Raxol.Plugins.PluginSandbox (Raxol v2.0.1)
View SourceSandbox security system for running untrusted plugins safely.
Features:
- Process isolation with restricted capabilities
- Resource usage limits (memory, CPU, file descriptors)
- Restricted system access (file I/O, network, process spawning)
- Capability-based security model
- Audit logging for security events
- Automatic sandbox violation handling
Summary
Functions
Returns a specification to start this module under a supervisor.
Creates a new sandbox for a plugin with specified security policy.
Destroys a sandbox and cleans up resources.
Executes code within a sandboxed environment.
Gets sandbox status and resource usage.
Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_cast/2.
Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_info/2.
Returns security policy for sandboxed plugins.
Returns security policy for trusted plugins.
Returns default security policy for untrusted plugins.
Updates security policy for an existing sandbox.
Types
@type plugin_id() :: String.t()
@type sandbox_context() :: %{ plugin_id: plugin_id(), security_policy: security_policy(), supervisor_pid: pid(), worker_pid: pid() | nil, resource_monitor: pid() | nil, audit_logger: pid() | nil, violations: [term()], created_at: DateTime.t() }
Functions
Returns a specification to start this module under a supervisor.
See Supervisor.
Creates a new sandbox for a plugin with specified security policy.
Destroys a sandbox and cleans up resources.
Executes code within a sandboxed environment.
Gets sandbox status and resource usage.
Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_cast/2.
Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_info/2.
Returns security policy for sandboxed plugins.
Returns security policy for trusted plugins.
Returns default security policy for untrusted plugins.
Updates security policy for an existing sandbox.