Expand description
evalbox-sandbox: Sandbox orchestration
This crate provides secure sandboxed execution of untrusted code on Linux. It combines multiple isolation mechanisms for defense in depth:
- Landlock v5 - Filesystem, network, signal, and IPC access control
- Seccomp-BPF - Syscall whitelist (~40 allowed syscalls)
- Seccomp User Notify - Optional syscall interception for FS virtualization
- Rlimits - Resource limits (memory, CPU, files, processes)
- Capabilities - All capabilities dropped,
NO_NEW_PRIVSenforced
No user namespaces required — works inside Docker with default seccomp profile.
§Quick Start
ⓘ
use evalbox_sandbox::{Executor, Plan};
let plan = Plan::new(["echo", "hello"]);
let output = Executor::run(plan)?;
assert_eq!(output.stdout, b"hello\n");§Requirements
- Linux kernel 6.12+ (for Landlock ABI 5)
- Seccomp enabled in kernel
Re-exports§
pub use executor::Event;pub use executor::Executor;pub use executor::ExecutorError;pub use executor::SandboxId;pub use monitor::Output;pub use monitor::Status;pub use plan::Landlock;pub use plan::Mount;pub use plan::NotifyMode;pub use plan::Plan;pub use plan::Syscalls;pub use plan::UserFile;pub use resolve::ResolveError;pub use resolve::ResolvedBinary;pub use resolve::resolve_binary;
Modules§
- executor
- Sandbox executor for both blocking and concurrent execution.
- isolation
- Isolation mechanisms for sandboxed processes.
- monitor
- Process monitoring and output collection.
- notify
- Seccomp user notification support.
- plan
- Sandbox execution plan.
- resolve
- Binary path resolution and mount detection.
- sysinfo
- System information and path detection.
- validate
- Input validation for sandbox execution.
- workspace
- Workspace and pipe management for sandboxed execution.