sandbox

package

v0.0.3 Latest Latest Go to latest Published: Oct 24, 2024 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/projectdiscovery/gozero

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func Activate(ctx context.Context) (bool, error)
func Deactivate(ctx context.Context) (bool, error)
func IsEnabled(ctx context.Context) (bool, error)
func IsInstalled(ctx context.Context) (bool, error)
type Arg
type ArgsType
type Configuration
type Filter
type Rule
type Sandbox
- func New(ctx context.Context, config *Configuration) (Sandbox, error)
type SandboxLinux

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNotImplemented = errors.New("not implemented")
	ErrAgentRequired  = errors.New("requires agent installed on the sandbox")
)

Functions ¶

func Activate ¶

func Activate(ctx context.Context) (bool, error)

func Deactivate ¶

func Deactivate(ctx context.Context) (bool, error)

func IsEnabled ¶

func IsEnabled(ctx context.Context) (bool, error)

func IsInstalled ¶

func IsInstalled(ctx context.Context) (bool, error)

Types ¶

type Arg ¶

type Arg struct {
	Type   ArgsType
	Params interface{}
}

type ArgsType ¶

type ArgsType uint8

const (
	Bool ArgsType = iota
	Folders
	Capabilities
	Namespaces
	SystemCalls
)

type Configuration ¶

type Configuration struct {
	Rules []Rule
}

type Filter ¶

type Filter string

const (
	PrivateTmp              Filter = "PrivateTmp"
	PrivateNetwork          Filter = "PrivateNetwork"
	SELinuxContext          Filter = "SELinuxContext"
	NoNewPrivileges         Filter = "NoNewPrivileges"
	ProtectSystem           Filter = "ProtectSystem"
	ProtectHome             Filter = "ProtectHome"
	ProtectDevices          Filter = "ProtectDevices"
	CapabilityBoundingSet   Filter = "CapabilityBoundingSet"
	ReadWriteDirectories    Filter = "ReadWriteDirectories"
	ReadOnlyDirectories     Filter = "ReadOnlyDirectories"
	InaccessibleDirectories Filter = "InaccessibleDirectories"
	ProtectKernelTunables   Filter = "InaccessibleDirectories"
	ProtectKernelModules    Filter = "ProtectKernelModules"
	ProtectControlGroups    Filter = "ProtectControlGroups"
	RestrictNamespaces      Filter = "RestrictNamespaces"
	MemoryDenyWriteExecute  Filter = "MemoryDenyWriteExecute"
	RestrictRealtime        Filter = "RestrictRealtime"
	PrivateMounts           Filter = "PrivateMounts"
	DynamicUser             Filter = "DynamicUser"
	SystemCallFilter        Filter = "SystemCallFilter"
)

type Rule ¶

type Rule struct {
	Filter Filter
	Arg    Arg
}

type Sandbox ¶

type Sandbox interface {
	Run(ctx context.Context, cmd string) (*types.Result, error)
	Start() error
	Wait() error
	Stop() error
	Clear() error
}

func New ¶

func New(ctx context.Context, config *Configuration) (Sandbox, error)

New sandbox with the given configuration

type SandboxLinux ¶

type SandboxLinux struct {
	Config *Configuration
	// contains filtered or unexported fields
}

Sandbox native on linux

func (*SandboxLinux) Clear ¶

func (s *SandboxLinux) Clear() error

Clear the instance after stop

func (*SandboxLinux) Run ¶

func (s *SandboxLinux) Run(ctx context.Context, cmd string) (*types.Result, error)

func (*SandboxLinux) Start ¶

func (s *SandboxLinux) Start() error

Start the instance

func (*SandboxLinux) Stop ¶

func (s *SandboxLinux) Stop() error

Stop the instance

func (*SandboxLinux) Wait ¶

func (s *SandboxLinux) Wait() error

Wait for the instance

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL