Crate syscallz[−][src]
Expand description
Simple seccomp library for rust. Please note that the syscall list is incomplete and you might need to send a PR to get your syscalls included. This crate releases frequently if the syscall list has been updated.
Example
use syscallz::{Context, Syscall, Action}; fn main() -> syscallz::Result<()> { // The default action if no other rule matches is syscallz::DEFAULT_KILL // For a different default use `Context::init_with_action` let mut ctx = Context::init()?; // Allow-list some syscalls ctx.allow_syscall(Syscall::open); ctx.allow_syscall(Syscall::getpid); // Set a specific action for a syscall ctx.set_action_for_syscall(Action::Errno(1), Syscall::execve); // Enforce the seccomp filter ctx.load()?; Ok(()) }
Structs
A compare rule to restrict an argument syscall
The context to configure and enforce seccomp rules
The error type
Enums
The action to execute if a rule matches
An enum for !=
, <
, <=
, ==
, >=
, >
An enum of all syscalls
Constants
The default kill action, defaults to KillProcess on supported libseccomp versions and falls back to KillThread otherwise
Type Definitions
A type wrapper around Result<T, syscallz::Error>