pub struct PolicyBuilder { /* private fields */ }Expand description
Fluent builder for Policy.
Implementations§
Source§impl PolicyBuilder
impl PolicyBuilder
pub fn fs_write(self, path: impl Into<PathBuf>) -> Self
pub fn fs_read(self, path: impl Into<PathBuf>) -> Self
pub fn fs_read_if_exists(self, path: impl Into<PathBuf>) -> Self
pub fn fs_deny(self, path: impl Into<PathBuf>) -> Self
pub fn deny_syscalls(self, calls: Vec<String>) -> Self
pub fn allow_syscalls(self, calls: Vec<String>) -> Self
Sourcepub fn net_allow_host(self, host: impl Into<String>) -> Self
pub fn net_allow_host(self, host: impl Into<String>) -> Self
Add a host to the domain allowlist. Implicitly enables host
restriction (switches net_allow_hosts from None to Some).
Sourcepub fn net_restrict_hosts(self) -> Self
pub fn net_restrict_hosts(self) -> Self
Enable host restriction without adding any hosts. The resulting
sandbox has an empty /etc/hosts and no resolvable domains —
equivalent to “deny all hosts”.
pub fn net_bind_port(self, port: u16) -> Self
pub fn net_connect_port(self, port: u16) -> Self
pub fn no_raw_sockets(self, v: bool) -> Self
pub fn no_udp(self, v: bool) -> Self
pub fn http_allow(self, rule: &str) -> Self
pub fn http_deny(self, rule: &str) -> Self
pub fn http_port(self, port: u16) -> Self
pub fn https_ca(self, path: impl Into<PathBuf>) -> Self
pub fn https_key(self, path: impl Into<PathBuf>) -> Self
pub fn max_memory(self, size: ByteSize) -> Self
pub fn max_processes(self, n: u32) -> Self
pub fn max_open_files(self, n: u32) -> Self
pub fn max_cpu(self, pct: u8) -> Self
pub fn random_seed(self, seed: u64) -> Self
pub fn time_start(self, t: SystemTime) -> Self
pub fn no_randomize_memory(self, v: bool) -> Self
pub fn no_huge_pages(self, v: bool) -> Self
pub fn no_coredump(self, v: bool) -> Self
pub fn deterministic_dirs(self, v: bool) -> Self
pub fn hostname(self, name: impl Into<String>) -> Self
pub fn fs_isolation(self, iso: FsIsolation) -> Self
pub fn workdir(self, path: impl Into<PathBuf>) -> Self
pub fn cwd(self, path: impl Into<PathBuf>) -> Self
pub fn fs_storage(self, path: impl Into<PathBuf>) -> Self
pub fn max_disk(self, size: ByteSize) -> Self
pub fn on_exit(self, action: BranchAction) -> Self
pub fn on_error(self, action: BranchAction) -> Self
pub fn chroot(self, path: impl Into<PathBuf>) -> Self
pub fn fs_mount( self, virtual_path: impl Into<PathBuf>, host_path: impl Into<PathBuf>, ) -> Self
pub fn clean_env(self, v: bool) -> Self
pub fn env_var(self, key: impl Into<String>, value: impl Into<String>) -> Self
pub fn gpu_devices(self, devices: Vec<u32>) -> Self
pub fn cpu_cores(self, cores: Vec<u32>) -> Self
pub fn num_cpus(self, n: u32) -> Self
pub fn port_remap(self, v: bool) -> Self
pub fn policy_fn( self, f: impl Fn(SyscallEvent, &mut PolicyContext) -> Verdict + Send + Sync + 'static, ) -> Self
pub fn uid(self, id: u32) -> Self
pub fn build(self) -> Result<Policy, PolicyError>
Trait Implementations§
Source§impl Default for PolicyBuilder
impl Default for PolicyBuilder
Source§fn default() -> PolicyBuilder
fn default() -> PolicyBuilder
Returns the “default value” for a type. Read more
Auto Trait Implementations§
impl Freeze for PolicyBuilder
impl !RefUnwindSafe for PolicyBuilder
impl Send for PolicyBuilder
impl Sync for PolicyBuilder
impl Unpin for PolicyBuilder
impl UnsafeUnpin for PolicyBuilder
impl !UnwindSafe for PolicyBuilder
Blanket Implementations§
Source§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
Source§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more