A v1 command execution sandbox written in Zig, currently focused on timeout control, output capture, and safe process handling.
This project is under development.
Current version: v1
- Run a command with arguments
- Kill the process if it exceeds a timeout
- Capture stdout
- Capture stderr
- Show exit code / termination status
This is not yet a full OS-level sandbox.
Not implemented in v1:
- cgroup memory limits
- namespace isolation
- seccomp restrictions
- deep process sandboxing
Zig provides self-contained archives. The official setup is to download the right archive for your platform, extract it, and add Zig to your PATH. 0
For Linux x86_64:
cd ~
curl -LO https://ziglang.org/download/0.15.2/zig-x86_64-linux-0.15.2.tar.xz
tar xf zig-x86_64-linux-0.15.2.tar.xz
echo 'export PATH="$HOME/zig-x86_64-linux-0.15.2:$PATH"' >> ~/.bashrc
source ~/.bashrc
zig versionFor Linux aarch64:
cd ~
curl -LO https://ziglang.org/download/0.15.2/zig-aarch64-linux-0.15.2.tar.xz
tar xf zig-aarch64-linux-0.15.2.tar.xz
echo 'export PATH="$HOME/zig-aarch64-linux-0.15.2:$PATH"' >> ~/.bashrc
source ~/.bashrc
zig version
If extraction fails because .xz is not supported, install xz support first:
sudo apt update && sudo apt install -y xz-utils
git clone https://github.com/ExVoider/safexec.git
cd safexec
zig build
zig build run -- 3 ls -la
zig build run -- 2 sleep 5
zig build run -- 3 sh -c "echo out && echo err 1>&2"
Command: sleep 5
Status: timed out after 2s
Terminated by signal: 9
--- stdout ---
--- stderr ---