sandlock-core 0.4.4

Lightweight process sandbox using Landlock, seccomp-bpf, and seccomp user notification
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

use crate::result::RunResult;
use std::fmt;
use std::path::PathBuf;

/// Kind of filesystem change detected by dry-run.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum ChangeKind {
    /// File was created (exists in upper but not in workdir).
    Added,
    /// File was modified (exists in both, content differs).
    Modified,
    /// File was deleted.
    Deleted,
}

impl fmt::Display for ChangeKind {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            ChangeKind::Added => write!(f, "A"),
            ChangeKind::Modified => write!(f, "M"),
            ChangeKind::Deleted => write!(f, "D"),
        }
    }
}

/// A single filesystem change detected by dry-run.
#[derive(Debug, Clone)]
pub struct Change {
    pub kind: ChangeKind,
    /// Path relative to workdir.
    pub path: PathBuf,
}

impl fmt::Display for Change {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}  {}", self.kind, self.path.display())
    }
}

/// Result of a dry-run execution.
#[derive(Debug)]
pub struct DryRunResult {
    pub run_result: RunResult,
    pub changes: Vec<Change>,
}