1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
//! OS-level sandbox backends for mimobox.
//!
//! This crate provides process-level sandbox implementations that conform to the
//! `mimobox-core` [`Sandbox`](mimobox_core::Sandbox) trait. It is responsible for
//! turning a [`SandboxConfig`](mimobox_core::SandboxConfig) into platform-native
//! isolation mechanisms while preserving the shared SDK result and error model.
//!
//! The Linux backend (`LinuxSandbox`) uses the following kernel mechanisms:
//! - **Landlock** for filesystem access control.
//! - **Seccomp-bpf** for allowlist-based system call filtering.
//! - **Namespaces** for PID, network, mount, and IPC isolation.
//! - **setrlimit** for memory limits.
//!
//! The macOS backend (`MacOsSandbox`) uses Seatbelt through `sandbox-exec`
//! where available. The crate also exposes [`SandboxPool`] for low-latency reuse
//! of pre-warmed OS sandboxes on supported platforms.
//!
//! # Platform Support
//!
//! | Platform | Status |
//! |------|------|
//! | Linux | Complete implementation |
//! | macOS | Complete implementation (Seatbelt / sandbox-exec) |
//! | Windows | Planned (AppContainer) |
//!
//! # Safety Model
//!
//! Platform backends apply sandbox policy in child processes before command
//! execution. Linux applies seccomp as the final step before `exec`, after
//! resource limits, filesystem restrictions, and namespace setup are in place.
/// Linux OS-level sandbox backend using Landlock, seccomp-bpf, namespaces, and resource limits.
pub use LinuxSandbox;
/// Warm pool types for reusing pre-initialized OS sandboxes.
pub use ;
/// Applies a Linux seccomp-bpf system call filter for the selected profile.
pub use apply_seccomp;
/// macOS OS-level sandbox backend using Seatbelt through `sandbox-exec`.
pub use MacOsSandbox;