Expand description
Simple seccomp library for rust. Please note that the syscall list is incomplete and you might need to send a PR to get your syscalls included. This crate releases frequently if the syscall list has been updated.
Example
use syscallz::{Context, Syscall, Action};
fn main() -> syscallz::Result<()> {
// The default action if no other rule matches is syscallz::DEFAULT_KILL
// For a different default use `Context::init_with_action`
let mut ctx = Context::init()?;
// Allow-list some syscalls
ctx.allow_syscall(Syscall::open);
ctx.allow_syscall(Syscall::getpid);
// Set a specific action for a syscall
ctx.set_action_for_syscall(Action::Errno(1), Syscall::execve);
// Enforce the seccomp filter
ctx.load()?;
Ok(())
}
Structs
- A compare rule to restrict an argument syscall
- The context to configure and enforce seccomp rules
- The error type
Enums
- The action to execute if a rule matches
- An enum for
!=
,<
,<=
,==
,>=
,>
- An enum of all syscalls
Constants
- The default kill action, defaults to KillProcess on supported libseccomp versions and falls back to KillThread otherwise
Type Aliases
- A type wrapper around
Result<T, syscallz::Error>