21 rader
568 B
C
21 rader
568 B
C
|
#ifndef SANDBOXLINUX_H
|
||
|
#define SANDBOXLINUX_H
|
||
|
#include <memory>
|
||
|
#include <vector>
|
||
|
#include "sandbox.h"
|
||
|
class SandboxLinux : public Sandbox
|
||
|
{
|
||
|
public:
|
||
|
using Sandbox::Sandbox;
|
||
|
bool supported() override;
|
||
|
bool enableForInit() override;
|
||
|
bool enablePreWorker(std::vector<std::string> fsPaths) override;
|
||
|
bool enableForWorker() override;
|
||
|
|
||
|
private:
|
||
|
bool isolateNamespaces(std::vector<std::string> fsPaths);
|
||
|
bool seccomp_blacklist(std::initializer_list<int> syscalls);
|
||
|
bool bindMountPaths(std::string target_root, std::initializer_list<std::string> paths);
|
||
|
};
|
||
|
#endif
|