Crate leucite

Expand description

A library for sandboxing and limiting command execution through Linux landlock and prlimit.

§Example


// Execute `bash -i` in the `/tmp/foo` directory using the provided rules
Command::new("bash")
    .arg("-i")
    .current_dir("/tmp/foo")
    .env_clear()
    .restrict(
        Rules::new()
            .add_read_only("/usr")
            .add_read_only("/etc")
            .add_read_only("/dev")
            .add_read_only("/bin")
            .add_read_write("/tmp/foo")
            .into()
    )
    .max_memory(MemorySize::from_mb(100))
    .spawn()?
    .wait()?;

Structs§

MemorySize: Representation of some amount of digital space
Rules: Struct which holds the rules for restrictions. For more information, see Ruleset.

Enums§

Error

Traits§

CommandExt: Extension for Command or [tokio::process::Command] that restricts a command once it is spawned to be limited in its environment

Crate leuciteCopy item path

§Example

Structs§

Enums§

Traits§

Crate leucite