Skip to main content
The SDK embeds the microsandbox runtime directly into whatever application uses it. Sandbox.create spawns the VM as a child process. No daemon to install, no server to connect to.

Installation

cargo add microsandbox

Quick start

Create a sandbox from a container image, run a command, print the output, and stop it. 
use microsandbox::{Sandbox, NetworkPolicy};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let sb = Sandbox::builder("my-sandbox")
        .image("python:3.12")
        .memory(512)
        .cpus(2)
        .env("PYTHONDONTWRITEBYTECODE", "1")
        .workdir("/app")
        .volume("/app/src", |v| v.bind("./src").readonly())
        .network(|n| n.policy(NetworkPolicy::public_only()))
        .create()
        .await?;

    let output = sb.exec("python", ["-c", "print('Hello, World!')"]).await?;
    println!("{}", output.stdout()?);

    sb.stop().await?;
    Ok(())
}
The rest of the SDK reference covers each area in detail: sandbox configuration, execution, filesystem, networking, volumes, snapshots, scripts, events, errors, and metrics.