evalbox_sys/lib.rs
1//! Low-level Linux syscall wrappers for sandboxing.
2//!
3//! This crate provides thin wrappers around Linux-specific security syscalls
4//! that are not available in rustix or libc. For standard syscalls, use rustix.
5//!
6//! ## Modules
7//!
8//! - **landlock** - Landlock LSM for filesystem/network access control (kernel 5.13+)
9//! - **seccomp** - Seccomp-BPF syscall filtering
10//! - **check** - Runtime system capability detection
11//!
12//! ## Landlock
13//!
14//! Landlock provides fine-grained filesystem access control. ABI versions:
15//! - ABI 1: Basic filesystem access (kernel 5.13)
16//! - ABI 2: File truncation (kernel 5.19)
17//! - ABI 3: File permission changes (kernel 6.2)
18//! - ABI 4: Network TCP access control (kernel 6.7)
19//!
20//! ## Seccomp-BPF
21//!
22//! Seccomp-BPF allows filtering syscalls via BPF programs. This crate provides
23//! a whitelist-based filter that allows ~40 safe syscalls and kills the process
24//! on any other syscall.
25//!
26//! # Safety
27//!
28//! This crate contains raw syscall wrappers. Casts between integer types
29//! are unavoidable when interfacing with the kernel ABI.
30
31#![allow(clippy::cast_possible_truncation)]
32#![allow(clippy::cast_sign_loss)]
33
34pub mod check;
35pub mod landlock;
36pub mod seccomp;
37
38pub use check::{check, CheckError, SystemInfo};
39
40#[inline]
41pub fn last_errno() -> rustix::io::Errno {
42 // SAFETY: __errno_location always returns valid thread-local pointer.
43 rustix::io::Errno::from_raw_os_error(unsafe { *libc::__errno_location() })
44}