evalbox 0.1.1

Unprivileged sandbox for arbitrary code execution
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

//! Probe trait and `RuntimeInfo` types.

use std::collections::HashMap;
use std::path::{Path, PathBuf};

use crate::error::ProbeError;

pub use evalbox_sandbox::Mount;

#[derive(Debug, Clone)]
pub struct RuntimeInfo {
    pub binary: PathBuf,
    pub mounts: Vec<Mount>,
    pub env: HashMap<String, String>,
    pub shared_libs: Vec<PathBuf>,
}

impl RuntimeInfo {
    pub fn new(binary: PathBuf) -> Self {
        Self {
            binary,
            mounts: Vec::new(),
            env: HashMap::new(),
            shared_libs: Vec::new(),
        }
    }

    pub fn mount(mut self, mount: Mount) -> Self {
        self.mounts.push(mount);
        self
    }

    pub fn mounts(mut self, mounts: impl IntoIterator<Item = Mount>) -> Self {
        self.mounts.extend(mounts);
        self
    }

    pub fn env_var(mut self, key: impl Into<String>, value: impl Into<String>) -> Self {
        self.env.insert(key.into(), value.into());
        self
    }

    pub fn shared_lib(mut self, path: PathBuf) -> Self {
        self.shared_libs.push(path);
        self
    }
}

/// Detects a runtime and determines mounts/env needed for sandbox execution.
pub trait Probe: Send + Sync {
    fn name(&self) -> &str;

    /// Find runtime binary via env vars → PATH → common locations.
    fn detect(&self) -> Option<PathBuf>;

    /// Analyze binary to determine filesystem and environment requirements.
    fn probe(&self, binary: &Path) -> Result<RuntimeInfo, ProbeError>;
}