capsec 0.2.2

Compile-time capability-based security for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

//! Example: Async context with `#[capsec::context(send)]`
//!
//! Shows how to use capability contexts in async/threaded code.
//! The `send` variant uses `SendCap<P>` fields, making the context
//! `Send + Sync` so it can be wrapped in `Arc` and shared across tasks.
//!
//! Run with: `cargo run --example async_context --features tokio`

#[cfg(feature = "tokio")]
mod inner {
    use capsec::CapSecError;
    use std::sync::Arc;

    #[capsec::context(send)]
    struct AppCtx {
        fs: FsRead,
    }

    async fn handle_request(id: usize, ctx: &AppCtx) -> Result<(), CapSecError> {
        let data = capsec::tokio::fs::read_to_string("/etc/hostname", ctx).await?;
        println!("[task {id}] hostname: {}", data.trim());
        Ok(())
    }

    #[capsec::main]
    #[tokio::main]
    pub async fn run(root: capsec::CapRoot) {
        let ctx = Arc::new(AppCtx::new(&root));

        let mut handles = Vec::new();
        for i in 0..3 {
            let ctx = ctx.clone();
            handles.push(tokio::spawn(async move {
                handle_request(i, &ctx).await.ok();
            }));
        }

        for h in handles {
            h.await.unwrap();
        }

        println!("All tasks complete.");
    }
}

#[cfg(feature = "tokio")]
fn main() {
    inner::run();
}

#[cfg(not(feature = "tokio"))]
fn main() {
    eprintln!("This example requires the `tokio` feature:");
    eprintln!("  cargo run --example async_context --features tokio");
}