[−][src]Crate pentacle
pentacle is a library for executing programs as sealed anonymous files on Linux, using
memfd_create(2)
.
This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.
The library provides a wrapper around Command
as well as two helper
functions for programs that execute sealed versions of themselves.
fn main() { pentacle::ensure_sealed().unwrap(); // The rest of your code }
Structs
SealedCommand | A |
Functions
ensure_sealed | Ensure the currently running program is a sealed anonymous file. |
is_sealed | Verify whether the currently running program is a sealed anonymous file. |