Proc macro sandboxing - eviltoast
  • expertmadman@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    24
    ·
    1 year ago

    we’re working on a third party solution for this. Should have some updates that sandbox cargo builds shortly.

    https://github.com/phylum-dev/birdcage

    It’s a cross-platform sandbox that works on Linux via Landlock and macOS via Seatbelt. We’ve rolled this into our CLI (https://github.com/phylum-dev/cli) so you can do thinks like:

    phylum  
    

    For example for npm, which currently uses the sandbox:

    phylum npm install
    

    We’re adding this to cargo to similarly sandbox crate installations. Would love feedback and thoughts on our sandbox!