GitXplorerGitXplorer
S

forkfs

public
76 stars
3 forks
1 issues

Commits

List of commits on branch master.
Verified
d8cc5f6d55eddda4ca39358b57f6a00870f60a56

2024 edition

SSUPERCILEX committed 22 days ago
Verified
60174eb87d4cfb5ba3dd4a86cde55741d52fd596

Upgrade deps

SSUPERCILEX committed a month ago
Verified
86cc74fc7b1fb09b9973abe670d41a270040a6c7

Swap binary name and arch for better sorting

SSUPERCILEX committed 5 months ago
Verified
527cee90b7bdaf0620cf31750ec2f9da44bb6c59

Add link to blog post

SSUPERCILEX committed 6 months ago
Verified
c4027163eece7a3c8a595239a926d6632749b326

Upgrade deps

SSUPERCILEX committed 6 months ago
Verified
c1dc29c80087f78ccee7fbe5cefe722409b3d3f9

Upgrade deps

SSUPERCILEX committed 7 months ago

README

The README file for this repository.

ForkFS

ForkFS allows you to sandbox a process's changes to your file system.

You can think of it as a lightweight container: programs still have access to your real system (and can therefore jump out of the sandbox), but their disk changes are re-routed to special directories without changing the real file system.

A brief technical overview of the project is available at https://alexsaveau.dev/blog/forkfs.

Installation

Note: ForkFS is Linux-only.

Use prebuilt binaries

Binaries for a number of platforms are available on the release page.

Build from source

$ cargo +nightly install forkfs

To install cargo, follow these instructions.

Usage

Run a command in the sandbox:

$ forkfs run -- <your command>

All file system changes the command makes will only exist within the sandbox and will not modify your real file system.

You can also start a bash shell wherein any command you execute has its file operations sandboxed:

$ forkfs run bash

More details:

$ forkfs --help
A sandboxing file system emulator

You can think of ForkFS as a lightweight container: programs still have access to your real system
(and can therefore jump out of the sandbox), but their disk changes are re-routed to special
directories without changing the real file system. Under the hood, ForkFS is implemented as a
wrapper around OverlayFS.

Warning: we make no security claims. Do NOT use this tool with potentially malicious software.

PS: you might also be interested in Firejail: <https://firejail.wordpress.com/>.

Usage: forkfs <COMMAND>

Commands:
  run       Run commands inside the sandbox
  sessions  Manage sessions
  help      Print this message or the help of the given subcommand(s)

Options:
  -h, --help
          Print help (use `-h` for a summary)

  -V, --version
          Print version

$ forkfs sessions --help
Manage sessions

Each session has its own separate view of the file system that is persistent. That is, individual
command invocations build upon each other.

Actives sessions are those that are mounted, while inactive sessions remember the changes that were
made within them, but are not ready to be used.

Note: weird things may happen if the real file system changes after establishing a session. You may
want to delete all sessions to restore clean behavior in such cases.

Usage: forkfs sessions <COMMAND>

Commands:
  list    List sessions
  stop    Unmount active sessions
  delete  Delete sessions
  help    Print this message or the help of the given subcommand(s)

Options:
  -h, --help
          Print help (use `-h` for a summary)