Expand description
§Wardstone
Sandboxing system for secure tool execution - magical containment.
Provides platform-specific sandboxing:
- macOS: Seatbelt (sandbox-exec) with .sbpl policies
- Linux: Landlock + seccomp
- Windows: Windows Sandbox (future)
§Usage
ⓘ
use wardstone::{Sandbox, SandboxPolicy};
let policy = SandboxPolicy::new()
.allow_read("/usr")
.allow_write("./")
.deny_network();
let sandbox = Sandbox::new(policy)?;
let wrapped_cmd = sandbox.wrap_command(cmd);Re-exports§
pub use policy::SandboxPolicy;pub use policy::NetworkPolicy;pub use policy::PathPermission;pub use error::SandboxError;
Modules§
- error
- Sandbox error types
- landlock
- Linux Landlock sandbox implementation
- policy
- Sandbox policy definitions
Traits§
- Sandbox
- Platform-specific sandbox implementation
Functions§
- create_
sandbox - Create the appropriate sandbox for the current platform
- is_
sandbox_ available - Check if sandboxing is available on this platform