Crate extrasafe

Expand description

extrasafe is a library that makes it easy to improve your program’s security by selectively allowing the syscalls it can perform via the Linux kernel’s seccomp facilities.

See the SafetyContext struct’s documentation and the tests/ and examples/ directories for more information on how to use it.

Re-exports§

pub use syscalls;
pub use error::*;

Modules§

access: Helper functions for Landlock access rights
builtins: Built-in RuleSets
error: Extrasafe error types
isolate: Extrasafe’s Isolate allows you to run a subprocess in a user namespace, which allows you to isolate your program in order to e.g. run
macros: Macros for extrasafe

Macros§

seccomp_arg_filter: A macro to easily create crate::SeccompArgumentFilters. Note that because internally it uses a helper macro, to use this macro you should just use extrasafe::* if possible. Usage:

Structs§

BitFlags: Represents a set of flags of some type T. T must have the #[bitflags] attribute applied.
LandlockRule: A Landlock rule. It consists of a path and a collection of access rights which determine what actions can be performed on that path.
PathBeneath: Landlock rule for a file hierarchy.
PathFd: Simple helper to open a file or a directory with the O_PATH flag.
Ruleset: Landlock ruleset builder.
SafetyContext: A struct representing a set of rules to be loaded into a seccomp filter and applied to the current thread, or all threads in the current process.
SeccompArgumentFilter: A restriction on the arguments of a syscall. May be combined with other SeccompArgumentFilter as part of a single SeccompRule, in which case they are and-ed together and must all return true for the syscall to be allowed.
SeccompRule: A seccomp rule.
SeccompilerArgumentFilter: Condition that a syscall must match in order to satisfy a rule.
SeccompilerFilter: Filter containing rules assigned to syscall numbers.
SeccompilerRule: Rule that a filter attempts to match for a syscall.

Enums§

ABI: Version of the Landlock ABI.
AccessFs: File system access right.
CompatLevel: See the Compatible documentation.
LandlockError: Maps to all errors that can be returned by a ruleset action.
SeccompilerComparator: Comparison to perform when matching a condition.
SeccompilerError: Library errors.

Traits§

Access
Compatible: Properly handles runtime unsupported features.
RuleSet: A RuleSet is a collection of SeccompRule and LandlockRule s that enable a functionality, such as opening files or starting threads.
RulesetAttr
RulesetCreatedAttr