pub trait ProcessProtection {
// Required methods
fn lock_memory(&self) -> Result<(), ProtectionError>;
fn disable_core_dump(&self) -> Result<(), ProtectionError>;
fn disable_ptrace(&self) -> Result<(), ProtectionError>;
// Provided method
fn apply_all(&self) -> Result<(), ProtectionError> { ... }
}Expand description
Platform-agnostic process protection interface.
Required Methods§
Sourcefn lock_memory(&self) -> Result<(), ProtectionError>
fn lock_memory(&self) -> Result<(), ProtectionError>
Lock all current + future process memory — block swap / paging.
Sourcefn disable_core_dump(&self) -> Result<(), ProtectionError>
fn disable_core_dump(&self) -> Result<(), ProtectionError>
Disable core dump generation.
Sourcefn disable_ptrace(&self) -> Result<(), ProtectionError>
fn disable_ptrace(&self) -> Result<(), ProtectionError>
Block ptrace / debugger attach.
Contract: an Ok(()) return guarantees that, at the moment
of the call, no debugger is currently attached and the
platform-specific deny / detect primitive succeeded. Existing
attach is reported as ProtectionError::DebuggerAttached so
callers cannot read .is_ok() as “no debugger” — the m6 silent-
success regression is closed.
Platform behaviour:
- Linux —
prctl(PR_SET_PTRACER, 0)proactively denies future attaches;/proc/self/statusTracerPid != 0returnsDebuggerAttached. The system-wideyama.ptrace_scopeadvisory remains a stderr warning (per-process API cannot override system policy). - macOS —
ptrace(PT_DENY_ATTACH)actively denies, so a successful call implies no attach. - Windows —
IsDebuggerPresent/CheckRemoteDebuggerPresentdetection only; attach surfacesDebuggerAttached. Windows has no portable self-deny primitive.
Provided Methods§
Sourcefn apply_all(&self) -> Result<(), ProtectionError>
fn apply_all(&self) -> Result<(), ProtectionError>
Apply all three — Runtime startup capability check.