qswiki/sandbox/sandbox-linux.h

21 lines
565 B
C
Raw Normal View History

#ifndef SANDBOXLINUX_H
#define SANDBOXLINUX_H
#include <memory>
#include <vector>
#include "sandbox.h"
class SandboxLinux : public Sandbox
{
public:
using Sandbox::Sandbox;
bool supported() override;
bool enableForInit() override;
bool enablePreWorker(std::vector<std::string> fsPaths) override;
bool enableForWorker() override;
private:
bool isolateNamespaces(std::vector<std::string> fsPaths);
bool seccomp_blacklist(std::initializer_list<int> syscalls);
bool bindMountPaths(std::string target_root, const std::vector<std::string> &paths);
};
#endif