ForkFS

ForkFS 允许您对文件系统中的进程更改进行沙盒处理。

您可以将其视为一个轻量级容器：程序仍然可以访问您的真实系统（因此可以从沙盒中跳出来），但它们的磁盘更改将被重定向到特殊目录，而不会更改真实文件系统。

安装

注意：ForkFS 仅适用于 Linux。

使用预构建的二进制文件

多个平台上的二进制文件可在 发布页面 上找到。

从源码构建

$ cargo +nightly install forkfs

要安装 cargo，请遵循 这些说明。

使用方法

在沙盒中运行命令

$ forkfs run -- <your command>

该命令所做的所有文件系统更改都仅存在于沙盒中，不会修改您的真实文件系统。

您还可以启动一个 bash shell，其中任何执行的命令都具有沙盒化的文件操作

$ forkfs run bash

更多信息

$ forkfs --help
A sandboxing file system emulator

You can think of ForkFS as a lightweight container: programs still have access to your real system
(and can therefore jump out of the sandbox), but their disk changes are re-routed to special
directories without changing the real file system. Under the hood, ForkFS is implemented as a
wrapper around OverlayFS.

Warning: we make no security claims. Do NOT use this tool with potentially malicious software.

PS: you might also be interested in Firejail: <https://firejail.wordpress.com/>.

Usage: forkfs <COMMAND>

Commands:
  run       Run commands inside the sandbox
  sessions  Manage sessions
  help      Print this message or the help of the given subcommand(s)

Options:
  -h, --help
          Print help (use `-h` for a summary)

  -V, --version
          Print version

$ forkfs sessions --help
Manage sessions

Each session has its own separate view of the file system that is persistent. That is, individual
command invocations build upon each other.

Actives sessions are those that are mounted, while inactive sessions remember the changes that were
made within them, but are not ready to be used.

Note: weird things may happen if the real file system changes after establishing a session. You may
want to delete all sessions to restore clean behavior in such cases.

Usage: forkfs sessions <COMMAND>

Commands:
  list    List sessions
  stop    Unmount active sessions
  delete  Delete sessions
  help    Print this message or the help of the given subcommand(s)

Options:
  -h, --help
          Print help (use `-h` for a summary)