pub struct SandboxConfig<'a> {
pub limit_caps: bool,
log_failures: bool,
seccomp_policy_dir: Option<&'a Path>,
seccomp_policy_name: &'a str,
pub ugid_map: Option<(&'a str, &'a str)>,
pub remount_mode: Option<c_ulong>,
pub namespace_net: bool,
pub bind_mounts: bool,
pub run_as: RunAsUser,
}Expand description
Config for the sandbox to be created by [Minijail].
Fields§
§limit_caps: boolWhether or not to drop all capabilities in the sandbox.
log_failures: bool§seccomp_policy_dir: Option<&'a Path>§seccomp_policy_name: &'a str§ugid_map: Option<(&'a str, &'a str)>The pair of uid_map and gid_map.
remount_mode: Option<c_ulong>The remount mode instead of default MS_PRIVATE.
namespace_net: boolWhether to use empty net namespace. Enabled by default.
bind_mounts: boolWhether or not to configure the jail to support bind-mounts.
Note that most device processes deny open(2) and openat(2) by seccomp policy and just
returns ENOENT. Passing opened file descriptors is recommended over opening files in the
sandbox.
run_as: RunAsUserSpecify the user in the jail to run as.
Implementations§
Source§impl<'a> SandboxConfig<'a>
impl<'a> SandboxConfig<'a>
Sourcepub fn new(jail_config: &'a JailConfig, policy: &'a str) -> Self
pub fn new(jail_config: &'a JailConfig, policy: &'a str) -> Self
Creates SandboxConfig.
Auto Trait Implementations§
impl<'a> Freeze for SandboxConfig<'a>
impl<'a> RefUnwindSafe for SandboxConfig<'a>
impl<'a> Send for SandboxConfig<'a>
impl<'a> Sync for SandboxConfig<'a>
impl<'a> Unpin for SandboxConfig<'a>
impl<'a> UnwindSafe for SandboxConfig<'a>
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more