SandboxPolicy

ringkernel_core::security

Struct SandboxPolicy

pub struct SandboxPolicy {
    pub limits: ResourceLimits,
    pub allowed_k2k_destinations: HashSet<String>,
    pub denied_k2k_destinations: HashSet<String>,
    pub memory_access: HashMap<String, AccessLevel>,
    pub can_checkpoint: bool,
    pub can_migrate: bool,
    pub can_spawn: bool,
    pub can_access_host: bool,
    pub allowed_syscalls: HashSet<String>,
}

Expand description

Sandbox policy defining what a kernel can access.

Fields§

§limits: ResourceLimits

Resource limits

§allowed_k2k_destinations: HashSet<String>

Allowed K2K destinations (empty = all allowed)

§denied_k2k_destinations: HashSet<String>

Denied K2K destinations

§memory_access: HashMap<String, AccessLevel>

Memory region access levels

§can_checkpoint: bool

Whether the kernel can create checkpoints

§can_migrate: bool

Whether the kernel can be migrated

§can_spawn: bool

Whether the kernel can spawn child kernels

§can_access_host: bool

Whether the kernel can access host memory

§allowed_syscalls: HashSet<String>

Allowed system calls (for future use)

Implementations§

impl SandboxPolicy

pub fn new() -> Self

Create a new sandbox policy.

pub fn with_limits(self, limits: ResourceLimits) -> Self

Set resource limits.

pub fn with_memory_limit(self, bytes: u64) -> Self

Set memory limit.

pub fn with_execution_timeout(self, timeout: Duration) -> Self

Set execution timeout.

pub fn allow_k2k_to(self, destinations: &[&str]) -> Self

Allow K2K to specific destinations.

pub fn deny_k2k_to(self, destinations: &[&str]) -> Self

Deny K2K to specific destinations.

pub fn with_memory_access(self, region: &str, access: AccessLevel) -> Self

Set memory region access level.

pub fn with_checkpoint(self, enabled: bool) -> Self

Enable/disable checkpointing.

pub fn with_migration(self, enabled: bool) -> Self

Enable/disable migration.

pub fn with_spawn(self, enabled: bool) -> Self

Enable/disable spawning.

pub fn with_host_access(self, enabled: bool) -> Self

Enable/disable host memory access.

pub fn restrictive() -> Self

Create a restrictive policy for untrusted kernels.

pub fn permissive() -> Self

Create a permissive policy for trusted kernels.

pub fn is_k2k_allowed(&self, destination: &str) -> bool

Check if K2K to destination is allowed.

Trait Implementations§

impl Clone for SandboxPolicy

fn clone(&self) -> SandboxPolicy

Returns a duplicate of the value. Read more

1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for SandboxPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl Default for SandboxPolicy

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

impl Freeze for SandboxPolicy

impl RefUnwindSafe for SandboxPolicy

impl Send for SandboxPolicy

impl Sync for SandboxPolicy

impl Unpin for SandboxPolicy

impl UnwindSafe for SandboxPolicy

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> ArchivePointee for T

type ArchivedMetadata = ()

The archived version of the pointer metadata for this type.

fn pointer_metadata( _: &<T as ArchivePointee>::ArchivedMetadata, ) -> <T as Pointee>::Metadata

Converts some archived metadata to the pointer metadata for itself.

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<F, W, T, D> Deserialize<With<T, W>, D> for F
where W: DeserializeWith<F, T, D>, D: Fallible + ?Sized, F: ?Sized,

fn deserialize( &self, deserializer: &mut D, ) -> Result<With<T, W>, <D as Fallible>::Error>

Deserializes using the given deserializer

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> LayoutRaw for T

fn layout_raw(_: <T as Pointee>::Metadata) -> Result<Layout, LayoutError>

Gets the layout of the type.

impl<T> Pointee for T

type Metadata = ()

The type for metadata in pointers and references to Self.

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more