qswiki/sandbox/sandbox-linux.h

#ifndef SANDBOXLINUX_H
#define SANDBOXLINUX_H
#include <memory>
#include <vector>
#include "sandbox.h"
class SandboxLinux : public Sandbox
{
public:
	using Sandbox::Sandbox;
	bool supported() override;
	bool enableForInit() override;
	bool enablePreWorker(std::vector<std::string> fsPaths) override;
	bool enableForWorker() override;
private :
	bool isolateNamespaces(std::vector<std::string> fsPaths);
	bool seccomp_blacklist(std::initializer_list<int> syscalls);
	bool bindMountPaths(std::string target_root, std::initializer_list<std::string> paths);
};
#endif