Skip to main content

Module process

sandbox_rs::execution

Module process 

Source
Expand description

Process execution within sandbox namespace

Key changes from the original implementation:

  • Stack size: 128KB (was 8KB)
  • Memory leak fix: clone config into closure instead of Box::into_raw
  • Seccomp: NO root check (seccomp only needs PR_SET_NO_NEW_PRIVS)
  • User namespace: sync pipe for UID/GID mapping from parent
  • Resource limits: applies RlimitConfig in child before execve

Structsยง

ProcessConfig
Process execution configuration
ProcessExecutor
Process executor
ProcessResult
Result of process execution