Struct jail::helpers::SandboxConfig

source ·
pub struct SandboxConfig<'a> {
    pub limit_caps: bool,
    log_failures: bool,
    seccomp_policy_dir: Option<&'a Path>,
    seccomp_policy_name: &'a str,
    pub ugid_map: Option<(&'a str, &'a str)>,
    pub remount_mode: Option<c_ulong>,
    pub namespace_net: bool,
    pub bind_mounts: bool,
    pub run_as: RunAsUser,
}
Expand description

Config for the sandbox to be created by [Minijail].

Fields§

§limit_caps: bool

Whether or not to drop all capabilities in the sandbox.

§log_failures: bool§seccomp_policy_dir: Option<&'a Path>§seccomp_policy_name: &'a str§ugid_map: Option<(&'a str, &'a str)>

The pair of uid_map and gid_map.

§remount_mode: Option<c_ulong>

The remount mode instead of default MS_PRIVATE.

§namespace_net: bool

Whether to use empty net namespace. Enabled by default.

§bind_mounts: bool

Whether or not to configure the jail to support bind-mounts.

Note that most device processes deny open(2) and openat(2) by seccomp policy and just returns ENOENT. Passing opened file descriptors is recommended over opening files in the sandbox.

§run_as: RunAsUser

Specify the user in the jail to run as.

Implementations§

source§

impl<'a> SandboxConfig<'a>

source

pub fn new(jail_config: &'a JailConfig, policy: &'a str) -> Self

Creates SandboxConfig.

Auto Trait Implementations§

§

impl<'a> RefUnwindSafe for SandboxConfig<'a>

§

impl<'a> Send for SandboxConfig<'a>

§

impl<'a> Sync for SandboxConfig<'a>

§

impl<'a> Unpin for SandboxConfig<'a>

§

impl<'a> UnwindSafe for SandboxConfig<'a>

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.