hakoniwa 1.3.2

Process isolation for Linux using namespaces, resource limits, cgroups, landlock and seccomp.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

//! Process isolation for Linux using namespaces, resource limits, cgroups, landlock
//! and seccomp. It works by creating a new, completely empty, mount namespace where
//! the root is on a tmpdir, and will be automatically cleaned up when the last
//! process exits.
//!
//! # Quickstart
//!
//! Use [Container] to build an isolated environment, and then create a [Command]
//! to execute.
//!
//! ```
//! use hakoniwa::Container;
//!
//! let output = Container::new()   // Create Container with new namespaces via unshare
//!     .rootfs("/").unwrap()       // Mount necessary directories, e.g. `/bin`
//!     .tmpfsmount("/tmp")         // Mount new tmpfs on `/tmp`
//!     .command("/bin/echo")       // Create Command
//!     .arg("hello")               // Configure Command
//!     .output()                   // Execute
//!     .expect("failed to execute process within container");
//!
//! let hello = output.stdout;
//!
//! ```
//! More details can be found in [repo](https://github.com/souk4711/hakoniwa/tree/main/hakoniwa).

mod child;
mod command;
mod container;
mod error;
mod etcfs;
mod metric;
mod rlimit;
mod runc;
mod runctl;
mod stdio;
mod unshare;

use etcfs::{GroupFile, PasswdFile};
use unshare::{FsOperation, IdMap, Mount};

pub use child::{Child, ExitStatus, Output};
pub use command::Command;
pub use container::Container;
pub use error::{Error, Result};
pub use metric::{ProcPidSmapsRollup, ProcPidStatus, Rusage};
pub use rlimit::Rlimit;
pub use runctl::Runctl;
pub use stdio::Stdio;
pub use unshare::{MountOptions, Namespace, Network, Pasta};

#[cfg(feature = "cgroups")]
pub mod cgroups;

#[cfg(feature = "landlock")]
pub mod landlock;

#[cfg(feature = "seccomp")]
pub mod seccomp;