Crate sandbox_ipc

Source
Expand description

Convenient and powerful cross-platform IPC primitives, designed with privilege separation in mind.

The core of this crate is the MessageChannel. It not only automatically serializes and deserializes messages via serde, but can even send OS resources like files to other processes. To get started, spawn a child process with MessageChannel::establish_with_child and transmit the initial channel with an environment variable:

extern crate futures;
extern crate tokio;
extern crate sandbox_ipc as ipc;
extern crate serde_json as json;
 
use std::{fs, env};
use std::process::Command;
use std::io::Write;

use ipc::io::SendableFile;
use futures::prelude::*; 
use tokio::runtime::Runtime;
 
const CHANNEL_ENV_VAR: &str = "ENV_IPC_CHANNEL";
 
fn main() {
    // IO operations are done within a Tokio event loop
    let mut core = Runtime::new().unwrap();
     
    let mut child_command = Command::new("some_child_executable");
    let (channel, child) = ipc::MessageChannel::<SendableFile, i32>::establish_with_child(
        &mut child_command, 8192, core.reactor(), |command, child_channel| {
            command
                .env(CHANNEL_ENV_VAR, json::to_string(child_channel).unwrap())
                .spawn()
        }
    ).unwrap();
 
    let secret_file = fs::File::create("secret_file.txt").unwrap();
    let channel = core.block_on(channel.send(SendableFile(secret_file))).unwrap();
 
    let (reason, _channel) = core.block_on(channel.into_future()).map_err(|(err, _)| err).unwrap();
    let reason = reason.unwrap();
    assert_eq!(42i32, reason);
}
 
fn child_main() {
    let mut core = Runtime::new().unwrap();
 
    let channel: ipc::ChildMessageChannel = 
        json::from_str(&env::var(CHANNEL_ENV_VAR).unwrap()).unwrap();
    let channel = channel.into_channel::<i32, SendableFile>(core.reactor()).unwrap();
 
    let (secret_file, channel) = core.block_on(channel.into_future())
        .map_err(|(err, _)| err).unwrap();
    let SendableFile(mut secret_file) = secret_file.unwrap();
 
    write!(&mut secret_file, "psst").unwrap();
 
    let _channel = core.block_on(channel.send(42i32)).unwrap();
}

Modules§

io
os
shm
sync

Structs§

ChildMessageChannel
A serializable type for establishing MessageChannels with child processes.
ChildRawMessageChannel
A serializable type for establishing RawMessageChannels with child processes.
MessageChannel
A basic channel for sending serializable types between processes.
NamedMessageChannel
A channel which can be established by sending an automatically generated unique name to another process.
PreMessageChannel
A sendable handle for establishing MessageChannels with processes you can already communicate with.
PreRawMessageChannel
A sendable handle for establishing RawMessageChannels with processes you can already communicate with.
ProcessHandle
ProcessHandles are needed to establish unsealed channels (i.e. channels that can transmit OS resources).
RawMessageChannel
A channel which raw binary messages can be send over.