Expand description
sandbox-rs: Process isolation library for Linux
A comprehensive Rust sandbox solution with Linux namespace isolation, Cgroup v2 resource limits, Seccomp BPF filtering, Landlock filesystem restrictions, and process monitoring.
§Privilege Modes
- Unprivileged (default): Uses user namespaces + seccomp + landlock + setrlimit. Works without root on modern kernels.
- Privileged: Uses all namespaces + cgroups + chroot + seccomp. Requires root.
- Auto: Detects the best available mode at runtime.
§Example
ⓘ
use sandbox_rs::SandboxBuilder;
use std::time::Duration;
let mut sandbox = SandboxBuilder::new("my-sandbox")
.memory_limit_str("256M")?
.cpu_limit_percent(50)
.timeout(Duration::from_secs(30))
.build()?;
let result = sandbox.run("/bin/echo", &["hello world"])?;
println!("Exit code: {}", result.exit_code);Re-exports§
pub use controller::Sandbox;pub use controller::SandboxBuilder;pub use controller::SandboxConfig;pub use controller::SandboxResult;pub use execution::ProcessConfig;pub use execution::ProcessResult;pub use execution::ProcessStream;pub use execution::StreamChunk;pub use monitoring::ProcessMonitor;pub use monitoring::ProcessState;pub use monitoring::ProcessStats;pub use sandbox_core as core;
Modules§
- controller
- Main sandbox controller with privilege mode support
- execution
- Execution layer: Process management and initialization
- monitoring
- Monitoring layer: Process and syscall monitoring
- util
- Utility functions for sandbox operations
- utils
- Alias for backwards compatibility
Structs§
- Cgroup
- Cgroup v2 interface
- Cgroup
Config - Cgroup v2 resource limits configuration
- Landlock
Config - Landlock filesystem access configuration
- Layer
Info - File layer information
- Namespace
Config - Configuration for namespace isolation
- Overlay
Config - Overlay filesystem configuration
- OverlayFS
- Overlay filesystem manager
- Rlimit
Config - Resource limits via setrlimit (unprivileged fallback)
- Seccomp
Bpf - Seccomp BPF filter compiler and loader
- Seccomp
Filter - Seccomp filter builder
- System
Capabilities - Detected system capabilities for sandboxing
- Volume
Manager - Volume manager
- Volume
Mount - Volume mount configuration
Enums§
- Namespace
Type - Namespace types that can be isolated
- Privilege
Mode - Determines how the sandbox operates with respect to privileges
- Sandbox
Error - Errors that can occur during sandbox operations
- Seccomp
Profile - Seccomp filter profile.
- Volume
Type - Volume mount type
Type Aliases§
- Result
- Result type for sandbox operations