sandbox

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RunSandboxedChild 

func RunSandboxedChild(args []string) error

RunSandboxedChild applies the profile from DSC_SANDBOX_PROFILE_JSON and replaces this process with the command after "--".

Types

type Profile 

type Profile struct {
	AllowReadPaths  []string
	AllowWritePaths []string
	AllowNetwork    bool
	AllowExecPaths  []string
}

Profile describes the filesystem and network access a sandboxed command should receive. AllowExecPaths is used by Landlock; other implementations may ignore it.

type Sandbox 

type Sandbox interface {
	Name() string
	Available() bool
	Wrap(ctx context.Context, profile Profile, cmd *exec.Cmd) error
	WasDenied(stderr string) bool
}

Sandbox wraps commands with an OS-native sandbox implementation.

func Detect 

func Detect() Sandbox

Detect returns the default sandbox for the current OS.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.