Crate extrasafe_multiarch 

extrasafe is a library that makes it easy to improve your program’s security by selectively allowing the syscalls it can perform via the Linux kernel’s seccomp facilities.

See the SafetyContext struct’s documentation and the tests/ and examples/ directories for more information on how to use it.

Re-exports

pub use error::*;

pub use macros::*;

Modules

builtins

Built-in RuleSets

error

Extrasafe error types

macros

Macros for extrasafe

syscalls

Syscalls export This module re-exports syscalls for the target architecture.

Macros

seccomp_arg_filter

A macro to easily create crate::SeccompArgumentFilters. Note that because internally it uses a helper macro, to use this macro you should just use extrasafe::* if possible. Usage:

Structs

SafetyContext

A struct representing a set of rules to be loaded into a seccomp filter and applied to the current thread, or all threads in the current process.

SeccompArgumentFilter

A restriction on the arguments of a syscall. May be combined with other SeccompArgumentFilter as part of a single SeccompRule, in which case they are and-ed together and must all return true for the syscall to be allowed.

SeccompRule

A seccomp rule.

SeccompilerArgumentFilter

Condition that a syscall must match in order to satisfy a rule.

SeccompilerFilter

Filter containing rules assigned to syscall numbers.

SeccompilerRule

Rule that a filter attempts to match for a syscall.

Enums

SeccompilerComparator

Comparison to perform when matching a condition.

SeccompilerError

Library errors.

Traits

RuleSet

A RuleSet is a collection of SeccompRule and LandlockRule s that enable a functionality, such as opening files or starting threads.