leucite 1.0.0

A library for sandboxing and limiting command execution
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

<!-- Readme generated with `cargo-readme`: https://github.com/webern/cargo-readme -->

# leucite

[![Crates.io](https://img.shields.io/crates/v/leucite.svg)](https://crates.io/crates/leucite)
[![Documentation](https://docs.rs/leucite/badge.svg)](https://docs.rs/leucite/)
[![Dependency status](https://deps.rs/repo/github/basalt-rs/leucite/status.svg)](https://deps.rs/repo/github/basalt-rs/leucite)

A library for sandboxing and limiting command execution through Linux `landlock` and `prlimit`.

### Example

```rust

// Execute `bash -i` in the `/tmp/foo` directory using the provided rules
Command::new("bash")
    .arg("-i")
    .current_dir("/tmp/foo")
    .env_clear()
    .restrict(
        Rules::new()
            .add_read_only("/usr")
            .add_read_only("/etc")
            .add_read_only("/dev")
            .add_read_only("/bin")
            .add_read_write("/tmp/foo")
            .into()
    )
    .max_memory(MemorySize::from_mb(100))
    .spawn()?
    .wait()?;
```