restrict 0.2.1

A crate to allow, deny, or trace Linux syscalls with an ergonomic, auto-generated enum customized for your system architecture.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

use restrict::*;

use policy::Policy;
// use syscall::Syscall;
use syscall::Syscall;
fn main() -> Result<(), SeccompError> {
    println!("This will process will be killed!");

    let mut filter = Policy::allow_all()?;
    filter.deny(Syscall::Write);
    filter.deny(Syscall::Openat);

    println!("This should work");
    filter.apply()?;
    println!(
        "The current proccess should be killed before this is displayed because this uses write() syscall"
    );
    Ok(())
}