restrict 0.2.1

A crate to allow, deny, or trace Linux syscalls with an ergonomic, auto-generated enum customized for your system architecture.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

use crate::{
    policy::{Action, Syscall},
    wrapper::SeccompWrapper,
    SeccompError,
};

use super::RestrictFilter;

/// seccomp fiters duh!
pub(crate) struct SeccompFilter {
    syscall: Syscall,
    action: Action,
}
impl SeccompFilter {
    /// declare a new filter
    pub fn new(syscall: Syscall, action: Action) -> Self {
        Self { syscall, action }
    }
    pub fn syscall(&self) -> Syscall {
        self.syscall
    }

    pub fn action(&self) -> Action {
        self.action
    }
}
impl RestrictFilter for SeccompFilter {
    fn apply(&self, ctx: &mut SeccompWrapper) -> Result<(), SeccompError> {
        ctx.add_rule(self.action, self.syscall)
    }
}