Skip to content

fullzer4/evalbox

BranchesTags

Repository files navigation

evalbox

Execute code like eval(), but safe. No containers, no VMs, no root.

CI Crates.io Documentation License

Features

  • Simple - One function call, security handled for you
  • Multi-language - Python, Go, and shell/terminal commands
  • Fast - Millisecond startup, no containers or VMs
  • Secure - Landlock v5 + seccomp-BPF + rlimits, no namespaces needed

Quick Start

use evalbox::{shell, python, go};
use std::time::Duration;

// Terminal commands
let output = shell::run("echo hello").exec()?;

// Python
let output = python::run("print(2 + 2)").exec()?;

// Go (auto-wraps into main())
let output = go::run(r#"fmt.Println("hello")"#).exec()?;

// With options
let output = shell::run("curl https://example.com")
    .timeout(Duration::from_secs(10))
    .network(true)
    .exec()?;

Requirements

  • Linux kernel 6.12+ (Landlock ABI 5)
  • Seccomp enabled

Installation

[dependencies]
evalbox = { version = "0.1", features = ["python", "go", "shell"] }

Security

Isolation via Landlock v5 (filesystem + network + signal + IPC scoping), seccomp-BPF (syscall whitelist), rlimits, privilege hardening (NO_NEW_PRIVS, securebits, capability drop).

See Security Model for threat model and CVE protections.

Documentation

License

MIT OR Apache-2.0

About

Eval untrusted code in any language. No containers, no VMs, no setup. Just Linux.

Topics

linux rust security sandbox eval isolation containerless

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Contributing

Contributing

Security policy

Security policy
Activity

Stars

17 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

evalbox-v0.1.1 Latest
Feb 22, 2026

Contributors

Languages