Rust implementation of PRoot, a ptrace-based sandbox. (Work in progress)
proot-rs works by intercepting all Linux system calls that use paths (execve, mkdir, ls, ...)
and translating these with the specified path bindings, in order to simulate chroot,
and all this without requiring admin rights (ptrace do not require any special rights).
So for instance, this command:
proot-rs -R /home/user/ mkdir /myfolder
(-R defines a new root and adds usual bindings like /bin)
will be equivalent to:
mkdir /home/user/myfolder/
Hence, you can apply proot-rs to a whole program in order sandbox it.
More concretely, you can for instance download a docker image, extract it,
and run it, without needing docker:
proot-rs -R ./my-docker-image /bin/sh
Not usable for now (work in progress).
Use the nightly Rust channel for rustc:
cargo default nightly
Some dependencies (like syscall) depend on features (asm in this case) that are not
on the stable channel yet.
The recommended way is to use rustup/cargo:
cargo build
It will install all the dependencies and compile it (in debug mode).
To generate the release binary (it takes longer, but the binary generated is quicker):
cargo build --release
Simply run:
cargo test