Documentation ¶
Overview ¶
Ever been to a playground? It's pretty easy to step in and out of a sandbox.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Entrypoint ¶
func Entrypoint()
Entrypoint must be run at the beginning of your executable. When the sandbox runs it re-runs the same binary with various arguments to indicate that we want the process to be run as a sandbox. If this function detects that it is needed it will run what it needs and then os.Exit the process, otherwise it will be a no-op.
Types ¶
type Sandbox ¶
type Sandbox struct { Stdin io.Reader Stdout io.Writer Stderr io.Writer Args []string // Dir specifies the working directory of the command. If Dir is the empty // string, Run runs the command in the calling process's current directory. Dir string // Env specifies the environment of the process. Each entry is of the form // "key=value". Env []string // Bind mounts or directories the process should have access too. These // should be absolute paths. If a mount is intended to be readonly add ":ro" // to the end of the path like `/tmp:ro` Mounts []string // Network will allow network access Network bool ReadOnlyPaths []string HiddenPaths []string }
Sandbox defines a command or function that you want to run in a sandbox
Click to show internal directories.
Click to hide internal directories.