Rust Language Bindings for the libseccomp Library
The libseccomp library provides an easy to use, platform independent, interface to
the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to
abstract away the underlying BPF based syscall filter language and present a more
conventional function-call based filtering interface that should be familiar to, and
easily adopted by, application developers.
The libseccomp crate is a high-level safe API for the libseccomp library.
Examples
use libseccomp::*;
fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
let syscall = ScmpSyscall::from_name("getuid")?;
filter.add_arch(ScmpArch::X8664)?;
filter.add_rule(ScmpAction::Errno(1), syscall)?;
filter.load()?;
Ok(())
}
use libseccomp::*;
fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
let syscall = ScmpSyscall::from_name("dup3")?;
let cmp = ScmpArgCompare::new(0, ScmpCompareOp::Equal, 1);
filter.add_arch(ScmpArch::X8664)?;
filter.add_rule_conditional(ScmpAction::Errno(libc::EPERM), syscall, &[cmp])?;
filter.load()?;
Ok(())
}