Add ability to contain a process in a scheme sandbox

programs/contain/Cargo.toml

@@ -0,0 +1,6 @@
+[package]
+name = "contain"
+version = "0.1.0"
+
+[dependencies]
+redox_syscall = { path = "../../syscall" }

programs/contain/src/main.rs

@@ -0,0 +1,28 @@
+extern crate syscall;
+
+use std::fs::File;
+use std::io::{BufRead, BufReader};
+
+pub fn main() {
+    let pid = unsafe { syscall::clone(syscall::CLONE_NEWNS).unwrap() };
+    if pid == 0 {
+        println!("Child Namespace:");
+        let file = BufReader::new(File::open("sys:scheme").unwrap());
+        for line in file.lines() {
+            let line = line.unwrap();
+            println!("{}", line);
+        }
+        println!("");
+    } else {
+        let mut status = 0;
+        syscall::waitpid(pid, &mut status, 0).unwrap();
+
+        println!("Parent Namespace:");
+        let file = BufReader::new(File::open("sys:scheme").unwrap());
+        for line in file.lines() {
+            let line = line.unwrap();
+            println!("{}", line);
+        }
+        println!("");
+    }
+}