Skip to main content

Plan

evalbox_sandbox::plan

Struct Plan 

Source 
pub struct Plan {
Show 15 fields
    pub cmd: Vec<String>,
    pub binary_path: Option<PathBuf>,
    pub env: HashMap<String, String>,
    pub stdin: Option<Vec<u8>>,
    pub cwd: String,
    pub mounts: Vec<Mount>,
    pub user_files: Vec<UserFile>,
    pub workspace_size: u64,
    pub timeout: Duration,
    pub memory_limit: u64,
    pub max_pids: u32,
    pub max_output: u64,
    pub network_blocked: bool,
    pub syscalls: Option<Syscalls>,
    pub landlock: Option<Landlock>,

}
Expand description

Complete sandbox execution plan.

This is the low-level API for full control over sandbox execution. Most users should use the high-level evalbox crate instead.

§Example

use evalbox_sandbox::{Plan, Mount, Executor};

let plan = Plan::new(["python3", "-c", "print('hello')"])
    .mount(Mount::ro("/usr/lib"))
    .timeout(Duration::from_secs(60))
    .memory(256 * 1024 * 1024)
    .network(false);

let output = Executor::run(plan)?;

Fields§

§cmd: Vec<String>§binary_path: Option<PathBuf>

Pre-resolved binary path. If set, sandbox uses this instead of resolving cmd[0]. This allows evalbox to do binary resolution before calling sandbox.

§env: HashMap<String, String>§stdin: Option<Vec<u8>>§cwd: String§mounts: Vec<Mount>§user_files: Vec<UserFile>§workspace_size: u64§timeout: Duration§memory_limit: u64§max_pids: u32§max_output: u64§network_blocked: bool§syscalls: Option<Syscalls>

Custom syscall filtering configuration.

§landlock: Option<Landlock>

Custom Landlock configuration.

Implementations§

Source§

impl Plan

Source

pub fn new(cmd: impl IntoIterator<Item = impl Into<String>>) -> Self

Source

pub fn env(self, key: impl Into<String>, value: impl Into<String>) -> Self

Source

pub fn stdin(self, data: impl Into<Vec<u8>>) -> Self

Source

pub fn cwd(self, cwd: impl Into<String>) -> Self

Source

pub fn mount(self, mount: Mount) -> Self

Source

pub fn mounts(self, mounts: impl IntoIterator<Item = Mount>) -> Self

Add multiple mounts from an iterator.

Source

pub fn binary_path(self, path: impl Into<PathBuf>) -> Self

Set pre-resolved binary path.

When set, the sandbox uses this path directly instead of resolving cmd[0]. This is used by evalbox to pre-resolve binaries before calling sandbox.

Source

pub fn file(self, path: impl Into<String>, content: impl Into<Vec<u8>>) -> Self

Source

pub fn executable( self, path: impl Into<String>, content: impl Into<Vec<u8>>, ) -> Self

Add an executable binary to the workspace.

Source

pub fn timeout(self, timeout: Duration) -> Self

Source

pub fn memory_limit(self, limit: u64) -> Self

Source

pub fn max_pids(self, max: u32) -> Self

Source

pub fn max_output(self, max: u64) -> Self

Source

pub fn network_blocked(self, blocked: bool) -> Self

Source

pub fn network(self, enabled: bool) -> Self

Enable or disable network access.

This is the inverse of network_blocked: network(true) enables network, network(false) blocks network (default).

Source

pub fn memory(self, limit: u64) -> Self

Set memory limit (alias for memory_limit).

Source

pub fn syscalls(self, syscalls: Syscalls) -> Self

Set custom syscall filtering configuration.

Source

pub fn landlock(self, landlock: Landlock) -> Self

Set custom Landlock configuration.

Source

pub fn exec(self) -> Result<Output, ExecutorError>

Execute this plan (convenience method).

Equivalent to Executor::run(self).

Trait Implementations§

Source§

impl Clone for Plan

Source§

fn clone(&self) -> Plan

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Plan

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Plan

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl Freeze for Plan

§

impl RefUnwindSafe for Plan

§

impl Send for Plan

§

impl Sync for Plan

§

impl Unpin for Plan

§

impl UnsafeUnpin for Plan

§

impl UnwindSafe for Plan

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.