SandboxSpec

snix_build::sandbox

Struct SandboxSpec 

Source 
pub struct SandboxSpec {
    host_workdir: PathBuf,
    command: Vec<String>,
    sandbox_workdir: PathBuf,
    scratches: Vec<PathBuf>,
    additional_files: Vec<AdditionalFile>,
    env_vars: Vec<EnvVar>,
    with_inputs: InputsProvider,
    provide_shell: Option<PathBuf>,
    allow_network: bool,
}
Expand description

A sandbox builder.

Its API is tailored to the needs of Snix builds, namely running sandboxed commands with optional build input paths, files, network access. And allow for such commands to produce outputs that stay available after the sandbox has stopped.

Fields§

§host_workdir: PathBuf

Working directory on the host, where the sandbox is assembled.

§command: Vec<String>

Command to execute inside the sandbox

§sandbox_workdir: PathBuf

Workdir inside the sandbox, in which the Self::command will be executed.

§scratches: Vec<PathBuf>

A list of scratch paths to make available inside the sandbox.

These directories are read+writable inside the sandbox and their contents is preserved after the sandbox has stopped.

§additional_files: Vec<AdditionalFile>

Any additional files to rw-mount inside the sandbox.

§env_vars: Vec<EnvVar>

Env vars to set before running Self::command.

§with_inputs: InputsProvider

Optionally read-only mount build inputs.

§Example

Mount some host path at “/nix/store” inside the sandbox.

use snix_build::sandbox::SandboxSpec;
let _  = SandboxSpec::builder()
    .host_workdir("/tmp/sandbox1")
    .command(["echo", "Hello"])
    .sandbox_workdir("build")
    .scratches(["foo"])
    .with_inputs("nix/store", |path| {
        // mount dir at `path`
        // return an RAII guard that will unmount the dir
        Ok(())
    })
    .build();
§provide_shell: Option<PathBuf>

Absolute path to the shell that will be mounted at /bin/sh inside the sandbox.

It must static binary, otherwise it will likely fail to start.

§allow_network: bool

Whether to allow network access inside the sandbox.

Implementations§

Source§

impl SandboxSpec

Source

pub fn builder() -> SandboxSpecBuilder<((), (), (), (), (), (), (), (), ())>

Create a builder for building SandboxSpec. On the builder, call .host_workdir(...), .command(...), .sandbox_workdir(...), .scratches(...), .additional_files(...)(optional), .env_vars(...)(optional), .with_inputs(...)(optional), .provide_shell(...)(optional), .allow_network(...)(optional) to set the values of the fields. Finally, call .build() to create the instance of SandboxSpec.

Source§

impl SandboxSpec

Source

pub fn host_workdir(&self) -> &Path

Source

pub fn command(&self) -> impl IntoIterator<Item = &String>

Source

pub fn sandbox_workdir(&self) -> &Path

Source

pub fn scratches(&self) -> impl IntoIterator<Item = &PathBuf>

Source

pub fn additional_files(&self) -> impl IntoIterator<Item = &AdditionalFile>

Source

pub fn env_vars(&self) -> impl IntoIterator<Item = &EnvVar>

Source

pub fn provide_shell(&self) -> Option<&Path>

Source

pub fn allow_network(&self) -> bool

Source

pub fn inputs_provider(&self) -> &InputsProvider

Trait Implementations§

Source§

impl From<SandboxSpec> for InputsProvider

Source§

fn from(value: SandboxSpec) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FutureExt for T

Source§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
Source§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> InputsGuard for T
where T: Send,