Re-exports§
pub use error::SandlockError;pub use sandbox::Confinement;pub use sandbox::ConfinementBuilder;pub use sandbox::Sandbox;pub use sandbox::SandboxBuilder;pub use result::RunResult;pub use result::ExitStatus;pub use pipeline::Stage;pub use pipeline::Pipeline;pub use pipeline::Gather;pub use dry_run::Change;pub use dry_run::ChangeKind;pub use dry_run::DryRunResult;pub use crate::profile::ProfileInput;pub use crate::profile::ProgramSpec;pub use seccomp::dispatch::Handler;pub use seccomp::dispatch::HandlerCtx;pub use seccomp::dispatch::HandlerError;pub use seccomp::syscall::Syscall;pub use seccomp::syscall::SyscallError;
Modules§
- context
- dry_run
- error
- fork
- COW fork — create lightweight clones of a sandboxed process.
- http
- image
- Extract local Docker/OCI images into rootfs directories for sandboxing.
- landlock
- netlink
- NETLINK_ROUTE virtualization for sandboxed processes.
- pipeline
- Sandbox pipeline — chain multiple sandboxed stages connected by pipes.
- policy_
fn - Dynamic policy — live policy modification via syscall event callbacks.
- profile
- result
- sandbox
- seccomp
Structs§
- Checkpoint
- A frozen snapshot of sandbox state.
- Seccomp
Data - Seccomp BPF data passed to filters (64 bytes)
- Seccomp
Notif - Seccomp user notification (80 bytes)
Constants§
- MIN_
LANDLOCK_ ABI - Minimum Landlock ABI version required by sandlock.
Functions§
- confine
- Confine the calling process with Landlock restrictions.
- landlock_
abi_ version - Query the Landlock ABI version supported by the running kernel.