1use nix::sys::{
2 resource::rlim_t,
3 signal::{Signal, SIGKILL},
4};
5
6use crate::landlock::{AccessFs, AccessNet};
7
8#[derive(Debug, Copy, Clone)]
9pub struct Config {
10 pub death_sig: Option<Signal>,
11 pub restore_sigmask: bool,
12 pub deny_tsc: bool,
13 pub keep: bool,
14 pub stop: bool,
15 pub ssb: bool,
16 pub append_only: bool,
17 pub restrict_kptr: bool,
18 pub restrict_prlimit: bool,
19 pub rlimit_as: Option<rlim_t>,
20 pub rlimit_core: Option<rlim_t>,
21 pub rlimit_cpu: Option<rlim_t>,
22 pub rlimit_data: Option<rlim_t>,
23 pub rlimit_fsize: Option<rlim_t>,
24 pub rlimit_memlock: Option<rlim_t>,
25 pub rlimit_msgqueue: Option<rlim_t>,
26 pub rlimit_nice: Option<rlim_t>,
27 pub rlimit_nofile: Option<rlim_t>,
28 pub rlimit_nproc: Option<rlim_t>,
29 pub rlimit_rtprio: Option<rlim_t>,
30 pub rlimit_rttime: Option<rlim_t>,
31 pub rlimit_sigpending: Option<rlim_t>,
32 pub rlimit_stack: Option<rlim_t>,
33 pub landlock_access_fs: AccessFs,
34 pub landlock_access_net: AccessNet,
35 pub landlock_scoped_abs: bool,
36}
37
38impl Default for Config {
39 fn default() -> Config {
40 Config {
41 death_sig: Some(SIGKILL),
42 restore_sigmask: true,
43 deny_tsc: false,
44 keep: false,
45 stop: false,
46 ssb: false,
47 append_only: false,
48 restrict_kptr: false,
49 restrict_prlimit: false,
50 rlimit_as: None,
51 rlimit_core: None,
52 rlimit_cpu: None,
53 rlimit_data: None,
54 rlimit_fsize: None,
55 rlimit_memlock: None,
56 rlimit_msgqueue: None,
57 rlimit_nice: None,
58 rlimit_nofile: None,
59 rlimit_nproc: None,
60 rlimit_rtprio: None,
61 rlimit_rttime: None,
62 rlimit_sigpending: None,
63 rlimit_stack: None,
64 landlock_access_fs: AccessFs::EMPTY,
65 landlock_access_net: AccessNet::EMPTY,
66 landlock_scoped_abs: false,
67 }
68 }
69}