths the sandboxed process may read.
10    #[serde(default)]
11    pub allow_read: Vec<PathBuf>,
12    /// Paths the sandboxed process may read+write.
13    #[serde(default)]
14    pub allow_write: Vec<PathBuf>,
15    /// Whether the process may make outbound network calls.
16    /// On linux we approximate this with a seccomp rule on `socket(2)`.
17    #[serde(default)]
18    pub allow_network: bool,
19}
deck_sandbox/profile.rs

deck_sandbox/
profile.rs
