Secure Sandboxing
Linux namespaces, cgroups, and seccomp for complete isolation of untrusted code execution.
Faber - Secure Sandboxed Task Execution
Secure, sandboxed task execution service built in Rust
Key Features
Section titled “Key Features”Resource Limits
Configurable CPU, memory, and process limits with comprehensive monitoring and tracking.
REST API
HTTP interface for task execution with full programmatic access to all features.
CLI Interface
Command-line tools for management and execution with intuitive workflow integration.
Quick Start
Section titled “Quick Start”# Build the projectcargo build --release
# Start the server./target/release/faber serve
# Execute a task via CLIfaber execute "echo hello world"Architecture
Section titled “Architecture”Faber is organized as a Rust workspace with multiple specialized crates:
- Core: Fundamental types, traits, and error definitions
- Configuration: Configuration management and validation
- Sandbox: Container and sandboxing functionality
- Executor: Task execution logic
- API: HTTP API layer with Axum
- CLI: Command-line interface
Security Features
Section titled “Security Features”- Linux Namespaces: PID, mount, network, IPC, UTS, user, time, and cgroup namespaces
- cgroups: Resource limits for CPU, memory, and process count
- seccomp: System call filtering
- Capability dropping: Reduced privilege execution
- Read-only filesystem: Immutable root filesystem
- Command validation: Blocked dangerous commands
Next Steps
Section titled “Next Steps”Installation
Get Faber up and running on your system with our comprehensive installation guide.
Configuration
Learn how to configure Faber for your specific use case and security requirements.
CLI Usage
Master the command-line interface for efficient task execution and management.
API Reference
Explore the REST API for programmatic access to all Faber features.