Typical flow
Run methods
sb.exec()
Example
Example
cmd is passed literally to the guest agent: the image ENTRYPOINT is not consulted, and args are not shell-interpreted. For long-running processes or large output, use exec_stream(); for shell syntax like pipes and redirects, use shell().
Parameters
cmdimpl Into<String>“python” or “/usr/bin/node”.argsimpl IntoIterator[“-c”, “print(‘hi’)”].Returns
sb.exec_with()
Example
Example
ExecOptionsBuilder to set args, working directory, environment variables, user, timeout, resource limits, stdin mode, and TTY allocation. These overrides apply only to this execution and don’t change the sandbox’s defaults.
Parameters
cmdimpl Into<String>Returns
sb.shell()
Example
Example
/bin/sh, set via SandboxBuilder::shell()). The script is run as <shell> -c "<script>", so shell syntax like pipes, redirects, and && chains works.
Parameters
scriptimpl Into<String>“ls -la /app && echo done”.Returns
sb.shell_with()
Example
Example
-c <script> arguments are prepended to whatever the ExecOptionsBuilder configures, so use the builder for env, cwd, user, timeout, and resource limits rather than for positional args.
Parameters
scriptimpl Into<String>Returns
sb.exec_stream()
Example
Example
ExecHandle that emits stdout, stderr, started, and exit events as they happen, rather than buffering everything until the command finishes. Use this for long-running processes, large output, or when you need to process output incrementally.
Parameters
cmdimpl Into<String>argsimpl IntoIteratorReturns
sb.exec_stream_with()
Example
Example
stdin_pipe() to write to the process’s stdin via ExecHandle::take_stdin(), and tty(true) to allocate a pseudo-terminal for interactive programs like shells, REPLs, or editors.
Parameters
cmdimpl Into<String>Returns
sb.shell_stream()
Example
Example
shell(), but returns a streaming ExecHandle instead of waiting for completion.
Parameters
scriptimpl Into<String>Returns
sb.shell_stream_with()
Example
Example
shell_with(), the -c <script> arguments are prepended to whatever the builder configures.
Parameters
scriptimpl Into<String>Returns
Attach methods
sb.attach()
Example
Example
Ctrl+]) to disconnect without stopping the process; it keeps running in the guest. Returns when the process exits or you detach.
Parameters
cmdimpl Into<String>argsimpl IntoIteratorReturns
-1 if you detached before it exited.sb.attach_with()
Example
Example
AttachOptionsBuilder to set args, environment variables, working directory, user, custom detach keys, and resource limits.
Parameters
cmdimpl Into<String>Returns
-1 if you detached.sb.attach_shell()
Example
Example
SandboxBuilder::shell(), default /bin/sh) with an interactive PTY session.
Returns
-1 if you detached.ExecOptionsBuilder
Builder for per-execution overrides passed toexec_with(), exec_stream_with(), shell_with(), and shell_stream_with(). Does not change the sandbox’s defaults. Every setter returns Self, so calls chain.
.arg()
"-la" or "/tmp".
Parameters
argimpl Into<String>.args()
Parameters
argsimpl IntoIterator.cwd()
workdir.
Parameters
cwdimpl Into<String>.user()
Parameters
userimpl Into<String>.env()
Parameters
keyimpl Into<String>valueimpl Into<String>.envs()
Parameters
varsimpl IntoIterator.timeout()
Parameters
timeoutDuration.tty()
top); disable for scripts and batch jobs. When enabled, stdout and stderr are merged at the kernel level inside the guest. Default: false.
Parameters
enabledbooltrue to allocate a PTY..stdin_null()
/dev/null. This is the default.
.stdin_pipe()
ExecSink. Use with ExecHandle::take_stdin() on the returned streaming handle to send data to the process.
.stdin_bytes()
Parameters
dataimpl Into<Vec<u8>>.rlimit()
Example
Example
setrlimit() before exec.
Parameters
resourceRlimitResourcelimitu64.rlimit_range()
build() errors if soft > hard.
Parameters
resourceRlimitResourcesoftu64hardu64.build()
*_with methods when you use the closure form. Returns an error if any rlimit has soft > hard.
Returns
AttachOptionsBuilder
Builder for interactive attach options passed toattach_with(). Every setter returns Self, so calls chain.
.arg()
Parameters
argimpl Into<String>.args()
Parameters
argsimpl IntoIterator.cwd()
Parameters
cwdimpl Into<String>.user()
Parameters
userimpl Into<String>.env()
Parameters
keyimpl Into<String>valueimpl Into<String>.envs()
Parameters
varsimpl IntoIterator.detach_keys()
"ctrl-]" (default), "ctrl-p,ctrl-q" for a multi-key sequence, or a single character like "q".
Parameters
keysimpl Into<String>.rlimit()
Parameters
resourceRlimitResourcelimitu64.rlimit_range()
build() errors if soft > hard.
Parameters
.build()
attach_with(). Returns an error if any rlimit has soft > hard.
Returns
Types
ExecHandle
Returned by exec_stream() · exec_stream_with() · shell_stream() · shell_stream_with()
A handle to a running streaming execution. ReceivesExecEvents as the process produces output, and provides control over stdin, signals, and the PTY size.
| Method | Returns | Description |
|---|---|---|
| recv() | Option<ExecEvent> | Receive the next event. None when the session has ended and all output has been delivered. |
| wait() | Result<ExitStatus> | Wait for the process to exit, discarding any remaining output. |
| collect() | Result<ExecOutput> | Wait for exit and collect all remaining stdout/stderr. |
| id() | String | Session ID for this execution. Can be used to reattach later. |
| control() | ExecControl | A cloneable control handle for sending signals and resizes from another task. |
| take_stdin() | Option<ExecSink> | Take the stdin writer. Only available if stdin_pipe() was set; returns None after the first call. |
| signal(signal) | Result<()> | Send a POSIX signal to the process (e.g. libc::SIGTERM). |
| kill() | Result<()> | Send SIGKILL to the process. |
| resize(rows, cols) | Result<()> | Resize the PTY for this session. |
ExecControl
Returned by ExecHandle.control()
A cloneable, lightweight control handle for a streaming exec session. Lets a task other than the one owning theExecHandle send signals and PTY resizes. Carries no event stream.
| Method | Returns | Description |
|---|---|---|
| id() | String | Session ID for this execution. |
| signal(signal) | Result<()> | Send a POSIX signal to the process (e.g. libc::SIGTERM). |
| kill() | Result<()> | Send SIGKILL to the process. |
| resize(rows, cols) | Result<()> | Resize the PTY for this session. |
ExecSink
Returned by ExecHandle.take_stdin()
A writer for sending data to a running process’s stdin. Obtained viaExecHandle::take_stdin() after enabling stdin_pipe().
| Method | Parameters | Description |
|---|---|---|
| write(data) | data: impl AsRef<[u8]> | Write bytes to the process’s stdin. |
| close() | - | Close stdin. The process sees EOF on its stdin. |
ExecEvent
Yielded by ExecHandle.recv()
An event emitted by a streaming execution.| Variant | Fields | Description |
|---|---|---|
Started | pid: u32 | The process has started. pid is the guest-side PID. |
Stdout | Bytes | A chunk of stdout data. May arrive in arbitrary sizes. |
Stderr | Bytes | A chunk of stderr data. |
Exited | code: i32 | The process exited normally. code is the exit code. |
Failed | ExecFailed | The process failed to spawn (binary not found, permission denied, etc.). The user code never ran. Terminal: no further events follow. |
StdinError | ExecStdinError | A stdin write to the child failed (e.g. broken pipe). Non-terminal: the session keeps running and may still emit output and an Exited event. |
ExecOutput
Returned by exec() · exec_with() · shell() · shell_with() · ExecHandle.collect()
The result of a completed command execution. Holds the exit status and all captured output.| Method | Returns | Description |
|---|---|---|
| status() | ExitStatus | Exit code and success flag. |
| stdout() | Result<String, FromUtf8Error> | Collected stdout decoded as UTF-8. Errors if the output is not valid UTF-8. |
| stderr() | Result<String, FromUtf8Error> | Collected stderr decoded as UTF-8. |
| stdout_bytes() | &Bytes | Raw stdout bytes without decoding. |
| stderr_bytes() | &Bytes | Raw stderr bytes without decoding. |
ExitStatus
Returned by ExecHandle.wait() · ExecOutput.status() · sb.wait() · sb.stop_and_wait()
The exit status of a completed process.| Field | Type | Description |
|---|---|---|
| code | i32 | Exit code. 0 typically means success. |
| success | bool | true if code is 0. |
Rlimit
Configured via rlimit() · rlimit_range()
A POSIX resource limit. Built indirectly byrlimit() and rlimit_range() on the option builders; you rarely construct it by hand.
| Field | Type | Description |
|---|---|---|
| resource | RlimitResource | Which resource to limit. |
| soft | u64 | Soft limit; the process may raise it up to hard. |
| hard | u64 | Hard ceiling; raising it requires privileges. |
RlimitResource
Used by rlimit() · rlimit_range() · AttachOptionsBuilder.rlimit()
POSIX resource limit identifiers. Each maps to anRLIMIT_* constant.
| Value | Description |
|---|---|
Cpu | Max CPU time in seconds (RLIMIT_CPU) |
Fsize | Max file size in bytes (RLIMIT_FSIZE) |
Data | Max data segment size (RLIMIT_DATA) |
Stack | Max stack size (RLIMIT_STACK) |
Core | Max core file size (RLIMIT_CORE) |
Rss | Max resident set size (RLIMIT_RSS) |
Nproc | Max number of processes (RLIMIT_NPROC) |
Nofile | Max open file descriptors (RLIMIT_NOFILE) |
Memlock | Max locked memory (RLIMIT_MEMLOCK) |
As | Max address space size (RLIMIT_AS) |
Locks | Max file locks (RLIMIT_LOCKS) |
Sigpending | Max pending signals (RLIMIT_SIGPENDING) |
Msgqueue | Max bytes in POSIX message queues (RLIMIT_MSGQUEUE) |
Nice | Max nice priority (RLIMIT_NICE) |
Rtprio | Max real-time priority (RLIMIT_RTPRIO) |
Rttime | Max real-time timeout (RLIMIT_RTTIME) |