Expand description
Sandbox execution plan.
A Plan describes everything needed to run a command in the sandbox:
the command, environment, files, mounts, and resource limits.
§Example
ⓘ
use evalbox_sandbox::{Plan, Mount};
let plan = Plan::new(["python", "main.py"])
.env("PYTHONPATH", "/work")
.file("main.py", b"print('hello')")
.timeout(Duration::from_secs(10))
.memory(256 * 1024 * 1024);§Advanced Security Configuration
ⓘ
use evalbox_sandbox::{Plan, Syscalls, Landlock};
let plan = Plan::new(["python3", "-c", "code"])
.syscalls(Syscalls::default().allow(libc::SYS_openat))
.landlock(Landlock::default().allow_read("/etc"))
.network(false);§Defaults
| Field | Default |
|---|---|
timeout | 30 seconds |
memory | 256 MiB |
max_pids | 64 processes |
max_output | 16 MiB |
network | false (blocked) |
cwd | /work |
Structs§
- Landlock
- Landlock filesystem and network access control configuration.
- Mount
- Mount point configuration.
- Plan
- Complete sandbox execution plan.
- Syscalls
- Syscall filtering configuration.
- User
File - File to write to workspace before execution.
Enums§
- Notify
Mode - Seccomp user notification mode.