[][src]Crate illumos_priv

illumos implements a set of privileges that provide fine-grained control over the actions of processes. The possession of a certain privilege allows a process to perform a specific set of restricted operations.

This crate provides a safe wrapper around this interface and lets you add/remove/replace a privilege set for a process or its off-spring.

Example:

use illumos_priv::{PrivOp, PrivPtype, PrivSet, Privilege};

fn main() {

    // Get a new basic PrivSet.
    let set = PrivSet::new_basic().unwrap();

    // Remove the ability to fork(2) from the set.
    let _ = set
        .delset(Privilege::ProcFork)
        .expect("failed to delete from set");

    // Replace the effective privilege set with the new one
    illumos_priv::setppriv(PrivOp::Set, PrivPtype::Effective, &set).unwrap();
}

Structs

PrivSet

An illumos privilege set that allows one to add/remove or complete replace a set of privileges for a process. When PrivSet is dropped, its backing memory is freed.

Enums

PrivOp

See GETPPRIV(2) for more in depth documentation.

PrivPtype

See GETPPRIV(2) for more in depth documentation.

Privilege

Mapping to the various illumos PRIVILEGES(5).

Functions

getppriv

Gets the process privilege set for the given PrivPtype.

setppriv

Sets or changes the processes privilege set.