![bors[bot]](https://avatars.githubusercontent.com/in/1847?v=4&size=40){kind=avatar}
Minion is library implementing highly isolated sandboxes on top of low-level OS APIs. Features:
- Security isolation: sandboxed process runs with reduced privileges, and these privileges can be configured by user.
- Resource restrictions: CPU time and RAM usage can be limited, ensuring that sandbox can't starve other processes.
Additionally, CLI tool is provided for simple use cases.
Build requirements:
- Latest stable Rust (minion may compile successfully on older toolchains, but this is not guarenteed).
Add following to Cargo.toml:
# under [dependencies]:
minion = { git = "https://github.com/jjs-dev/minion" }# otherwise nightly rust is required
rm -rf .cargo
cargo build --package minion-ffi --release
Following files should appear somewhere in target:
minion-ffi-prepend.h&minion-ffi.h- header fileslibminion_ffi.a- static librarylibminion_ffi.so- shared library
docker pull ghcr.io/jjs-dev/minion:latest(You can use minion-cli directly from image, or you can unpack image).
# otherwise nightly rust is required
rm -rf .cargo
cargo build --package minion-cli --release
![@bors[bot]](https://avatars.githubusercontent.com/in/1847?s=64&v=4){kind=small}
![@dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=64&v=4){kind=small}
