Documentation
¶
Overview ¶
Package sandbox provides Landlock LSM filesystem sandboxing for process isolation.
Index ¶
- func IsAvailable() bool
- type Sandbox
- func (s *Sandbox) AddReadOnly(paths ...string)
- func (s *Sandbox) AddReadWrite(paths ...string)
- func (s *Sandbox) Apply() error
- func (s *Sandbox) CanRead(path string) bool
- func (s *Sandbox) CanWrite(path string) bool
- func (s *Sandbox) HasRules() bool
- func (s *Sandbox) NumberOfRules() int
- func (s *Sandbox) String(omitReadOnly ...bool) string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsAvailable ¶
func IsAvailable() bool
IsAvailable reports whether the kernel supports Landlock.
Types ¶
type Sandbox ¶
type Sandbox struct {
ReadOnly types
ReadWrite types
// WorkDir is the effective working directory, used in String() for display.
WorkDir string
// contains filtered or unexported fields
}
Sandbox defines the set of filesystem paths and their access levels for Landlock enforcement.
func (*Sandbox) AddReadOnly ¶
AddReadOnly registers paths for read-only access within the sandbox.
func (*Sandbox) AddReadWrite ¶
AddReadWrite registers paths for read-write access within the sandbox.
func (*Sandbox) CanRead ¶
CanRead reports whether the given path falls within any configured read-only or read-write path. Checks against the full declared intent, including non-existent paths.
func (*Sandbox) CanWrite ¶
CanWrite reports whether the given path falls within any configured read-write path. Checks against the full declared intent, including non-existent paths.
func (*Sandbox) NumberOfRules ¶
NumberOfRules returns the total number of registered read and write rules.
Source Files