pub trait ControlPlane {
// Required methods
fn initialize(&mut self) -> Result<()>;
fn is_initialized(&self) -> bool;
fn evaluate(
&mut self,
subject: &Subject,
action: &Action,
) -> Result<SecurityDecision>;
fn enforce(&mut self, decision: &SecurityDecision) -> Result<()>;
fn shutdown(&mut self) -> Result<()>;
}Expand description
Control plane for enforcing security policies on agents.
Implementations provide Linux-native security mechanisms such as:
- BPF LSM hooks
- cgroup v2 restrictions
- Landlock sandboxing
- seccomp filters
- eBPF programs
Required Methods§
Sourcefn initialize(&mut self) -> Result<()>
fn initialize(&mut self) -> Result<()>
Initialize the control plane.
Sourcefn is_initialized(&self) -> bool
fn is_initialized(&self) -> bool
Check if the control plane is initialized and ready.
Sourcefn evaluate(
&mut self,
subject: &Subject,
action: &Action,
) -> Result<SecurityDecision>
fn evaluate( &mut self, subject: &Subject, action: &Action, ) -> Result<SecurityDecision>
Evaluate an action and return a security decision.
Sourcefn enforce(&mut self, decision: &SecurityDecision) -> Result<()>
fn enforce(&mut self, decision: &SecurityDecision) -> Result<()>
Enforce a security decision.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".