[−][src]Struct libscmp::Filter
Represents a syscall filter.
Implementations
impl Filter
[src]
pub fn new(def_action: Action) -> Result<Self>
[src]
Create a new seccomp filter with the given default action.
pub fn reset(&mut self, def_action: Action) -> Result<()>
[src]
Re-initialize this seccomp filter with the given default action.
pub fn merge(&mut self, other: Self) -> Result<()>
[src]
Merge another seccomp filter into this one.
See seccomp_merge(3) for more details.
pub fn load(&mut self) -> Result<()>
[src]
Load the syscall filter rules into the kernel.
pub fn export_bpf(&self, fd: RawFd) -> Result<()>
[src]
Export this filter as BPF (Berkeley Packet Filter) code to the file with the specified file descriptor.
See seccomp_export_bpf(3) for more details.
pub fn export_pfc(&self, fd: RawFd) -> Result<()>
[src]
Export this filter as PFC (Pseudo Filter Code) code to the file with the specified file descriptor.
See seccomp_export_pfc(3) for more details.
pub fn add_arch(&mut self, arch: Arch) -> Result<()>
[src]
Add the given architecture to the filter,
See seccomp_arch_add(3) for details.
pub fn remove_arch(&mut self, arch: Arch) -> Result<()>
[src]
Remove the given architecture from the filter,
See seccomp_arch_remove(3) for details.
pub fn has_arch(&self, arch: Arch) -> Result<bool>
[src]
Check if the given architecture has been added to the filter.
See seccomp_arch_exist(3) for details.
pub fn syscall_priority(&mut self, syscall: c_int, priority: u8) -> Result<()>
[src]
Prioritize the given syscall in this filter.
This provides a hint to the seccomp filter generator that the given syscall should be
prioritized and placed earlier in the filter code. Higher priority
values represent
higher priorities.
See seccomp_syscall_priority(3) for details.
pub fn add_rule(
&mut self,
action: Action,
syscall: c_int,
args: &[Arg]
) -> Result<()>
[src]
&mut self,
action: Action,
syscall: c_int,
args: &[Arg]
) -> Result<()>
Add a new rule to this filter.
action
specifies the action to take if the filter matches, syscall
specifies the system
call number which should be matched against, and args
is a list of syscall argument
comparisons to use to match the syscall's arguments.
This function may alter the rule slightly depending on architecture-specific semantics. To add the
rule with no changes, see add_rule_exact()
.
pub fn add_rule_exact(
&mut self,
action: Action,
syscall: c_int,
args: &[Arg]
) -> Result<()>
[src]
&mut self,
action: Action,
syscall: c_int,
args: &[Arg]
) -> Result<()>
Add a new rule to this filter, without any per-architecture modifications.
Other than the lack of per-architecture modifications, this is exactly equivalent to
add_rule()
.
pub fn get_default_action(&mut self) -> Result<Action>
[src]
Get the default filter action (as set when the filter was created or reset).
pub fn get_badarch_action(&mut self) -> Result<Action>
[src]
Get the action taken when the loaded filter does not match the application's architecture
(defaults to KillThread
).
pub fn set_badarch_action(&mut self, act: Action) -> Result<()>
[src]
Set the action taken when the loaded filter does not match the application's architecture.
pub fn get_flag(&mut self, flag: Flag) -> Result<bool>
[src]
Get the value of the given flag in this filter.
See Flag
for more details.
pub fn set_flag(&mut self, flag: Flag, val: bool) -> Result<()>
[src]
Set the value of the given flag in this filter.
See Flag
for more details.
pub fn get_optimize_level(&mut self) -> Result<u32>
[src]
Get the current optimization level of the filter.
See seccomp_attr_get(3) for more information.
Note: This only works on libseccomp v2.5.0+.
pub fn set_optimize_level(&mut self, level: u32) -> Result<()>
[src]
Set the optimization level of the filter.
See seccomp_attr_get(3) for more information.
Note: This only works on libseccomp v2.5.0+.
Trait Implementations
Auto Trait Implementations
impl RefUnwindSafe for Filter
impl !Send for Filter
impl !Sync for Filter
impl Unpin for Filter
impl UnwindSafe for Filter
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,