isolate-integration 0.1.0

A Rust interface for the ioi/isolate sandbox program.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

//! # Isolate Integration
//!
//! A Rust interface for the [ioi/isolate](https://github.com/ioi/isolate) sandbox program,
//! providing secure process isolation with resource limits and control.
//!
//! This crate uses the `tokio` async runtime to manage sandbox lifecycle and execute commands.
//!
//! ## Prerequisites
//!
//! You must have `isolate` installed on your system. See the
//! [ioi/isolate repository](https://github.com/ioi/isolate) for installation instructions.
//!
//! For cgroup-related features (recommended, such as `--cg-mem` option), ensure your system
//! supports cgroup v2.
//!
//! ## Quick Start
//!
//! ```no_run
//! use isolate_integration::{IsolateSandbox, ResourceLimits};
//!
//! #[tokio::main]
//! async fn main() -> anyhow::Result<()> {
//!     // Create a sandbox with cgroup enabled by default
//!     let sandbox = IsolateSandbox::new(0)
//!         .with_stdin("input.txt")
//!         .with_stdout("output.txt")
//!         .with_stderr("error.txt");
//!
//!     // Set resource limits
//!     let limits = ResourceLimits::new()
//!         .with_time_limit(1.0)           // 1 second CPU time limit
//!         .with_cg_memory_limit(64 * 1024)  // 64 MB memory limit
//!         .with_process_limit(1);         // Allow only 1 process
//!
//!     // Initialize the sandbox
//!     sandbox.init(&limits).await?;
//!
//!     // Run a command
//!     let result = sandbox.run("echo", ["Hello, World!"], &limits).await?;
//!
//!     println!("Exit code: {:?}", result.exit_code);
//!     println!("Time: {:.3}s", result.time_used);
//!     println!("Memory: {} KB", result.cg_memory_used.unwrap_or(0));
//!
//!     // Cleanup
//!     sandbox.cleanup().await?;
//!     
//!     Ok(())
//! }
//! ```
//!
//! ## Features
//!
//! - **Resource Control**: Set limits on CPU time, memory, processes, and file operations
//! - **Directory Binding**: Mount external directories into the sandbox with fine-grained permissions
//! - **Environment Management**: Control environment variables passed to sandboxed processes
//! - **I/O Redirection**: Redirect stdin, stdout, and stderr to files
//! - **Cgroup Support**: Leverage cgroup v2 for precise resource control
//! - **Async/Await**: Built on tokio for efficient async operations
//!
//! For more examples and detailed documentation, see the
//! [repository README](https://github.com/yourusername/isolate-integration).

pub mod sandbox;

// Re-export commonly used types
pub use sandbox::{
    DirectoryOptions, DirectoryRule, EnvRule, ExecutionResult, IsolateSandbox, ResourceLimits,
    SpecialOptions,
};