Skip to main content

synwire_sandbox/
error.rs

1//! Sandbox error type.
2
3use thiserror::Error;
4
5/// Errors produced by sandbox operations.
6#[derive(Debug, Error)]
7#[non_exhaustive]
8pub enum SandboxError {
9    /// cgroup v2 is not available on this system (non-systemd or pre-unified
10    /// hierarchy kernel).
11    #[error("cgroup v2 not available: {0}")]
12    CgroupUnavailable(String),
13
14    /// A filesystem I/O error occurred while manipulating cgroupfs.
15    #[error("cgroup I/O error: {0}")]
16    CgroupIo(#[from] std::io::Error),
17
18    /// The discovered cgroup path is not writable by the current user.
19    #[error("cgroup path not writable: {path}")]
20    CgroupNotWritable {
21        /// The cgroup path that was found but could not be written to.
22        path: String,
23    },
24
25    /// Failed to parse `/proc/self/cgroup`.
26    #[error("failed to parse /proc/self/cgroup: {0}")]
27    CgroupParseFailed(String),
28
29    /// A process registry limit was exceeded.
30    #[error("process registry full: max_tracked={max_tracked}")]
31    RegistryFull {
32        /// The configured limit.
33        max_tracked: usize,
34    },
35
36    /// The requested PID was not found in the registry.
37    #[error("process not found: pid={pid}")]
38    ProcessNotFound {
39        /// The process ID that was not found.
40        pid: u32,
41    },
42
43    /// No OCI container runtime could be found on `$PATH`.
44    #[error("OCI runtime '{name}' not found on $PATH")]
45    RuntimeNotFound {
46        /// Name of the binary that was searched for.
47        name: String,
48    },
49
50    /// The container runtime exited with a non-zero status or failed to start.
51    #[error("container runtime failed: {reason}")]
52    RuntimeFailed {
53        /// Human-readable reason.
54        reason: String,
55    },
56
57    /// A signal could not be sent to the target process.
58    #[error("failed to send signal to pid={pid}: {reason}")]
59    SignalFailed {
60        /// Target process ID.
61        pid: u32,
62        /// OS error message.
63        reason: String,
64    },
65
66    /// An approval callback denied the operation.
67    #[error("operation denied by approval callback: {operation}")]
68    ApprovalDenied {
69        /// The operation that was denied.
70        operation: String,
71    },
72
73    /// Serialization or deserialization error when communicating with the
74    /// init binary.
75    #[error("sandbox protocol serialization error: {0}")]
76    SerdeError(#[from] serde_json::Error),
77
78    /// Generic platform error for unsupported operations.
79    #[error("operation not supported on this platform: {0}")]
80    Unsupported(String),
81}