Skip to main content

Module sandbox

sparrow

Module sandbox 

Source

Modules§

backends

Structs§

Command
ExecResult
FsNetPolicy
HardenedSandbox
Limits
LocalSandbox

Traits§

Sandbox
Isolates exec/Mutating actions. Backends are selectable per run.

Functions§

default_denied_paths
The default set of paths that no sandbox is allowed to touch — matched as path components, so any segment named .git, .env, .ssh, etc. trips the guard. Kept in sync with PermissionConfig’s default denied paths.
path_is_denied
True if path (after canonicalization fall-back) is inside or equal to any denied path under root, matched by path components rather than substring.