I'm releasing cargo-sandbox

This page summarizes the projects mentioned and recommended in the original post on /r/rust
Rust Docker Linux Logging rust-vmm

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • cargo-sandbox

  • cross

    “Zero setup” cross compilation and “cross testing” of Rust crates

    • As for inspiration, look no further than cross.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • cargo-sandbox

    Perform Cargo builds inside of a sandboxed environment (by rust-secure-code)

    • Potential naming conflict with this cargo-sandbox

  • docker-install

    Docker installation script

    • curl https://get.docker.com | sh \ && docker run \ --privileged \ --pid=host \ --network=host \ alpine nsenter /proc/1/ns/mnt -- /bin/bash

  • podman

    Podman: A tool for managing OCI containers and pods.

    • Podman has (at least) two big benefits over Docker: it doesn't require a daemon, and it allows for rootless containers.

  • crosvm

    The Chrome OS Virtual Machine Monitor - Mirror of https://chromium.googlesource.com/crosvm/crosvm/

    • The Linux kernel has a huge attack surface, and privilege escalation vulnerabilities abound. This is why https://gvisor.dev/ exists - it's a memory-safe proxy for Linux syscalls. This is also why Chrome OS runs its Linux environment in a custom hypervisor written in Rust instead of containers.

  • cloud-hypervisor

    A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on security.

    • The Chrome OS hypervisor was then evolved/forked into Firecracker and Intel's Cloud Hypervisor, with the latter supporting both Linux and Windows. Perhaps Cloud Hypervisor would serve as a good backbone for sandboxing, with its Rust implementation and focus on security?

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • gvisor

    Application Kernel for Containers

    • The Linux kernel has a huge attack surface, and privilege escalation vulnerabilities abound. This is why https://gvisor.dev/ exists - it's a memory-safe proxy for Linux syscalls. This is also why Chrome OS runs its Linux environment in a custom hypervisor written in Rust instead of containers.

  • slog

    Structured, contextual, extensible, composable logging for Rust

    • I only recently learned about rustwide myself when implementing sandboxed rustdoc builds for Shipyard.rs. After spending a good amount of time with the codebase, I have found it to be generally high quality, but the way the code is organized makes it fairly difficult to adapt for different purposes than it was intended for (not modular). I have a fork that I have changed to do what I need but not sure whether the two codebases can be reconciled because I ended up needing to put stuff very specific to my purposes in there. I also ran into a weird issue where the logging from rustwide was conflicting with the slog-based logging from my code, which feels to me like there is some UB lurking somewhere.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts