cgroup_limits/
cgroup_limits.rs

1//! Cgroup resource limits example
2
3use sandbox_rs::SandboxBuilder;
4use std::time::Duration;
5
6fn main() -> Result<(), Box<dyn std::error::Error>> {
7    println!("=== Sandbox RS - Cgroup Resource Limits ===\n");
8
9    // Example 1: Memory limited sandbox
10    println!("[1] Example: Memory-limited sandbox (100MB)");
11    let sandbox1 = SandboxBuilder::new("mem-limited")
12        .memory_limit_str("100M")?
13        .cpu_limit_percent(100)
14        .build()?;
15    println!("[*] Created: {}", sandbox1.id());
16    println!("[*] Root: {}\n", sandbox1.root().display());
17
18    // Example 2: CPU limited sandbox
19    println!("[2] Example: CPU-limited sandbox (25% of one core)");
20    let sandbox2 = SandboxBuilder::new("cpu-limited")
21        .cpu_limit_percent(25)
22        .memory_limit(512 * 1024 * 1024) // 512MB
23        .timeout(Duration::from_secs(10))
24        .build()?;
25    println!("[*] Created: {}", sandbox2.id());
26    println!("[*] Root: {}\n", sandbox2.root().display());
27
28    // Example 3: Tight limits for untrusted code
29    println!("[3] Example: Tight limits for untrusted code");
30    let sandbox3 = SandboxBuilder::new("untrusted")
31        .memory_limit_str("64M")?
32        .cpu_limit_percent(10)
33        .max_pids(8)
34        .timeout(Duration::from_secs(5))
35        .seccomp_profile(sandbox_rs::SeccompProfile::Minimal)
36        .build()?;
37    println!("[*] Created: {}", sandbox3.id());
38    println!("[*] Root: {}\n", sandbox3.root().display());
39
40    println!("[*] All sandboxes created successfully!");
41    println!("[*] Note: Actual resource enforcement requires root permissions");
42
43    Ok(())
44}