Expand description
Isolation layer: Namespace + Seccomp filtering
This module provides namespace isolation and syscall filtering for sandboxed processes.
§Features
- Namespaces: PID, IPC, NET, MOUNT, UTS, User
- Seccomp: BPF-based syscall filtering with profiles
§Examples
ⓘ
use sandbox_rs::isolation::{NamespaceConfig, SeccompProfile};
let ns = NamespaceConfig::default();
let profile = SeccompProfile::IoHeavy;Re-exports§
pub use namespace::NamespaceConfig;pub use namespace::NamespaceType;pub use seccomp::SeccompFilter;pub use seccomp::SeccompProfile;pub use seccomp_bpf::SeccompBpf;
Modules§
- namespace
- Namespace management for sandbox isolation
- seccomp
- Seccomp filter building and management
- seccomp_
bpf - Seccomp BPF filter compilation and loading using seccompiler