Skip to main content

Bwrap

snix_build::bwrap

Struct Bwrap 

Source 
pub struct Bwrap {
    host_workdir: PathBuf,
    args: Vec<OsString>,
    inputs_provider: InputsProvider,
}
Available on Linux only.
Expand description

Bubblewrap based sandbox executor.

It executes the sandbox command in separate uts, ipc, pid and user namespaces, always runs as uid=1000(nixbld) and gid=100(nixbld) inside the namespace. Provides sane defaults for various /etc files.

Network is optionally disabled with a separate network namespace based on the value of SandboxSpec::allow_network.

The root filesystem is tmpfs, has /dev and /proc.

The rest of the filesystem is based on the SandboxSpec::scratches, SandboxSpec::additional_files and SandboxSpec::inputs_provider.

§Scratches

A list of read-write directories available inside the sandbox, these directories are also left available on the host after the sandbox has finished.

§Additional files

A list of read-write files whose path currently must resolve into one of the Scratches.

§Build Inputs(SandboxSpec::inputs_provider)

A read-only directory that contains any files required by the sandboxed command, e.g /nix/store. Before the sandbox starts, the SandboxSpec::inputs_provider will have a chance to populate this directory and clean up after the sandbox is stopped.

Note: If the build inputs directory overlaps with any of the scratches, an overlayfs mount will be created for that scratch so it remains writable, i.e. the sandboxed command can create new files/directories.

Fields§

§host_workdir: PathBuf§args: Vec<OsString>§inputs_provider: InputsProvider

Implementations§

Source§

impl Bwrap

Source

pub async fn run(self) -> Result<SandboxOutcome>

Run the sandbox and return the result.

Source

pub fn initialize(spec: SandboxSpec) -> Result<Bwrap>

Constructor.

Auto Trait Implementations§

§

impl Freeze for Bwrap

§

impl !RefUnwindSafe for Bwrap

§

impl Send for Bwrap

§

impl !Sync for Bwrap

§

impl Unpin for Bwrap

§

impl UnsafeUnpin for Bwrap

§

impl !UnwindSafe for Bwrap

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> IntoRequest<T> for T

§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

Source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
§

impl<L> LayerExt<L> for L

§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in [Layered].
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> InputsGuard for T
where T: Send,