Expand description
Minimal helpers for code that runs in the child after clone3() and
before execve().
This crate is intentionally small and has no dependency on pnut. The
child path should consume precomputed data from the parent and restrict
itself to raw syscalls and simple borrowed views.
Structs§
- Bind
Mount - One bind-mount operation.
- Caps
Spec - Prepared Linux capability state.
- Child
Failure - Fixed-layout fatal child failure record.
- Child
Spec - One complete child-runtime invocation.
- EnvBinding
- One environment variable assignment.
- EnvSpec
- Environment policy applied in the child into caller-provided scratch space.
- EnvStorage
- Scratch buffers for building the final
envp. - Exec
Spec - Borrowed view of a fully prepared exec request.
- FdSpec
- Prepared file-descriptor policy.
- File
Mount - One file-content injection operation.
- Landlock
NetRule - One
LANDLOCK_RULE_NET_PORTrule. - Landlock
Path Rule - One
LANDLOCK_RULE_PATH_BENEATHrule. - Landlock
Ruleset Attr - Ruleset attributes passed to
landlock_create_ruleset. - Landlock
Spec - Prepared Landlock ruleset.
- Mount
Plan - Prepared filesystem mount plan for child-side execution.
- Mqueue
Mount - One mqueue mount operation.
- Proc
Mount - One procfs mount operation.
- Process
Spec - Process toggles applied during child setup.
- Rlimit
Entry - One
setrlimitcall. - Rlimit
Spec - Precomputed resource limits.
- Seccomp
Spec - Prepared seccomp filter installation request.
- Tmpfs
Mount - One tmpfs mount operation.
Enums§
- FdAction
- One precomputed fd action for the child runtime.
- HidePid
- Proc mount
hidepid=option. - Mount
Entry - One filesystem mount operation.
- Proc
Subset - Proc mount
subset=option. - Stage
- Child-runtime stage identifier.