Skip to main content

mimobox_os/
lib.rs

1#![cfg_attr(docsrs, feature(doc_cfg))]
2#![warn(missing_docs)]
3//! OS-level sandbox backends for mimobox.
4//!
5//! This crate provides process-level sandbox implementations that conform to the
6//! `mimobox-core` [`Sandbox`](mimobox_core::Sandbox) trait. It is responsible for
7//! turning a [`SandboxConfig`](mimobox_core::SandboxConfig) into platform-native
8//! isolation mechanisms while preserving the shared SDK result and error model.
9//!
10//! The Linux backend (`LinuxSandbox`) uses the following kernel mechanisms:
11//! - **Landlock** for filesystem access control.
12//! - **Seccomp-bpf** for allowlist-based system call filtering.
13//! - **Namespaces** for PID, network, mount, and IPC isolation.
14//! - **setrlimit** for memory limits.
15//!
16//! The macOS backend (`MacOsSandbox`) uses Seatbelt through `sandbox-exec`
17//! where available. The crate also exposes [`SandboxPool`] for low-latency reuse
18//! of pre-warmed OS sandboxes on supported platforms.
19//!
20//! # Platform Support
21//!
22//! | Platform | Status |
23//! |------|------|
24//! | Linux | Complete implementation |
25//! | macOS | Complete implementation (Seatbelt / sandbox-exec) |
26//! | Windows | Planned (AppContainer) |
27//!
28//! # Safety Model
29//!
30//! Platform backends apply sandbox policy in child processes before command
31//! execution. Linux applies seccomp as the final step before `exec`, after
32//! resource limits, filesystem restrictions, and namespace setup are in place.
33
34#[cfg(target_os = "linux")]
35mod linux;
36
37#[cfg(target_os = "linux")]
38mod seccomp;
39
40#[cfg(any(target_os = "linux", target_os = "macos"))]
41mod pool;
42
43#[cfg(target_os = "macos")]
44mod macos;
45
46#[cfg(any(target_os = "linux", target_os = "macos"))]
47mod pty;
48
49/// Linux OS-level sandbox backend using Landlock, seccomp-bpf, namespaces, and resource limits.
50#[cfg(target_os = "linux")]
51pub use linux::LinuxSandbox;
52
53/// Warm pool types for reusing pre-initialized OS sandboxes.
54#[cfg(any(target_os = "linux", target_os = "macos"))]
55pub use pool::{PoolConfig, PoolError, PoolStats, PooledSandbox, SandboxPool, run_pool_benchmark};
56
57/// Applies a Linux seccomp-bpf system call filter for the selected profile.
58#[cfg(target_os = "linux")]
59pub use seccomp::apply_seccomp;
60
61/// macOS OS-level sandbox backend using Seatbelt through `sandbox-exec`.
62#[cfg(target_os = "macos")]
63pub use macos::MacOsSandbox;