refactor(runtime): extract security types into advanced_options module#253
Merged
DorianZheng merged 1 commit intomainfrom Feb 13, 2026
Merged
refactor(runtime): extract security types into advanced_options module#253DorianZheng merged 1 commit intomainfrom
DorianZheng merged 1 commit intomainfrom
Conversation
DorianZheng
force-pushed
the
refactor/advanced-options
branch
2 times, most recently
from
963a7da to
0c283e9
Compare
Move SecurityOptions, ResourceLimits, SecurityOptionsBuilder, and AdvancedBoxOptions from options.rs into a dedicated advanced_options.rs module. Rename AdvancedOptions to AdvancedBoxOptions to reflect its association with BoxOptions. Eliminate re-export patterns — all imports now reference source modules directly. Delete jailer/config.rs (was a pure re-export file). Also adds SECCOMP_FILTER_FLAG_TSYNC support for thread-synchronized seccomp filters on Linux.
DorianZheng
force-pushed
the
refactor/advanced-options
branch
from
0c283e9 to
2d8fd63
Compare
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SecurityOptions,ResourceLimits, andAdvancedBoxOptionsfromruntime::optionsinto a dedicatedruntime::advanced_optionsmoduleSeccompRoleenum and multi-role filter support tojailer::seccomp(preparation for two-phase stacking)jailer::configmodule (re-exported types now live inadvanced_options)Motivation
runtime::optionshad grown to include both user-facing box options and internal security/isolation types. Extracting security types intoadvanced_optionsprovides:BoxOptions) and internal isolation configSeccompRoleand filter compilation infrastructure needed by upcoming seccomp workTest plan
cargo check -p boxlite -p boxlite-python -p boxlite-node -p boxlite-cli— cleancargo test -p boxlite-node— 5/5 passAdvancedBoxOptions.security)