Crate rappct

Crate rappct 

Source
Expand description

rappct — Rust AppContainer / LPAC toolkit (Windows)

Windows implementations for AppContainer profiles, capabilities, secure process launch (AC/LPAC), token introspection, ACLs, optional network isolation helpers, and diagnostics.

Quick example: launch with pipes and job limits

use rappct::{
    AppContainerProfile, KnownCapability, SecurityCapabilitiesBuilder,
    launch::LaunchOptions, launch::StdioConfig, launch::JobLimits,
    launch_in_container,
};
let profile = AppContainerProfile::ensure("rappct.sample", "rappct", Some("demo"))?;
let caps = SecurityCapabilitiesBuilder::new(&profile.sid)
    .with_known(&[KnownCapability::InternetClient])
    .build()?;
let opts = LaunchOptions {
    exe: "C:/Windows/System32/cmd.exe".into(),
    cmdline: Some(" /C echo hello".into()),
    stdio: StdioConfig::Pipe,
    join_job: Some(JobLimits { memory_bytes: Some(32 * 1024 * 1024), cpu_rate_percent: None, kill_on_job_close: true }),
    ..Default::default()
};
let child = launch_in_container(&caps, &opts)?;

Testing note: in CI or local tests you can force LPAC support detection via the RAPPCT_TEST_LPAC_STATUS environment variable (ok or unsupported).

Refer to CONTRIBUTING.md for engineering conventions and contribution guidance.

Re-exports§

pub use capability::KnownCapability;
pub use capability::SecurityCapabilities;
pub use capability::SecurityCapabilitiesBuilder;
pub use launch::launch_in_container;
pub use launch::JobLimits;
pub use launch::LaunchOptions;
pub use launch::Launched;
pub use launch::StdioConfig;
pub use profile::derive_sid_from_name;
pub use profile::AppContainerProfile;
pub use sid::AppContainerSid;

Modules§

acl
ACL helpers for files/directories and registry keys (DACL grant).
capability
Capability mapping and builders.
launch
Process launch in AppContainer / LPAC with STARTUPINFOEX and security capabilities.
profile
AppContainer profile management (skeleton).
sid
AppContainer SID wrappers (skeleton). In v0.2 this will own PSIDs properly.
token
Token introspection (skeleton).
util
Shared utility helpers for platform interop.

Enums§

AcError

Functions§

supports_lpac
Returns Ok(()) if LPAC is supported on this OS (Windows 10 1703+).

Type Aliases§

Result