Use gaol as the sandboxing mechanism #4
Commits on May 18, 2019
-
Use gaol as the sandboxing mechanism
This commit signals the intent of this project to explore `gaol` as the mechanism by which builds are sandboxed. The README.md for `gaol` carries the following warning: > gaol is only lightly reviewed for correctness and security. > It should not be considered mature or "battle-tested". > Use at your own risk. However, cursory review of gaol's source code shows it's a relatively simple cross-platform sandboxing solution which provides pure Rust wrappers for the underlying OS facilities sandboxing solutions should be leveraging. As `gaol` is used by Servo, it's something the Rust team is probably already familiar with, which increases the chances of upstreaming a sandboxing solution into Cargo proper, a potential goal for this project.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.