-
Notifications
You must be signed in to change notification settings - Fork 594
Expand file tree
/
Copy pathCargo.toml
More file actions
96 lines (76 loc) · 2.17 KB
/
Cargo.toml
File metadata and controls
96 lines (76 loc) · 2.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
[package]
name = "openshell-sandbox"
description = "OpenShell process sandbox and monitor"
version.workspace = true
edition.workspace = true
rust-version.workspace = true
license.workspace = true
repository.workspace = true
[[bin]]
name = "openshell-sandbox"
path = "src/main.rs"
[dependencies]
openshell-core = { path = "../openshell-core" }
openshell-ocsf = { path = "../openshell-ocsf" }
openshell-policy = { path = "../openshell-policy" }
openshell-router = { path = "../openshell-router" }
# Async runtime
tokio = { workspace = true }
# gRPC
tonic = { workspace = true, features = ["channel", "tls"] }
tokio-stream = { workspace = true }
# CLI
clap = { workspace = true }
# Error handling
miette = { workspace = true }
thiserror = { workspace = true }
anyhow = { workspace = true }
hmac = "0.12"
sha2 = "0.10"
hex = "0.4"
russh = "0.57"
rand_core = "0.6"
# OPA policy evaluation (no default features — full-opa pulls in opa-runtime which requires git in build)
regorus = { version = "0.9", default-features = false, features = ["std", "arc", "glob", "yaml"] }
# TLS
tokio-rustls = { workspace = true }
rustls = { workspace = true }
rustls-pemfile = { workspace = true }
rcgen = { workspace = true }
webpki-roots = { workspace = true }
# HTTP
hyper = { workspace = true }
hyper-util = { workspace = true }
http = "1"
http-body-util = "0.1"
bytes = { workspace = true }
# UUID
uuid = { workspace = true }
# Encoding
base64 = { workspace = true }
# IP network / CIDR parsing
ipnet = "2"
# Serialization
serde_json = { workspace = true }
serde_yml = { workspace = true }
# Logging
tracing = { workspace = true }
tracing-subscriber = { workspace = true }
tracing-appender = { workspace = true }
# Unix/Process
nix = { workspace = true }
[target.'cfg(unix)'.dependencies]
libc = "0.2"
[target.'cfg(target_os = "linux")'.dependencies]
landlock = "0.4"
seccompiler = "0.5"
uuid = { version = "1", features = ["v4"] }
[dev-dependencies]
tempfile = "3"
temp-env = "0.3"
tokio-tungstenite = { workspace = true }
futures = { workspace = true }
[lints]
workspace = true