Sandbox

advanced

Secure code execution with Landlock, seccomp, and namespaces

Landlock, seccomp ve namespace ile guvenli kod calistirma

Estimated Time

⏱️ 2-3 months

Essential Crates

📦 4

Required Crates

⭐ Essential

landlock

Linux Landlock LSM

crates.io →

landlock = "0.4"

seccompiler

Syscall filtering

Syscall filtreleme

crates.io →

seccompiler = "0.4"

nix

Namespaces

Namespace islemleri

crates.io →

nix = { version = "0.27", features = ["sched"] }

rlimit

Resource limits

Kaynak limitleri

crates.io →

rlimit = "0.10"

Starter Template

Copy this Cargo.toml to get started:

[package]
name = "my-sandbox"
version = "0.1.0"
edition = "2021"

[dependencies]
landlock = "0.4"
seccompiler = "0.4"
nix = { version = "0.27", features = ["sched"] }
rlimit = "0.10"
thiserror = "1"
tracing = "0.1"

Related Patterns

Learn these patterns to build this project effectively:

🔗 safe-abstractions 🔗 builder-typestate

Other System & Container Projects

Container Runtime

advanced

Docker/Podman alternative - OCI-compliant container runtime

Init System

advanced

systemd alternative - Service manager with dependency resolution

Process Manager

intermediate

supervisord alternative - Async process supervision

Virtual Machine Monitor

expert

Hypervisor using KVM - Run virtual machines

Sandbox

Tags

Required Crates

⭐ Essential

Starter Template

Related Patterns

Other System & Container Projects