Replace podman by sudo docker if you want docker.
Replace rust with a suitable container image if your Rust project or any of its dependencies require additional dependencies.
Mounts $HOME/cargo/git and $HOME/cargo/registry as readonly for passing in source dependencies (only git and registry dependencies supported.)
Mounts the current directory as readwrite for passing in sources and passing out build artifacts
I could set this as an alias on my system to perform sandboxed builds.
If that inspires anything:
$ cargo fetch && podman run --rm -it --mount type=bind,source="$(pwd)"/,target=/build,rw --mount type=bind,source="${HOME}"/.cargo/git,target=/usr/local/cargo/git,ro --mount type=bind,source="${HOME}"/.cargo/registry,target=/usr/local/cargo/registry,ro --network none -w /build rust cargo build --offlineReplace
podmanbysudo dockerif you wantdocker. Replacerustwith a suitable container image if your Rust project or any of its dependencies require additional dependencies.$HOME/cargo/gitand$HOME/cargo/registryas readonly for passing in source dependencies (only git and registry dependencies supported.)I could set this as an alias on my system to perform sandboxed builds.