Skip to main content

Module plan

Module plan 

Source
Expand description

Sandbox execution plan.

A Plan describes everything needed to run a command in the sandbox: the command, environment, files, mounts, and resource limits.

§Example

use evalbox_sandbox::{Plan, Mount};

let plan = Plan::new(["python", "main.py"])
    .env("PYTHONPATH", "/work")
    .file("main.py", b"print('hello')")
    .timeout(Duration::from_secs(10))
    .memory(256 * 1024 * 1024);

§Advanced Security Configuration

use evalbox_sandbox::{Plan, Syscalls, Landlock};

let plan = Plan::new(["python3", "-c", "code"])
    .syscalls(Syscalls::default().allow(libc::SYS_openat))
    .landlock(Landlock::default().allow_read("/etc"))
    .network(false);

§Defaults

FieldDefault
timeout30 seconds
memory256 MiB
max_pids64 processes
max_output16 MiB
networkfalse (blocked)
cwd/work

Structs§

Landlock
Landlock filesystem and network access control configuration.
Mount
Mount point configuration.
Plan
Complete sandbox execution plan.
Syscalls
Syscall filtering configuration.
UserFile
File to write to workspace before execution.

Enums§

NotifyMode
Seccomp user notification mode.