Minion

Minion is library implementing highly isolated sandboxes on top of low-level OS APIs. Features:

Security isolation: sandboxed process runs with reduced privileges, and these privileges can be configured by user.
Resource restrictions: CPU time and RAM usage can be limited, ensuring that sandbox can't starve other processes.

Additionally, CLI tool is provided for simple use cases.

Build requirements:

Latest stable Rust (minion may compile successfully on older toolchains, but this is not guarenteed).

Using minion library

Add following to Cargo.toml:

# under [dependencies]:
minion = { git = "https://github.com/jjs-dev/minion" }

# otherwise nightly rust is required
rm -rf .cargo
cargo build --package minion-ffi --release

Following files should appear somewhere in target:

docker pull ghcr.io/jjs-dev/minion:latest

(You can use minion-cli directly from image, or you can unpack image).

# otherwise nightly rust is required
rm -rf .cargo
cargo build --package minion-cli --release

Name		Name	Last commit message	Last commit date
Latest commit History 161 Commits
.cargo		.cargo
.github/workflows		.github/workflows
ci		ci
minion-cli		minion-cli
minion-codegen		minion-codegen
minion-ffi		minion-ffi
minion-tests		minion-tests
src		src
.gitignore		.gitignore
.rust-toolchain		.rust-toolchain
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
Dockerfile		Dockerfile
README.md		README.md
bors.toml		bors.toml
rustfmt.toml		rustfmt.toml