Module namespace

Sandboxing on Linux via namespaces.

Structs

ChrootJail 🔒

A chroot jail with a restricted view of the filesystem inside it.

__user_cap_data_struct 🔒

__user_cap_header_struct 🔒

Constants

_LINUX_CAPABILITY_U32S_3 🔒

_LINUX_CAPABILITY_VERSION_3 🔒

Functions

activate

Creates a namespace and sets up a chroot jail.

capset 🔒 ^⚠

drop_capabilities 🔒

Removes fake-superuser capabilities. This removes our ability to mess with the filesystem view we’ve set up.

prepare_user_and_pid_namespaces 🔒 ^⚠

Sets up the user and PID namespaces.

start

Spawns a child process in a new namespace.

Type Aliases

cap_user_header_t 🔒

const_cap_user_data_t 🔒