restrict 0.2.1

A crate to allow, deny, or trace Linux syscalls with an ergonomic, auto-generated enum customized for your system architecture.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

use std::fs;

use restrict::{syscall::Syscall, *};

use policy::Policy;

fn main() -> Result<(), SeccompError> {
    let mut filter = Policy::allow_all()?;

    filter
        // Openat syscall should fail with errno 44
        .fail_with(Syscall::Openat, 44);
    filter.apply()?;

    // openat() syscall
    let _read_fs = fs::read("test.txt").unwrap();
    println!("This read will fail with errno 44 `Channel number is out of range`");
    Ok(())
}