feat: add Landlock sandbox for sidecar process isolation
SandboxConfig with RW/RO paths applied via pre_exec() in sidecar child process. Requires kernel 6.2+ with graceful fallback. Per-project toggle in SettingsTab. 9 unit tests.
This commit is contained in:
Hibryda
DexterFromLab
parent
f868f6f148
commit
871fd0385f
8 changed files with 363 additions and 12 deletions
|
|
@ -99,6 +99,7 @@ async fn main() {
|
|||
let sidecar_config = SidecarConfig {
|
||||
search_paths,
|
||||
env_overrides: std::collections::HashMap::new(),
|
||||
sandbox: Default::default(),
|
||||
};
|
||||
let token = Arc::new(cli.token);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue