extrasafe_multiarch/builtins/
time.rs

1//! Contains a [`RuleSet`] for allowing time-related syscalls, but check the comments for why you
2//! probably don't actually need to enable them.
3
4use std::collections::{HashMap, HashSet};
5
6use crate::syscalls::Sysno;
7
8use crate::{SeccompRule, RuleSet};
9
10#[must_use]
11/// Enable syscalls related to time.
12pub struct Time {
13    /// Syscalls that are allowed
14    allowed: HashSet<Sysno>,
15}
16
17impl Time {
18    /// Create a new Time [`RuleSet`] with nothing allowed by default.
19    pub fn nothing() -> Time {
20        Time {
21            allowed: HashSet::new(),
22        }
23    }
24
25/// On most 64 bit systems glibc and musl both use the
26/// [`vDSO`](https://man7.org/linux/man-pages/man7/vdso.7.html) to compute the time directly with
27/// rdtsc rather than calling the `clock_gettime` syscall, so in most cases you don't need to
28/// actually enable this.
29    pub fn allow_gettime(mut self) -> Time {
30        self.allowed
31            .extend([Sysno::clock_gettime, Sysno::clock_getres]);
32
33        self
34    }
35}
36
37impl RuleSet for Time {
38    fn simple_rules(&self) -> Vec<Sysno> {
39        self.allowed.iter().copied().collect()
40    }
41
42    fn name(&self) -> &'static str {
43        "Time"
44    }
45}
extrasafe_multiarch/builtins/time.rs

extrasafe_multiarch/builtins/
time.rs
