Rust implementation of PRoot, a ptrace-based sandbox. (Work in progress)
proot-rs works by intercepting all Linux system calls that use paths (
and translating these with the specified path bindings, in order to simulate
and all this without requiring admin rights (
ptrace do not require any special rights).
So for instance, this command:
proot-rs -R /home/user/ mkdir /myfolder
-R defines a new root and adds usual bindings like
will be equivalent to:
Hence, you can apply
proot-rs to a whole program in order sandbox it.
More concretely, you can for instance download a docker image, extract it,
and run it, without needing docker:
proot-rs -R ./my-docker-image /bin/sh
Not usable for now (work in progress).
Use the nightly Rust channel for rustc:
cargo default nightly
Some dependencies (like
syscall) depend on features (
asm in this case) that are not
on the stable channel yet.
The recommended way is to use rustup/cargo:
It will install all the dependencies and compile it (in debug mode).
To generate the release binary (it takes longer, but the binary generated is quicker):
cargo build --release