21 regels
565 B
C++
21 regels
565 B
C++
#ifndef SANDBOXLINUX_H
|
|
#define SANDBOXLINUX_H
|
|
#include <memory>
|
|
#include <vector>
|
|
#include "sandbox.h"
|
|
class SandboxLinux : public Sandbox
|
|
{
|
|
public:
|
|
using Sandbox::Sandbox;
|
|
bool supported() override;
|
|
bool enableForInit() override;
|
|
bool enablePreWorker(std::vector<std::string> fsPaths) override;
|
|
bool enableForWorker() override;
|
|
|
|
private:
|
|
bool isolateNamespaces(std::vector<std::string> fsPaths);
|
|
bool seccomp_blacklist(std::initializer_list<int> syscalls);
|
|
bool bindMountPaths(std::string target_root, const std::vector<std::string> &paths);
|
|
};
|
|
#endif
|