Expand description
Process isolation for Linux using namespaces, resource limits and seccomp. It works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits. You can then use a policy configuration file or commandline options to construct the root filesystem and process environment and command to run in the namespace.
More information can be found in homepage.
Structs
Create and run a new COMMAND which will be executed in a container.
Executor execution result.
Sandbox policy configuration.
Describes what to do with a standard I/O stream for Executor.
Enums
Result status code.