cap-std

This crate provides a capability-based version of [std], providing sandboxed filesystem, networking, and clock APIs. See the [toplevel README.md] for more information about sandboxing using capability-based security.

The filesystem module [cap_std::fs], the networking module [cap_std::net], and the time module [cap_std::time] currently support Linux, macOS, FreeBSD, and Windows. WASI support is in development, though not yet usable.

Example usage of [Dir] for filesystem access:

```rust use std::io; use cap_std::fs::Dir;

/// Open files relative to dir. fn dir_example(dir: &Dir) -> io::Result<()> { // This works (assuming symlinks don't lead outside of dir). let file = dir.open("the/thing.txt")?;

// This fails, since `..` leads outside of `dir`.
let hidden = dir.open("../hidden.txt")?;

// This fails, as creating symlinks to absolute paths is not permitted.
dir.symlink("/hidden.txt", "misdirection.txt")?;

// However, even if the symlink had succeeded, or, if there is a
// pre-existing symlink to an absolute directory, following a
// symlink which would lead outside the sandbox also fails.
let secret = dir.open("misdirection.txt")?;

Ok(())

} ```

Example usage of [Pool] for network access:

```rust use std::io; use cap_std::net::Pool;

/// Open network addresses within pool. fn poolexample(pool: &Pool) -> io::Result<()> { // Connect to an address. This succeeds only if the given address and // port are present in pool. let stream = pool.connecttcp_stream("localhost:3333")?;

Ok(())

} ```