Struct SeccompArgumentFilter 

pub struct SeccompArgumentFilter {
    pub arg_idx: u8,
    pub value: u64,
    pub is_64bit: bool,
    /* private fields */
}

A restriction on the arguments of a syscall. May be combined with other SeccompArgumentFilter as part of a single SeccompRule, in which case they are and-ed together and must all return true for the syscall to be allowed.

Because some syscalls take 32 bit arguments which may or may not be sign-extended to 64 bits when passed to the linux kernel, there is an option to indicate whether the argument is 32 or 64 bits. It shouldn’t need to be used frequently. See https://github.com/rust-vmm/seccompiler/issues/59 for more details

Examples

// if syscall (specified elsewhere) is `read`, allow reading from stdin
seccomp_arg_filter!(arg0 == 1);
// if syscall is `socket`, allow IPV4 sockets only
seccomp_arg_filter!(arg0 & AF_INET == AF_INET);
// if syscall is `socket`, allow TCP sockets only
seccomp_arg_filter!(arg0 & SOCK_STREAM == SOCK_STREAM);

You should use the seccomp_arg_filter! macros to create these.

Fields

arg_idx: u8

Which syscall argument to filter. Starts at 0 for the first argument.

value: u64

The user-provided value to compare the argument against.

is_64bit: bool

Whether the argument is 64 bits or 32 bits. See the docstring for why this is needed.

Implementations

impl SeccompArgumentFilter

pub fn new( arg_idx: u8, comparator: SeccompilerComparator, value: u64, ) -> SeccompArgumentFilter

Create a new SeccompArgumentFilter. You should probably use the seccomp_arg_filter! instead.

pub fn new64( arg_idx: u8, comparator: SeccompilerComparator, value: u64, ) -> SeccompArgumentFilter

Create a new SeccompArgumentFilter that checks all 64 bits of the provided argument. You should probably use the seccomp_arg_filter! instead.

pub fn new32( arg_idx: u8, comparator: SeccompilerComparator, value: u32, ) -> SeccompArgumentFilter

Create a new SeccompArgumentFilter that checks 32 bits of the provided argument. You should probably use the seccomp_arg_filter! instead. See the struct’s documentation for why this is needed.

Trait Implementations

impl Clone for SeccompArgumentFilter

fn clone(&self) -> SeccompArgumentFilter

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SeccompArgumentFilter

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for SeccompArgumentFilter

fn eq(&self, other: &SeccompArgumentFilter) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl StructuralPartialEq for SeccompArgumentFilter