Struct CapNetAgent 

pub struct CapNetAgent(/* private fields */);

A connection to the Casper cap_net(3) service.

Implementations

impl CapNetAgent

pub fn bind<F>(&mut self, sock: &F, addr: &dyn SockaddrLike) -> Result<()>

where F: AsFd,

A low-level bind(2) workalike, but in capability mode.

Examples

use std::{
    os::fd::AsRawFd,
    str::FromStr
};
use capsicum::casper::Casper;
use capsicum_net::CasperExt;
use nix::sys::socket::{
    AddressFamily, SockaddrIn, SockaddrLike, SockFlag,
    SockType, socket
};

// Safe if we are single-threaded
let mut casper = unsafe { Casper::new().unwrap() };
let mut cap_net = casper.net().unwrap();
let s = socket(AddressFamily::Inet, SockType::Stream, SockFlag::empty(),
    None).unwrap();
let addr = SockaddrIn::from_str("127.0.0.1:8081").unwrap();
cap_net.bind(&s, &addr).unwrap();

pub fn connect<F>(&mut self, sock: &F, addr: &dyn SockaddrLike) -> Result<()>

where F: AsFd,

A low-level connect(2) workalike, but in capability mode.

Examples

use std::{
    os::fd::AsRawFd,
    str::FromStr
};
use capsicum::casper::Casper;
use capsicum_net::CasperExt;
use nix::sys::socket::{
    AddressFamily, SockaddrIn, SockaddrLike, SockFlag,
    SockType, socket
};

// Safe if we are single-threaded
let mut casper = unsafe { Casper::new().unwrap() };
let mut cap_net = casper.net().unwrap();
let s = socket(AddressFamily::Inet, SockType::Stream, SockFlag::empty(),
    None).unwrap();
let addr = SockaddrIn::from_str("8.8.8.8:53").unwrap();
cap_net.connect(&s, &addr).unwrap();

pub fn limit(&mut self, flags: LimitFlags) -> Limit<'_>

Return an opaque handle used to further limit the capabilities of the cap_net service.

Each time a Limit is constructed and applied it can reduce, but never enlarge, the service’s capabilities.

Example

use std::{
    os::fd::AsRawFd,
    str::FromStr
};
use capsicum::casper::Casper;
use capsicum_net::{CasperExt, LimitFlags};
use nix::sys::socket::{SockaddrIn, SockaddrLike};

let mut casper = unsafe { Casper::new().unwrap() };
let mut cap_net = casper.net().unwrap();
let mut limit = cap_net.limit(LimitFlags::BIND);
let addr = SockaddrIn::from_str("127.0.0.1:8083").unwrap();
limit.bind(&addr);
limit.limit();
// Now the service will refuse attempts to bind to any other address or
// port.

Trait Implementations

impl Debug for CapNetAgent

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.