Skip to main content

Module isolation

evalbox_sandbox

Module isolation 

Source
Expand description

Isolation mechanisms for sandboxed processes.

This module contains all the security isolation layers:

  • lockdown - Security restrictions (Landlock v5, seccomp, securebits, capabilities)
  • rlimits - Resource limits (memory, CPU, files, processes)

Modules§

rlimits
Resource limits for sandboxed processes.

Enums§

LockdownError
Error during security lockdown.

Functions§

close_extra_fds
Close all file descriptors > 2 using close_range syscall.
lockdown
Apply security lockdown to the current process.