cgroup_limits/
cgroup_limits.rs1use sandbox_rs::SandboxBuilder;
4use std::time::Duration;
5
6fn main() -> Result<(), Box<dyn std::error::Error>> {
7 println!("=== Sandbox RS - Cgroup Resource Limits ===\n");
8
9 println!("[1] Example: Memory-limited sandbox (100MB)");
11 let sandbox1 = SandboxBuilder::new("mem-limited")
12 .memory_limit_str("100M")?
13 .cpu_limit_percent(100)
14 .build()?;
15 println!("[*] Created: {}", sandbox1.id());
16 println!("[*] Root: {}\n", sandbox1.root().display());
17
18 println!("[2] Example: CPU-limited sandbox (25% of one core)");
20 let sandbox2 = SandboxBuilder::new("cpu-limited")
21 .cpu_limit_percent(25)
22 .memory_limit(512 * 1024 * 1024) .timeout(Duration::from_secs(10))
24 .build()?;
25 println!("[*] Created: {}", sandbox2.id());
26 println!("[*] Root: {}\n", sandbox2.root().display());
27
28 println!("[3] Example: Tight limits for untrusted code");
30 let sandbox3 = SandboxBuilder::new("untrusted")
31 .memory_limit_str("64M")?
32 .cpu_limit_percent(10)
33 .max_pids(8)
34 .timeout(Duration::from_secs(5))
35 .seccomp_profile(sandbox_rs::SeccompProfile::Minimal)
36 .build()?;
37 println!("[*] Created: {}", sandbox3.id());
38 println!("[*] Root: {}\n", sandbox3.root().display());
39
40 println!("[*] All sandboxes created successfully!");
41 println!("[*] Note: Actual resource enforcement requires root permissions");
42
43 Ok(())
44}