Skip to main content

SandboxBackend

harn_hostlib::sandbox

Trait SandboxBackend 

Source 
pub trait SandboxBackend: Send + Sync {
    // Required methods
    fn name(&self) -> &'static str;
    fn capabilities(&self) -> SandboxCapabilities;
    fn provision<'life0, 'async_trait>(
        &'life0 self,
        spec: SandboxSpec,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait;
    fn attach_filesystem<'life0, 'life1, 'async_trait>(
        &'life0 self,
        session_id: &'life1 SandboxSessionId,
        mount: FilesystemMount,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn apply_network_policy<'life0, 'life1, 'async_trait>(
        &'life0 self,
        session_id: &'life1 SandboxSessionId,
        policy: NetworkPolicy,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn exec<'life0, 'life1, 'async_trait>(
        &'life0 self,
        session_id: &'life1 SandboxSessionId,
        request: ExecRequest,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<ExecResult>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn snapshot<'life0, 'life1, 'async_trait>(
        &'life0 self,
        session_id: &'life1 SandboxSessionId,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSnapshot>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn resume<'life0, 'life1, 'async_trait>(
        &'life0 self,
        session_id: &'life1 SandboxSessionId,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn terminate<'life0, 'life1, 'async_trait>(
        &'life0 self,
        session_id: &'life1 SandboxSessionId,
    ) -> Pin<Box<dyn Future<Output = SandboxResult<()>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
}
Expand description

Pluggable enforcement backend. Implementations make a SandboxSpec (the runtime lowering of a permission policy) real and run commands under it.

Required Methods§

Source

fn name(&self) -> &'static str

Stable backend name (used in SandboxSession::backend).

Source

fn capabilities(&self) -> SandboxCapabilities

What this backend can enforce.

Source

fn provision<'life0, 'async_trait>( &'life0 self, spec: SandboxSpec, ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

Provision a session from a spec.

Source

fn attach_filesystem<'life0, 'life1, 'async_trait>( &'life0 self, session_id: &'life1 SandboxSessionId, mount: FilesystemMount, ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Attach an additional mount to a live session.

Source

fn apply_network_policy<'life0, 'life1, 'async_trait>( &'life0 self, session_id: &'life1 SandboxSessionId, policy: NetworkPolicy, ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Apply (or update) the egress policy on a live session.

Source

fn exec<'life0, 'life1, 'async_trait>( &'life0 self, session_id: &'life1 SandboxSessionId, request: ExecRequest, ) -> Pin<Box<dyn Future<Output = SandboxResult<ExecResult>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Run a command inside a session.

Source

fn snapshot<'life0, 'life1, 'async_trait>( &'life0 self, session_id: &'life1 SandboxSessionId, ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSnapshot>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Snapshot a session.

Source

fn resume<'life0, 'life1, 'async_trait>( &'life0 self, session_id: &'life1 SandboxSessionId, ) -> Pin<Box<dyn Future<Output = SandboxResult<SandboxSession>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Resume a suspended session.

Source

fn terminate<'life0, 'life1, 'async_trait>( &'life0 self, session_id: &'life1 SandboxSessionId, ) -> Pin<Box<dyn Future<Output = SandboxResult<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Tear a session down.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§