// Copyright Epic Games, Inc. All Rights Reserved.

#pragma once

#include "localrunner.h"

#if ZEN_WITH_COMPUTE_SERVICES && ZEN_PLATFORM_LINUX

namespace zen::compute {

/** Native Linux process runner for executing Linux worker executables directly.

	Subclasses LocalProcessRunner, reusing sandbox management, worker manifesting,
	input/output handling, and monitor thread infrastructure. Overrides only the
	platform-specific methods: process spawning, sweep, and cancellation.

	When Sandboxed is true, child processes are isolated using Linux namespaces:
	user, mount, and network namespaces are unshared so the child has no network
	access and can only see the sandbox directory (with system libraries bind-mounted
	read-only). This requires no special privileges thanks to user namespaces.
 */
class LinuxProcessRunner : public LocalProcessRunner
{
public:
	LinuxProcessRunner(ChunkResolver&				Resolver,
					   const std::filesystem::path& BaseDir,
					   DeferredDirectoryDeleter&	Deleter,
					   WorkerThreadPool&			WorkerPool,
					   bool							Sandboxed = false);

	[[nodiscard]] SubmitResult SubmitAction(Ref<RunnerAction> Action) override;
	void					   SweepRunningActions() override;
	void					   CancelRunningActions() override;

private:
	bool m_Sandboxed = false;
};

}  // namespace zen::compute

#endif