Lib.rs

#sandbox #abstraction #utilities #landlock #rules #dev #bin

leucite

A wrapper crate around rust-landlock that provides useful abstractions and utilities

Owned by funnyboy-roks, basalt-rs.

1 unstable release

new 0.1.0 Dec 18, 2024

#15 in #bin

Download history 97/week @ 2024-12-13

97 downloads per month

Apache-2.0

12KB
138 lines

Leucite

A wrapper crate around rust-landlock that provides useful abstractions and utilities

Example

let rules = Rules::new()
    .add_read_only("/usr")
    .add_read_only("/etc")
    .add_read_only("/dev")
    .add_read_only("/bin")
    .add_read_write("/tmp/foo");

let mut child = Command::new("bash")
    .arg("-i")
    .current_dir("/tmp/foo")
    .env_clear()
    .spawn_restricted(rules)?;

child.wait()?;

lib.rs:

Leucite

A wrapper crate around rust-landlock that provides useful abstractions and utilities

Example

let rules = Rules::new()
    .add_read_only("/usr")
    .add_read_only("/etc")
    .add_read_only("/dev")
    .add_read_only("/bin")
    .add_read_write("/tmp/foo");

// Execute `bash -i` in the `/tmp/foo` directory using the provided rules
Command::new("bash")
    .arg("-i")
    .current_dir("/tmp/foo")
    .env_clear()
    .spawn_restricted(rules)?
    .wait()?;

Dependencies

~0.5–9MB
~83K SLoC