Networking

extrasafe_multiarch::builtins::network

Struct Networking 

Source 
pub struct Networking { /* private fields */ }
Expand description

A RuleSet representing syscalls that perform network operations - accept/listen/bind/connect etc.

§How to use

  1. Select TCP or UDP (or both) with enable_tcp(), enable_udp() 2a. If you are a server of some sort, strongly consider first binding to your ports and then not allowing further binds by using running_tcp_server() or running_udp_server(). Otherwise, 2b. If you are a client, use tcp_client() and/or udp_client(), which does not allow accept or listen syscalls. The most common use-case: select TCP or UDP (or both) with .enable_tcp() or .enable_udp(), and then decide if you’re going to allow binding to new ports

§Security considerations

If you enable writing (on either tcp or udp), this enables the write syscall which will therefore also enable writing to stdout/stderr and any open files. Therefore you should take care to consider whether you can split up your program (e.g. across separate threads) into a part that opens and writes to files and a part that speaks to the network. This is a good security practice in general.

Implementations§

Source§

impl Networking

Source

pub fn nothing() -> Networking

By default, allow no networking syscalls.

Source

pub fn allow_running_tcp_servers(self) -> Networking

Allow a running TCP server to continue running. Does not allow socket or bind, preventing new sockets from being created.

Source

pub fn allow_start_tcp_servers(self) -> YesReally<Networking>

Allow starting new TCP servers.

§Security Notes

You probably don’t need to use this. In most cases you can just run your server and then use allow_running_tcp_servers. See examples/network_server.rs for an example with warp.

Source

pub fn allow_running_udp_sockets(self) -> Networking

Allow a running UDP socket to continue running. Does not allow socket or bind, preventing new sockets from being created.

Source

pub fn allow_start_udp_servers(self) -> YesReally<Networking>

Allow starting new UDP sockets.

§Security Notes

You probably don’t need to use this. In most cases you can just run your server and then use allow_running_udp_sockets.

Source

pub fn allow_connect(self) -> YesReally<Networking>

Allow connect syscall

§Security Considerations

This allows connnecting to a potentially dangerous network resource

Source

pub fn allow_start_tcp_clients(self) -> Networking

Allow starting new TCP clients.

§Security Notes

In some cases you can create the socket ahead of time, but that isn’t possible with e.g. reqwest, so we allow socket but not bind here.

Source

pub fn allow_running_tcp_clients(self) -> Networking

Allow a running TCP client to continue running. Does not allow socket or connect, preventing new sockets from being created.

This is technically the same as allow_running_tcp_servers.

Source

pub fn allow_start_unix_servers(self) -> YesReally<Networking>

Allow starting new Unix domain servers

§Security Notes

You probably don’t need to use this. In most cases you can just run your server and then use allow_running_unix_servers.

Source

pub fn allow_running_unix_servers(self) -> Networking

Allow a running Unix server to continue running. Does not allow socket or bind, preventing new sockets from being created.

Source

pub fn allow_running_unix_clients(self) -> Networking

Allow a running Unix socket client to continue running. Does not allow socket or connect, preventing new sockets from being created.

This is technically the same as allow_running_unix_servers.

Trait Implementations§

Source§

impl RuleSet for Networking

Source§

fn simple_rules(&self) -> Vec<Sysno>

A simple rule is a seccomp rule that just allows the syscall without restriction.
Source§

fn conditional_rules(&self) -> HashMap<Sysno, Vec<SeccompRule>>

A conditional rule is a seccomp rule that uses a condition to restrict the syscall, e.g. only specific flags as parameters.
Source§

fn name(&self) -> &'static str

The name of the profile.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.