Sometimes, a sandbox is more prefer than a VM.
Think about a silly question: how many VM you should have?
I wrote a crate that could modify rustc if available.
Which means, if you have several project and one of them has been poisoned, then all your project is affected.
There is no official cargo container, and it is not easy to create multiple VM copies to prevent the possible damage from malicious
what's more, some crate should be build only in the host machine (e.g., torch-sys needs to bind with cuda, download torch dll, etc. doing such things in either a container or a VM seems not a wise choice.)
the interaction between
nobody might not be a critical problem, since it would not affect the main environment.
Here, IMHO, java downloader have the the same permissions as other regular program, which actually hits your situation: two programs running as nobody can still interfer with each other in a potentially dangerous way.
maybe we are talk about the same thing, but you have misunderstood my opinion.
cargo is running under the normal permissions.
cargo build may compile
build.rs, this is under the normal permissions, too.
build.rs is compiled to
build, the execution of
build should under the permissions of "nobody" -- this is a lower permission, thus it won't affect the main
build is executed, the normal compile procedure is under the normal permissions, too. Which might be what you want.