1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
//! Sandbox: export VFS to a temp dir for isolated execution (e.g. rustup/cargo), then sync back.
//!
//! ## Isolation (no Podman/Docker)
//!
//! Devshell **does not** invoke `podman`, `docker`, or any OCI runtime. Flow: export VFS subtree to a
//! unique host temp dir (`0o700` on Unix) → run `cargo` / `rustup` from the host `PATH` with `cwd` set
//! to the export root → sync back → remove the temp dir.
//!
//! **Linux optional mount namespace** — set **`DEVSHELL_RUST_MOUNT_NAMESPACE=1`** (or `true` / `yes`) so the
//! child process calls `unshare(CLONE_NEWNS)` and makes the mount tree private (`MS_REC | MS_PRIVATE`)
//! before `exec`. That gives a **separate mount namespace** (kernel feature via libc), similar in spirit
//! to container mount isolation but **without** a container engine. It does **not** hide the host
//! filesystem from the child; a full root jail would need additional work (e.g. `pivot_root`).
//!
//! On non-Linux platforms the env var is ignored.
//!
//! ## Unix execute bit on `target/` binaries
//!
//! VFS sync uses [`std::fs::write`], which creates files without the execute bit. After a round-trip,
//! `target/debug/foo` is often **0644** while still a valid ELF. `cargo run` may skip rebuild and then
//! **execve** fails with **EACCES (Permission denied)**. Before running `cargo`/`rustup`, we walk
//! `target/` and set **0755** on files that look like **ELF** objects.
pub use SandboxError;
pub use export_vfs_to_temp_dir;
pub use ;
pub use ;
pub use sync_host_dir_to_vfs;
pub use restore_execute_bits_for_build_artifacts;
pub use host_export_root;