Crate extrasafe_multiarch

extrasafe is a library that makes it easy to improve your program’s security by selectively allowing the syscalls it can perform via the Linux kernel’s seccomp facilities.

See the SafetyContext struct’s documentation and the tests/ and examples/ directories for more information on how to use it.

Re-exports

• pub use error::*;
• pub use macros::*;

Modules

• builtins
  Built-in RuleSets
• error
  Extrasafe error types
• macros
  Macros for extrasafe
• syscalls
  Syscalls export This module re-exports syscalls for the target architecture.

Macros

• seccomp_arg_filter
  A macro to easily create crate::SeccompArgumentFilters. Note that because internally it uses a helper macro, to use this macro you should just use extrasafe::* if possible. Usage:

Structs

• SafetyContext
  A struct representing a set of rules to be loaded into a seccomp filter and applied to the current thread, or all threads in the current process.
• SeccompArgumentFilter
  A restriction on the arguments of a syscall. May be combined with other SeccompArgumentFilter as part of a single SeccompRule, in which case they are and-ed together and must all return true for the syscall to be allowed.
• SeccompRule
  A seccomp rule.
• SeccompilerArgumentFilter
  Condition that a syscall must match in order to satisfy a rule.
• SeccompilerFilter
  Filter containing rules assigned to syscall numbers.
• SeccompilerRule
  Rule that a filter attempts to match for a syscall.

Enums

• SeccompilerComparator
  Comparison to perform when matching a condition.
• SeccompilerError
  Library errors.

Traits

• RuleSet
  A RuleSet is a collection of SeccompRule and LandlockRule s that enable a functionality, such as opening files or starting threads.