sandbox_rs/isolation/
mod.rs

1//! Isolation layer: Namespace + Seccomp filtering
2//!
3//! This module provides namespace isolation and syscall filtering
4//! for sandboxed processes.
5//!
6//! # Features
7//!
8//! - **Namespaces**: PID, IPC, NET, MOUNT, UTS, User
9//! - **Seccomp**: BPF-based syscall filtering with profiles
10//!
11//! # Examples
12//!
13//! ```ignore
14//! use sandbox_rs::isolation::{NamespaceConfig, SeccompProfile};
15//!
16//! let ns = NamespaceConfig::default();
17//! let profile = SeccompProfile::IoHeavy;
18//! ```
19
20pub mod namespace;
21pub mod seccomp;
22pub mod seccomp_bpf;
23pub use namespace::{NamespaceConfig, NamespaceType};
24pub use seccomp::{SeccompFilter, SeccompProfile};
25pub use seccomp_bpf::SeccompCompiler;
26
27#[cfg(test)]
28mod tests;
sandbox_rs/isolation/mod.rs

sandbox_rs/isolation/
mod.rs
