Struct extrasafe::builtins::systemio::SystemIO

source · [−]

pub struct SystemIO { /* private fields */ }

Expand description

A RuleSet representing syscalls that perform IO - open/close/read/write/seek/stat.

Configurable to allow subsets of IO syscalls and specific fds.

Implementations

source

impl SystemIO

source

pub fn everything() -> SystemIO

Allow all IO syscalls.

source

pub fn allow_read(self) -> SystemIO

Allow read syscalls.

source

pub fn allow_write(self) -> SystemIO

Allow write syscalls.

source

pub fn allow_open(self) -> YesReally<SystemIO>

Allow open syscalls.

The reason this function returns a YesReally is because it’s easy to accidentally combine it with another ruleset that allows write - for example the Network ruleset - even if you only want to read files.

source

pub fn allow_open_readonly(self) -> SystemIO

Allow open syscalls but not with write flags.

Note that the openat2 syscall (which is not exposed by glibc anyway according to the syscall manpage, and so probably isn’t very common) is not supported here because it has a separate configuration struct instead of a flag bitset.

source

pub fn allow_metadata(self) -> SystemIO

Allow stat syscalls.

source

pub fn allow_ioctl(self) -> SystemIO

Allow ioctl and fcntl syscalls.

source

pub fn allow_close(self) -> SystemIO

Allow close syscalls.

source

pub fn allow_stdin(self) -> SystemIO

Allow reading from stdin

source

pub fn allow_stdout(self) -> SystemIO

Allow writing to stdout

source

pub fn allow_stderr(self) -> SystemIO

Allow writing to stderr

source

pub fn allow_file_read(self, file: &File) -> SystemIO

Allow reading a given open File. Note that with just this function, you will not be able to close the file under this context.

Security considerations

If another file or socket is opened after the file provided to this function is closed, it’s possible that the fd will be reused and therefore may be read from.

source

pub fn allow_file_write(self, file: &File) -> SystemIO

Allow writing to a given open File. Note that with just this, you will not be able to close the file under this context.

Security considerations

If another file or socket is opened after the file provided to this function is closed, it’s possible that the fd will be reused and therefore may be written to.