syd 3.52.0

rock-solid application kernel
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

use nix::sys::{
    resource::rlim_t,
    signal::{Signal, SIGKILL},
};

use crate::landlock::{AccessFs, AccessNet};

#[derive(Debug, Copy, Clone)]
pub struct Config {
    pub death_sig: Option<Signal>,
    pub restore_sigmask: bool,
    pub deny_tsc: bool,
    pub keep: bool,
    pub stop: bool,
    pub ssb: bool,
    pub append_only: bool,
    pub restrict_kptr: bool,
    pub restrict_prlimit: bool,
    pub rlimit_as: Option<rlim_t>,
    pub rlimit_core: Option<rlim_t>,
    pub rlimit_cpu: Option<rlim_t>,
    pub rlimit_data: Option<rlim_t>,
    pub rlimit_fsize: Option<rlim_t>,
    pub rlimit_memlock: Option<rlim_t>,
    pub rlimit_msgqueue: Option<rlim_t>,
    pub rlimit_nice: Option<rlim_t>,
    pub rlimit_nofile: Option<rlim_t>,
    pub rlimit_nproc: Option<rlim_t>,
    pub rlimit_rtprio: Option<rlim_t>,
    pub rlimit_rttime: Option<rlim_t>,
    pub rlimit_sigpending: Option<rlim_t>,
    pub rlimit_stack: Option<rlim_t>,
    pub landlock_access_fs: AccessFs,
    pub landlock_access_net: AccessNet,
    pub landlock_scoped_abs: bool,
}

impl Default for Config {
    fn default() -> Config {
        Config {
            death_sig: Some(SIGKILL),
            restore_sigmask: true,
            deny_tsc: false,
            keep: false,
            stop: false,
            ssb: false,
            append_only: false,
            restrict_kptr: false,
            restrict_prlimit: false,
            rlimit_as: None,
            rlimit_core: None,
            rlimit_cpu: None,
            rlimit_data: None,
            rlimit_fsize: None,
            rlimit_memlock: None,
            rlimit_msgqueue: None,
            rlimit_nice: None,
            rlimit_nofile: None,
            rlimit_nproc: None,
            rlimit_rtprio: None,
            rlimit_rttime: None,
            rlimit_sigpending: None,
            rlimit_stack: None,
            landlock_access_fs: AccessFs::EMPTY,
            landlock_access_net: AccessNet::EMPTY,
            landlock_scoped_abs: false,
        }
    }
}

#[cfg(test)]
mod tests {
    use nix::sys::signal::SIGKILL;

    use super::*;

    #[test]
    fn test_config_1() {
        let config = Config::default();
        assert_eq!(config.death_sig, Some(SIGKILL));
    }

    #[test]
    fn test_config_2() {
        let config = Config::default();
        assert!(config.restore_sigmask);
    }

    #[test]
    fn test_config_3() {
        let config = Config::default();
        assert!(!config.deny_tsc);
    }

    #[test]
    fn test_config_4() {
        let config = Config::default();
        assert!(!config.keep);
    }

    #[test]
    fn test_config_5() {
        let config = Config::default();
        assert!(config.rlimit_as.is_none());
        assert!(config.rlimit_core.is_none());
        assert!(config.rlimit_nofile.is_none());
    }

    #[test]
    fn test_config_6() {
        let config = Config::default();
        assert!(!config.landlock_scoped_abs);
    }
}