Begin sandboxing support, README updates.
This commit is contained in:
25
sandbox/sandbox.h
Normal file
25
sandbox/sandbox.h
Normal file
@ -0,0 +1,25 @@
|
||||
#ifndef SANDBOX_H
|
||||
#define SANDBOX_H
|
||||
#include <vector>
|
||||
class Sandbox
|
||||
{
|
||||
public:
|
||||
Sandbox()
|
||||
{
|
||||
}
|
||||
/* Whether the platform has everything required to active all sandbnox modes */
|
||||
virtual bool supported() = 0;
|
||||
|
||||
/* Activated early. At this point, we need more system calls
|
||||
* than later on */
|
||||
virtual bool enableForInit() = 0;
|
||||
|
||||
/* Activated after config has been read. Now we now which paths we need access to */
|
||||
virtual bool enablePreWorker(std::vector<std::string> fsPaths) = 0;
|
||||
|
||||
/* Activated after we have acquired resources (bound to ports etc.)
|
||||
*
|
||||
* This should allow us to further restrcit the process */
|
||||
virtual bool enableForWorker() = 0;
|
||||
};
|
||||
#endif
|
Viittaa uudesa ongelmassa
Block a user