Module gaol::platform::linux::namespace

Sandboxing on Linux via namespaces.

Structs

• ChrootJail 🔒
  A chroot jail with a restricted view of the filesystem inside it.
• __user_cap_data_struct 🔒
• __user_cap_header_struct 🔒

Constants

• _LINUX_CAPABILITY_U32S_3 🔒
• _LINUX_CAPABILITY_VERSION_3 🔒

Functions

• activate
  Creates a namespace and sets up a chroot jail.
• capset 🔒 ^⚠
• drop_capabilities 🔒
  Removes fake-superuser capabilities. This removes our ability to mess with the filesystem view we’ve set up.
• prepare_user_and_pid_namespaces 🔒 ^⚠
  Sets up the user and PID namespaces.
• start
  Spawns a child process in a new namespace.

Type Aliases

• cap_user_header_t 🔒
• const_cap_user_data_t 🔒