SafetyContext

extrasafe_multiarch

Struct SafetyContext 

Source 
pub struct SafetyContext { /* private fields */ }
Expand description

A struct representing a set of rules to be loaded into a seccomp filter and applied to the current thread, or all threads in the current process.

Create with new(). Add RuleSets with enable(), and then use apply_to_current_thread() to apply the filters to the current thread, or apply_to_all_threads() to apply the filter to all threads in the process.

Implementations§

Source§

impl SafetyContext

Source

pub fn new() -> SafetyContext

Create a new SafetyContext. The seccomp filters will not be loaded until either apply_to_current_thread or apply_to_all_threads is called.

Source

pub fn with_errno(self, errno: u32) -> SafetyContext

Set the errno to the provided value when a syscall does not match one of the seccomp rules in this SafetyContext.

Source

pub fn enable<R: RuleSet>( self, policy: R, ) -> Result<SafetyContext, ExtraSafeError>

Enable the simple and conditional rules provided by the RuleSet.

§Errors

Will return ExtraSafeError::ConditionalNoEffectError if a conditional rule is enabled at the same time as a simple rule for a syscall, which would override the conditional rule.

Source

pub fn apply_to_current_thread(self) -> Result<(), ExtraSafeError>

Load the SafetyContext’s rules into a seccomp filter and apply the filter to the current thread.

If the landlock feature is enabled but no landlock rules are applied, landlock is not enabled, unless landlock_only() is called. To enable landlock but allow no file access, you can first apply a landlock_only() SafetyContext, and then apply a separate SafetyContext with your seccomp rules.

§Errors

May return an ExtraSafeError.

If no rulesets are enabled, returns an ExtraSafeError::NoRulesEnabled error. If you really want to enable “nothing”, try enabling the builtins::BasicCapabilities default ruleset manually, or create your own with e.g. just the exit syscall.

Source

pub fn apply_to_all_threads(self) -> Result<(), ExtraSafeError>

Load the SafetyContext’s rules into a seccomp filter and apply the filter to all threads in this process.

If the landlock feature is enabled but no landlock rules are applied, landlock is not enabled, unless landlock_only() is called. To enable landlock but allow no file access, you can first apply a landlock_only() SafetyContext, and then apply a separate SafetyContext with your seccomp rules.

§Errors

May return an ExtraSafeError.

If no rulesets are enabled, returns an ExtraSafeError::NoRulesEnabled error. If you really want to enable “nothing”, try enabling the builtins::BasicCapabilities default ruleset manually, or create your own with e.g. just the exit syscall.

Trait Implementations§

Source§

impl Debug for SafetyContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.