Rust Language Bindings for the libseccomp Library

The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.

The libseccomp crate is a high-level safe API for the libseccomp library.

Examples

use libseccomp::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
let syscall = ScmpSyscall::from_name("getuid")?;

filter.add_arch(ScmpArch::X8664)?;
filter.add_rule(ScmpAction::Errno(1), syscall)?;
filter.load()?;

Ok(())
}

use libseccomp::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
let syscall = ScmpSyscall::from_name("dup3")?;
let cmp = ScmpArgCompare::new(0, ScmpCompareOp::Equal, 1);

filter.add_arch(ScmpArch::X8664)?;
filter.add_rule_conditional(ScmpAction::Errno(libc::EPERM), syscall, &[cmp])?;
filter.load()?;

Ok(())
}