Expand description
Process isolation for Linux using namespaces, resource limits, landlock and seccomp. It works by creating a new, completely empty, mount namespace where the root is on a tmpdir, and will be automatically cleaned up when the last process exits.
§Quickstart
Use Container to build an isolated environment, and then create a Command to execute.
use hakoniwa::Container;
let output = Container::new() // Create Container with new namespaces via unshare
.rootfs("/").unwrap() // Mount necessary directories, e.g. `/bin`
.tmpfsmount("/tmp") // Mount new tmpfs on `/tmp`
.command("/bin/echo") // Create Command
.arg("hello") // Configure Command
.output() // Execute
.expect("failed to execute process witnin container");
let hello = output.stdout;
More details can be found in repo.
Modules§
Macros§
- scmp_
argcmp - A macro to create ArgCmp in a more elegant way.
Structs§
- Child
- Representation of a running or exited child process.
- Command
- Process builder, providing fine-grained control over how a new process should be spawned.
- Container
- Safe and isolated environment for executing command.
- Exit
Status - Result of a process after it has terminated.
- Mount
Options - Mount flags.
- Output
- The output of a finished process.
- Pasta
- Use pasta(1) to create a user-mode networking stack.
- Proc
PidSmaps Rollup - Accumulated smaps stats for all mappings.
- Proc
PidStatus - Memory usage and status information.
- Rusage
- Information about resource usage.
Enums§
- Error
- Error types.
- Namespace
- Linux namespace types.
- Network
- Network mode.
- Rlimit
- Resource limit types.
- Runctl
- Manipulates various aspects of the behavior of the container.
- Stdio
- Describes what to do with a standard I/O stream.
Type Aliases§
- Result
- Error handling with the Result type.