#[deny]Expand description
Marks a function as capability-free.
This is a declaration for the cargo capsec check lint tool — any ambient
authority call found inside a #[deny] function will be flagged as a violation.
The macro itself does not enforce anything at compile time (there’s no type-system
mechanism to prevent std::fs imports). Enforcement is in the lint tool.
§Usage
ⓘ
// Deny all I/O
#[capsec::deny(all)]
fn pure_transform(input: &[u8]) -> Vec<u8> {
input.iter().map(|b| b.wrapping_add(1)).collect()
}
// Deny only network access
#[capsec::deny(net)]
fn local_only(cap: &impl Has<FsRead>) -> Vec<u8> {
capsec::fs::read("/tmp/data", cap).unwrap()
}§Supported categories
all, fs, net, env, process