pub struct Filter { /* private fields */ }
Expand description
Represents a syscall filter.
Implementations§
Source§impl Filter
impl Filter
Sourcepub fn new(def_action: Action) -> Result<Self>
pub fn new(def_action: Action) -> Result<Self>
Create a new seccomp filter with the given default action.
Sourcepub fn reset(&mut self, def_action: Action) -> Result<()>
pub fn reset(&mut self, def_action: Action) -> Result<()>
Re-initialize this seccomp filter with the given default action.
Sourcepub fn merge(&mut self, other: Self) -> Result<()>
pub fn merge(&mut self, other: Self) -> Result<()>
Merge another seccomp filter into this one.
See seccomp_merge(3) for more details.
Sourcepub fn export_bpf(&self, fd: RawFd) -> Result<()>
pub fn export_bpf(&self, fd: RawFd) -> Result<()>
Export this filter as BPF (Berkeley Packet Filter) code to the file with the specified file descriptor.
See seccomp_export_bpf(3) for more details.
Sourcepub fn export_pfc(&self, fd: RawFd) -> Result<()>
pub fn export_pfc(&self, fd: RawFd) -> Result<()>
Export this filter as PFC (Pseudo Filter Code) code to the file with the specified file descriptor.
See seccomp_export_pfc(3) for more details.
Sourcepub fn add_arch(&mut self, arch: Arch) -> Result<()>
pub fn add_arch(&mut self, arch: Arch) -> Result<()>
Add the given architecture to the filter,
See seccomp_arch_add(3) for details.
Sourcepub fn remove_arch(&mut self, arch: Arch) -> Result<()>
pub fn remove_arch(&mut self, arch: Arch) -> Result<()>
Remove the given architecture from the filter,
See seccomp_arch_remove(3) for details.
Sourcepub fn has_arch(&self, arch: Arch) -> Result<bool>
pub fn has_arch(&self, arch: Arch) -> Result<bool>
Check if the given architecture has been added to the filter.
See seccomp_arch_exist(3) for details.
Sourcepub fn syscall_priority(&mut self, syscall: c_int, priority: u8) -> Result<()>
pub fn syscall_priority(&mut self, syscall: c_int, priority: u8) -> Result<()>
Prioritize the given syscall in this filter.
This provides a hint to the seccomp filter generator that the given syscall should be
prioritized and placed earlier in the filter code. Higher priority
values represent
higher priorities.
See seccomp_syscall_priority(3) for details.
Sourcepub fn add_rule(
&mut self,
action: Action,
syscall: c_int,
args: &[Arg],
) -> Result<()>
pub fn add_rule( &mut self, action: Action, syscall: c_int, args: &[Arg], ) -> Result<()>
Add a new rule to this filter.
action
specifies the action to take if the filter matches, syscall
specifies the system
call number which should be matched against, and args
is a list of syscall argument
comparisons to use to match the syscall’s arguments.
This function may alter the rule slightly depending on architecture-specific semantics. To add the
rule with no changes, see add_rule_exact()
.
Sourcepub fn add_rule_exact(
&mut self,
action: Action,
syscall: c_int,
args: &[Arg],
) -> Result<()>
pub fn add_rule_exact( &mut self, action: Action, syscall: c_int, args: &[Arg], ) -> Result<()>
Add a new rule to this filter, without any per-architecture modifications.
Other than the lack of per-architecture modifications, this is exactly equivalent to
add_rule()
.
Sourcepub fn get_default_action(&self) -> Result<Action>
pub fn get_default_action(&self) -> Result<Action>
Get the default filter action (as set when the filter was created or reset).
Sourcepub fn get_badarch_action(&self) -> Result<Action>
pub fn get_badarch_action(&self) -> Result<Action>
Get the action taken when the loaded filter does not match the application’s architecture
(defaults to KillThread
).
Sourcepub fn set_badarch_action(&mut self, act: Action) -> Result<()>
pub fn set_badarch_action(&mut self, act: Action) -> Result<()>
Set the action taken when the loaded filter does not match the application’s architecture.
Sourcepub fn get_flag(&self, flag: Flag) -> Result<bool>
pub fn get_flag(&self, flag: Flag) -> Result<bool>
Get the value of the given flag in this filter.
See Flag
for more details.
Sourcepub fn set_flag(&mut self, flag: Flag, val: bool) -> Result<()>
pub fn set_flag(&mut self, flag: Flag, val: bool) -> Result<()>
Set the value of the given flag in this filter.
See Flag
for more details.
Sourcepub fn get_optimize_level(&self) -> Result<u32>
pub fn get_optimize_level(&self) -> Result<u32>
Get the current optimization level of the filter.
See seccomp_attr_get(3) for more information.
Note: This only works on libseccomp v2.5.0+.
Sourcepub fn set_optimize_level(&mut self, level: u32) -> Result<()>
pub fn set_optimize_level(&mut self, level: u32) -> Result<()>
Set the optimization level of the filter.
See seccomp_attr_get(3) for more information.
Note: This only works on libseccomp v2.5.0+.
Sourcepub fn get_notify_fd(&self) -> Result<RawFd>
Available on crate feature libseccomp-2-5
only.
pub fn get_notify_fd(&self) -> Result<RawFd>
libseccomp-2-5
only.Get the notification file descriptor of the filter after it has been loaded.
Sourcepub fn receive_notify(&self) -> Result<Notification>
Available on crate feature libseccomp-2-5
only.
pub fn receive_notify(&self) -> Result<Notification>
libseccomp-2-5
only.Receive a seccomp notification from the notification file descriptor of this filter.
Sourcepub fn respond_notify(&self, response: &mut NotificationResponse) -> Result<()>
Available on crate feature libseccomp-2-5
only.
pub fn respond_notify(&self, response: &mut NotificationResponse) -> Result<()>
libseccomp-2-5
only.Send a seccomp notification response along the notification file descriptor of this filter.