Struct SystemIO 

pub struct SystemIO { /* private fields */ }

A RuleSet representing syscalls that perform IO - open/close/read/write/seek/stat.

Configurable to allow subsets of IO syscalls and specific fds.

Implementations

impl SystemIO

pub fn nothing() -> SystemIO

By default, allow no IO syscalls.

pub fn everything() -> SystemIO

Allow all IO syscalls.

pub fn allow_read(self) -> SystemIO

Allow read syscalls.

pub fn allow_write(self) -> SystemIO

Allow write syscalls.

pub fn allow_unlink(self) -> SystemIO

Allow unlink syscalls.

pub fn allow_open(self) -> YesReally<SystemIO>

Allow open syscalls.

Security

The reason this function returns a YesReally is because it’s easy to accidentally combine it with another ruleset that allows write - for example the Network ruleset - even if you only want to read files. Consider using allow_open_directory() or allow_open_file().

pub fn allow_open_readonly(self) -> SystemIO

Allow open syscalls but not with write flags.

Note that the openat2 syscall (which is not exposed by glibc anyway according to the syscall manpage, and so probably isn’t very common) is not supported here because it has a separate configuration struct instead of a flag bitset.

pub fn allow_metadata(self) -> SystemIO

Allow stat syscalls.

pub fn allow_ioctl(self) -> SystemIO

Allow ioctl and fcntl syscalls.

pub fn allow_close(self) -> SystemIO

Allow close syscalls.

pub fn allow_stdin(self) -> SystemIO

Allow reading from stdin

pub fn allow_stdout(self) -> SystemIO

Allow writing to stdout

pub fn allow_stderr(self) -> SystemIO

Allow writing to stderr

pub fn allow_file_read(self, file: &File) -> SystemIO

Allow reading a given open File. Note that with just this function, you will not be able to close the file under this context.

Security considerations

If another file or socket is opened after the file provided to this function is closed, it’s possible that the fd will be reused and therefore may be read from.

pub fn allow_file_write(self, file: &File) -> SystemIO

Allow writing to a given open File. Note that with just this, you will not be able to close the file under this context.

Security considerations

If another file or socket is opened after the file provided to this function is closed, it’s possible that the fd will be reused and therefore may be written to.

Trait Implementations

impl RuleSet for SystemIO

fn simple_rules(&self) -> Vec<Sysno>

A simple rule is a seccomp rule that just allows the syscall without restriction.

fn conditional_rules(&self) -> HashMap<Sysno, Vec<SeccompRule>>

A conditional rule is a seccomp rule that uses a condition to restrict the syscall, e.g. only specific flags as parameters.

fn name(&self) -> &'static str

The name of the profile.