MCPcopy Index your code
hub / github.com/ErickJ3/sandbox-rs

github.com/ErickJ3/sandbox-rs @v0.2.1

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.2.1 ↗ · + Follow
448 symbols 845 edges 50 files 148 documented · 33% 1 cross-repo links updated 3mo agov0.2.1 · 2026-03-30★ 843 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

sandbox-rs

Lightweight process sandboxing for Linux

Tests codecov Crates.io Documentation Rust License

Things

  • Unprivileged mode — works without root via user namespaces, Landlock, and setrlimit
  • Privileged mode — full isolation with cgroups v2, chroot, and all namespace types
  • Auto-detection — automatically picks the best mode for the current environment
  • Seccomp BPF — six built-in syscall filtering profiles
  • Landlock — filesystem access control without root (Linux 5.13+)
  • Resource limits — memory, CPU, and PID constraints
  • Streaming output — real-time stdout/stderr capture

Requirements

  • Linux kernel 5.10+ (5.13+ for Landlock support)
  • Root is optional — unprivileged mode uses user namespaces + seccomp + Landlock + setrlimit

Quick Start

Library

[dependencies]
sandbox-rs = "0.1"
use sandbox_rs::{SandboxBuilder, SeccompProfile, PrivilegeMode};
use std::time::Duration;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut sandbox = SandboxBuilder::new("my-sandbox")
        .privilege_mode(PrivilegeMode::Unprivileged)
        .memory_limit_str("256M")?
        .cpu_limit_percent(50)
        .timeout(Duration::from_secs(30))
        .seccomp_profile(SeccompProfile::IoHeavy)
        .build()?;

    let result = sandbox.run("/bin/echo", &["hello world"])?;
    println!("exit={} mem={}B cpu={}μs", result.exit_code, result.memory_peak, result.cpu_time_us);
    Ok(())
}

Note: memory_peak and cpu_time_us require privileged mode (cgroups v2). In unprivileged mode these values are 0.

CLI

# Run a program in a sandbox (auto-detects privilege mode)
sandbox-ctl /bin/echo "hello world"

# Use a security profile with resource limits
sandbox-ctl --profile moderate --memory 512M --cpu 50 python script.py

# Check system capabilities
sandbox-ctl check

# List seccomp profiles
sandbox-ctl seccomp

Seccomp Profiles

Each profile includes all syscalls from profiles below it (cumulative).

Profile Syscalls
Essential Process bootstrap only (~40): execve, mmap, brk, read, write, exit, ...
Minimal Essential + signals, pipes, timers, process control (~110 total)
IoHeavy Minimal + file manipulation: mkdir, chmod, unlink, rename, fsync, ...
Compute IoHeavy + scheduling/NUMA: sched_setscheduler, mbind, membarrier, ...
Network Compute + sockets: socket, bind, listen, connect, sendto, ...
Unrestricted Network + privileged: ptrace, mount, bpf, setuid, ...

Security

  • Defense-in-depth: multiple isolation layers (namespaces, seccomp, Landlock, cgroups)
  • Combine with AppArmor or SELinux for production use
  • Kernel vulnerabilities can bypass sandbox boundaries — keep your kernel updated
  • Not a replacement for VM-level isolation for fully untrusted code

License

MIT — see LICENSE for details.

Core symbols most depended-on inside this repo

cpu_limit_percent
called by 20
crates/sandbox-rs/src/controller.rs
memory_limit_str
called by 16
crates/sandbox-rs/src/controller.rs
build
called by 15
crates/sandbox-rs/src/controller.rs
exists
called by 14
crates/sandbox-cgroup/src/cgroup.rs
timeout
called by 10
crates/sandbox-rs/src/controller.rs
seccomp_profile
called by 9
crates/sandbox-rs/src/controller.rs
run
called by 7
crates/sandbox-rs/src/controller.rs
root
called by 6
crates/sandbox-rs/src/controller.rs

Shape

Function 234
Method 169
Class 35
Enum 10

Languages

Rust100%

Modules by API surface

crates/sandbox-rs/src/controller.rs54 symbols
crates/sandbox-seccomp/src/profile.rs38 symbols
crates/sandbox-cgroup/src/cgroup.rs29 symbols
crates/sandbox-rs/src/execution/process.rs24 symbols
crates/sandbox-fs/src/volumes.rs22 symbols
crates/sandbox-namespace/src/config.rs21 symbols
crates/sandbox-rs/src/monitoring/monitor.rs20 symbols
crates/sandbox-fs/src/filesystem.rs19 symbols
crates/sandbox-rs/tests/integration_tests.rs18 symbols
crates/sandbox-core/src/util.rs18 symbols
crates/sandbox-rs/src/monitoring/ebpf.rs17 symbols
crates/sandbox-core/src/capabilities.rs15 symbols

Used by 1 indexed graphs manifest dependencies, hub-wide

For agents

$ claude mcp add sandbox-rs \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page