Struct seccompiler::SeccompFilter

source · [−]

pub struct SeccompFilter { /* private fields */ }

Expand description

Filter containing rules assigned to syscall numbers.

Implementations

impl SeccompFilter

pub fn new(
    rules: BTreeMap<i64, Vec<SeccompRule>>,
    mismatch_action: SeccompAction,
    match_action: SeccompAction,
    target_arch: TargetArch
) -> Result<Self, Error>

Creates a new filter with a set of rules, an on-match and default action.

Arguments

rules - Map containing syscall numbers and their respective SeccompRules.
mismatch_action - SeccompAction taken for all syscalls that do not match any rule.
match_action - SeccompAction taken for system calls that match the filter.
target_arch - Target architecture of the generated BPF filter.

Example

use seccompiler::{
    SeccompAction, SeccompCmpArgLen, SeccompCmpOp, SeccompCondition, SeccompFilter, SeccompRule,
};
use std::convert::TryInto;

let filter = SeccompFilter::new(
    vec![
        (libc::SYS_accept4, vec![]),
        (
            libc::SYS_fcntl,
            vec![
                SeccompRule::new(vec![
                    SeccompCondition::new(
                        1,
                        SeccompCmpArgLen::Dword,
                        SeccompCmpOp::Eq,
                        libc::F_SETFD as u64,
                    )
                    .unwrap(),
                    SeccompCondition::new(
                        2,
                        SeccompCmpArgLen::Dword,
                        SeccompCmpOp::Eq,
                        libc::FD_CLOEXEC as u64,
                    )
                    .unwrap(),
                ])
                .unwrap(),
                SeccompRule::new(vec![SeccompCondition::new(
                    1,
                    SeccompCmpArgLen::Dword,
                    SeccompCmpOp::Eq,
                    libc::F_GETFD as u64,
                )
                .unwrap()])
                .unwrap(),
            ],
        ),
    ]
    .into_iter()
    .collect(),
    SeccompAction::Trap,
    SeccompAction::Allow,
    std::env::consts::ARCH.try_into().unwrap(),
);

Trait Implementations

impl Clone for SeccompFilter

fn clone(&self) -> SeccompFilter

Returns a copy of the value. Read more

1.0.0 · source

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for SeccompFilter

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl PartialEq<SeccompFilter> for SeccompFilter

fn eq(&self, other: &SeccompFilter) -> bool

This method tests for self and other values to be equal, and is used by ==. Read more

1.0.0 · source

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more

impl TryFrom<SeccompFilter> for BpfProgram

type Error = Error

The type returned in the event of a conversion error.

fn try_from(filter: SeccompFilter) -> Result<Self, Error>

Performs the conversion.

impl Eq for SeccompFilter

impl StructuralEq for SeccompFilter

impl StructuralPartialEq for SeccompFilter

Auto Trait Implementations

impl RefUnwindSafe for SeccompFilter

impl Send for SeccompFilter

impl Sync for SeccompFilter

impl Unpin for SeccompFilter

impl UnwindSafe for SeccompFilter

Blanket Implementations

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for Twhere
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> ToOwned for Twhere
T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.