Crate extrasafe_multiarch
source ·Expand description
extrasafe is a library that makes it easy to improve your program’s security by selectively allowing the syscalls it can perform via the Linux kernel’s seccomp facilities.
See the SafetyContext
struct’s documentation and the tests/ and examples/ directories for
more information on how to use it.
Re-exports§
Modules§
- Built-in
RuleSet
s - Extrasafe error types
- Macros for extrasafe
- Syscalls export This module re-exports syscalls for the target architecture.
Macros§
- A macro to easily create
crate::SeccompArgumentFilter
s. Note that because internally it uses a helper macro, to use this macro you should justuse extrasafe::*
if possible. Usage:
Structs§
- A struct representing a set of rules to be loaded into a seccomp filter and applied to the current thread, or all threads in the current process.
- A restriction on the arguments of a syscall. May be combined with other
SeccompArgumentFilter
as part of a singleSeccompRule
, in which case they are and-ed together and must all return true for the syscall to be allowed. - A seccomp rule.
- Condition that a syscall must match in order to satisfy a rule.
- Filter containing rules assigned to syscall numbers.
- Rule that a filter attempts to match for a syscall.
Enums§
- Comparison to perform when matching a condition.
- Library errors.
Traits§
- A
RuleSet
is a collection ofSeccompRule
andLandlockRule
s that enable a functionality, such as opening files or starting threads.