linux-support 0.0.25

Comprehensive Linux support for namespaces, cgroups, processes, scheduling, parsing /proc, parsing /sys, signals, hyper threads, CPUS, NUMA nodes, unusual file descriptors, PCI devices and much, much more
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

// This file is part of linux-support. It is subject to the license terms in the COPYRIGHT file found in the top-level directory of this distribution and at https://raw.githubusercontent.com/lemonrock/linux-support/master/COPYRIGHT. No part of linux-support, including this file, may be copied, modified, propagated, or distributed except according to the terms contained in the COPYRIGHT file.
// Copyright © 2020 The developers of linux-support. See the COPYRIGHT file in the top-level directory of this distribution and at https://raw.githubusercontent.com/lemonrock/linux-support/master/COPYRIGHT.


bitflags!
{
	/// Syscall outcome.
	///
	/// Unsupported actions are equivalent to `KillTheProcess`.
	pub struct SyscallOutcome: u32
	{
		#[allow(missing_docs)]
		const KillTheProcess = SECCOMP_RET_KILL_PROCESS;

		#[allow(missing_docs)]
		const KillTheThread = SECCOMP_RET_KILL_THREAD;

		/// Also known as a trap.
		const DisallowAndRaiseSigSys = SECCOMP_RET_TRAP;

		/// Return an error.
		///
		/// Bottom bits specify error number.
		const ReturnErrorNumber = SECCOMP_RET_ERRNO;

		/// Notify userspace on a file descriptor returned from `seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_NEW_LISTENER)`.
		const NotifyUserspace = SECCOMP_RET_USER_NOTIF;

		#[allow(missing_docs)]
		const DisallowOrPassToPTrace = SECCOMP_RET_TRACE;

		#[allow(missing_docs)]
		const AllowButLog = SECCOMP_RET_LOG;

		#[allow(missing_docs)]
		const Allow = SECCOMP_RET_ALLOW;
	}
}

impl SyscallOutcome
{
	/// Is the syscall outcome (return action) supported by the current Linux kernel?
	///
	/// Unsupported actions are equivalent to `KillTheProcess`.
	#[inline(always)]
	pub fn is_supported_by_current_linux_kernel(self) -> io::Result<bool>
	{
		let mut bits = self.bits;
		let result = seccomp(SECCOMP_GET_ACTION_AVAIL, 0, &mut bits as *mut u32 as *mut _);
		if likely!(result == 0)
		{
			Ok(true)
		}
		else if likely!(result == -1)
		{
			match errno().0
			{
				EOPNOTSUPP => Ok(false),
				_ => Err(io::Error::last_os_error())
			}
		}
		else
		{
			unreachable_code(format_args!("seccomp() returned unexpected result {}", result))
		}
	}
}