Skip to content
Rust implementation of PRoot, a ptrace-based sandbox
Rust C Assembly
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
src implement shebang parsing Jun 22, 2019
.gitignore Added binary loader. Jul 29, 2017
.travis.yml Fix typo in Travis config, add Clippy Jun 22, 2019
LICENSE Changed licence to GPL v3 (because original PRoot is GPL v2). Jul 23, 2017 [skip ci] Add Travis Badge to README Jun 22, 2019
proot-rs.iml Moved to nix 0.9.0. Jul 25, 2017

proot-rs Build Status

Rust implementation of PRoot, a ptrace-based sandbox. (Work in progress)

proot-rs works by intercepting all Linux system calls that use paths (execve, mkdir, ls, ...) and translating these with the specified path bindings, in order to simulate chroot, and all this without requiring admin rights (ptrace do not require any special rights).

So for instance, this command:

proot-rs -R /home/user/ mkdir /myfolder

(-R defines a new root and adds usual bindings like /bin)

will be equivalent to:

mkdir /home/user/myfolder/

Hence, you can apply proot-rs to a whole program in order sandbox it. More concretely, you can for instance download a docker image, extract it, and run it, without needing docker:

proot-rs -R ./my-docker-image /bin/sh


Not usable for now (work in progress).


Use the nightly Rust channel for rustc:

cargo default nightly

Some dependencies (like syscall) depend on features (asm in this case) that are not on the stable channel yet.


The recommended way is to use rustup/cargo:

cargo build

It will install all the dependencies and compile it (in debug mode).

To generate the release binary (it takes longer, but the binary generated is quicker):

cargo build --release


Simply run:

cargo test
You can’t perform that action at this time.