Begin sandboxing support, README updates.

2019-08-11 20:10:38 +02:00
parent d7db1fbe39
commit f83c705230
9 changed files with 398 additions and 27 deletions
--- a/sandbox/sandbox-linux.h
+++ b/sandbox/sandbox-linux.h
@ -0,0 +1,20 @@
+#ifndef SANDBOXLINUX_H
+#define SANDBOXLINUX_H
+#include <memory>
+#include <vector>
+#include "sandbox.h"
+class SandboxLinux : public Sandbox
+{
+  public:
+	using Sandbox::Sandbox;
+	bool supported() override;
+	bool enableForInit() override;
+	bool enablePreWorker(std::vector<std::string> fsPaths) override;
+	bool enableForWorker() override;
+
+  private:
+	bool isolateNamespaces(std::vector<std::string> fsPaths);
+	bool seccomp_blacklist(std::initializer_list<int> syscalls);
+	bool bindMountPaths(std::string target_root, std::initializer_list<std::string> paths);
+};
+#endif