Crate libseccomp
source · [−]Expand description
Rust Language Bindings for the libseccomp Library
The libseccomp library provides an easy to use, platform independent, interface to the Linux Kernel’s syscall filtering mechanism. The libseccomp API is designed to abstract away the underlying BPF based syscall filter language and present a more conventional function-call based filtering interface that should be familiar to, and easily adopted by, application developers.
The libseccomp crate is a high-level safe API for the libseccomp library.
Examples
use libseccomp::*;
fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
let syscall = ScmpSyscall::from_name("getuid")?;
filter.add_arch(ScmpArch::X8664)?;
filter.add_rule(ScmpAction::Errno(1), syscall)?;
filter.load()?;
Ok(())
}
use libseccomp::*;
fn main() -> Result<(), Box<dyn std::error::Error>> {
let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
let syscall = ScmpSyscall::from_name("dup3")?;
let cmp = ScmpArgCompare::new(0, ScmpCompareOp::Equal, 1);
filter.add_arch(ScmpArch::X8664)?;
filter.add_rule_conditional(ScmpAction::Errno(libc::EPERM), syscall, &[cmp])?;
filter.load()?;
Ok(())
}
Features
const-syscall
: Allow creating ofScmpSyscall
in aconst
-context.
Modules
Errors
Macros
A macro to create
ScmpArgCompare
in a more elegant way.Structs
Represents a rule in a libseccomp filter context.
Represents a filter context in the libseccomp.
Describes the system call context that triggered a notification.
Represents a userspace notification request.
Represents a userspace notification response.
Userspace notification response flags
Represents a syscall number.
Represents the version information of the libseccomp library.
Enums
Represents an action to be taken on a filter rule match in the libseccomp.
Represents a CPU architecture.
Seccomp can restrict syscalls on a per-architecture basis.
Represents a comparison operator which can be used in a filter rule.
Represents filter attributes.
Constants
NOTIF_FLAG_CONTINUEDeprecated
Userspace notification response flag
Functions
Checks that both the libseccomp API level and the libseccomp version being
used are equal to or greater than the specified API level and version.
Checks that the libseccomp version being used is equal to or greater than
the specified version.
Gets the API level supported by the system.
get_library_versionDeprecated
Deprecated alias for
ScmpVersion::current()
.get_syscall_from_nameDeprecated
Gets the number of a syscall by name for a given architecture’s ABI.
get_syscall_name_from_archDeprecated
Retrieves the name of a syscall from its number for a given architecture.
Checks if a userspace notification is still valid.
Resets the libseccomp library’s global state.
Sets the API level forcibly.
Type Definitions
Represents a file descriptor used for the userspace notification.