syd 3.2.2

seccomp and landlock based application sandbox with support for namespaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# syd's clippy configuration
# please use cargo +nightly clippy if/when you can

cognitive-complexity-threshold = 10
max-fn-params-bools = 0
type-complexity-threshold = 120
disallowed-macros = [
    'dbg',
    'todo',
    'std::unimplemented',
]
disallowed-methods = [
    # Use proper error handling
    "std::option::Option::unwrap",
    "std::result::Result::unwrap",
    "std::option::Option::expect",
    "std::result::Result::expect",

    # Use the tempdir crate instead
    "std::env::temp_dir",

    # Use `std::thread::Builder` and name the thread
    "std::thread::spawn",

    # We compile with panic = "abort"
    "std::panic::catch_unwind",

    # Exit won't cleanup, ie run drop for what's in scope.
    # Exit with anything that impls std::process::Termination,
    # such as std::process::ExitCode instead.
    "std::process::exit",
]
disallowed-types = [
    # Use the faster & simpler non-poisonable primitives in `parking_lot` instead
    "std::sync::Mutex",
    "std::sync::RwLock",
    "std::sync::RwLockReadGuard",
    "std::sync::RwLockWriteGuard",
    "std::sync::Condvar",
    "std::sync::Once",
]
doc-valid-idents = [
    "SydBox",
    "..",
]