1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
// SPDX-License-Identifier: Apache-2.0 or MIT
//
// Copyright 2021 Sony Group Corporation
//
//! Rust Language Bindings for the libseccomp Library
//!
//! The libseccomp library provides an easy to use, platform independent, interface to
//! the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to
//! abstract away the underlying BPF based syscall filter language and present a more
//! conventional function-call based filtering interface that should be familiar to, and
//! easily adopted by, application developers.
//!
//! The libseccomp crate is a high-level safe API for the libseccomp library.
//!
//! # Examples
//!
//! ```rust
//! use libseccomp::*;
//!
//! fn main() -> Result<(), Box<dyn std::error::Error>> {
//! let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
//! let syscall = ScmpSyscall::from_name("getuid")?;
//!
//! filter.add_arch(ScmpArch::X8664)?;
//! filter.add_rule(ScmpAction::Errno(1), syscall)?;
//! filter.load()?;
//!
//! Ok(())
//! }
//! ```
//! ```rust
//! use libseccomp::*;
//!
//! fn main() -> Result<(), Box<dyn std::error::Error>> {
//! let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
//! let syscall = ScmpSyscall::from_name("dup3")?;
//! let cmp = ScmpArgCompare::new(0, ScmpCompareOp::Equal, 1);
//!
//! filter.add_arch(ScmpArch::X8664)?;
//! filter.add_rule_conditional(ScmpAction::Errno(libc::EPERM), syscall, &[cmp])?;
//! filter.load()?;
//!
//! Ok(())
//! }
//! ```
//!
//! # Features
//!
//! - `const-syscall`: Allow creating of `ScmpSyscall` in a `const`-context.
#![warn(rust_2018_idioms)]
#![deny(missing_debug_implementations)]
#![deny(missing_docs)]
#![deny(unsafe_op_in_unsafe_fn)]
#![warn(clippy::inefficient_to_string)]
#![warn(clippy::string_to_string)]
#![warn(clippy::semicolon_if_nothing_returned)]
#![warn(clippy::clone_on_ref_ptr)]
#![warn(clippy::unwrap_in_result)]
#![cfg_attr(docsrs, feature(doc_cfg))]
/// Errors
pub mod error;
mod action;
mod api;
mod arch;
mod arg_compare;
mod compare_op;
mod filter_attr;
mod filter_context;
mod functions;
#[cfg(any(libseccomp_v2_5, doc))]
mod notify;
mod syscall;
mod version;
use error::{Result, SeccompError};
pub use action::ScmpAction;
pub use api::{check_api, get_api, set_api};
pub use arch::ScmpArch;
pub use arg_compare::ScmpArgCompare;
pub use compare_op::ScmpCompareOp;
pub use filter_attr::ScmpFilterAttr;
pub use filter_context::ScmpFilterContext;
pub use functions::*;
#[cfg(any(libseccomp_v2_5, doc))]
pub use notify::*;
pub use syscall::ScmpSyscall;
pub use version::{check_version, ScmpVersion};
fn cvt(ret: i32) -> Result<()> {
if ret == 0 {
Ok(())
} else {
Err(SeccompError::from_errno(ret))
}
}