Struct Filter

Source
pub struct Filter { /* private fields */ }
Expand description

Represents a syscall filter.

Implementations§

Source§

impl Filter

Source

pub fn new(def_action: Action) -> Result<Self>

Create a new seccomp filter with the given default action.

Source

pub fn reset(&mut self, def_action: Action) -> Result<()>

Re-initialize this seccomp filter with the given default action.

Source

pub fn merge(&mut self, other: Self) -> Result<()>

Merge another seccomp filter into this one.

See seccomp_merge(3) for more details.

Source

pub fn load(&mut self) -> Result<()>

Load the syscall filter rules into the kernel.

Source

pub fn export_bpf(&self, fd: RawFd) -> Result<()>

Export this filter as BPF (Berkeley Packet Filter) code to the file with the specified file descriptor.

See seccomp_export_bpf(3) for more details.

Source

pub fn export_pfc(&self, fd: RawFd) -> Result<()>

Export this filter as PFC (Pseudo Filter Code) code to the file with the specified file descriptor.

See seccomp_export_pfc(3) for more details.

Source

pub fn add_arch(&mut self, arch: Arch) -> Result<()>

Add the given architecture to the filter,

See seccomp_arch_add(3) for details.

Source

pub fn remove_arch(&mut self, arch: Arch) -> Result<()>

Remove the given architecture from the filter,

See seccomp_arch_remove(3) for details.

Source

pub fn has_arch(&self, arch: Arch) -> Result<bool>

Check if the given architecture has been added to the filter.

See seccomp_arch_exist(3) for details.

Source

pub fn syscall_priority(&mut self, syscall: c_int, priority: u8) -> Result<()>

Prioritize the given syscall in this filter.

This provides a hint to the seccomp filter generator that the given syscall should be prioritized and placed earlier in the filter code. Higher priority values represent higher priorities.

See seccomp_syscall_priority(3) for details.

Source

pub fn add_rule( &mut self, action: Action, syscall: c_int, args: &[Arg], ) -> Result<()>

Add a new rule to this filter.

action specifies the action to take if the filter matches, syscall specifies the system call number which should be matched against, and args is a list of syscall argument comparisons to use to match the syscall’s arguments.

This function may alter the rule slightly depending on architecture-specific semantics. To add the rule with no changes, see add_rule_exact().

Source

pub fn add_rule_exact( &mut self, action: Action, syscall: c_int, args: &[Arg], ) -> Result<()>

Add a new rule to this filter, without any per-architecture modifications.

Other than the lack of per-architecture modifications, this is exactly equivalent to add_rule().

Source

pub fn get_default_action(&self) -> Result<Action>

Get the default filter action (as set when the filter was created or reset).

Source

pub fn get_badarch_action(&self) -> Result<Action>

Get the action taken when the loaded filter does not match the application’s architecture (defaults to KillThread).

Source

pub fn set_badarch_action(&mut self, act: Action) -> Result<()>

Set the action taken when the loaded filter does not match the application’s architecture.

Source

pub fn get_flag(&self, flag: Flag) -> Result<bool>

Get the value of the given flag in this filter.

See Flag for more details.

Source

pub fn set_flag(&mut self, flag: Flag, val: bool) -> Result<()>

Set the value of the given flag in this filter.

See Flag for more details.

Source

pub fn get_optimize_level(&self) -> Result<u32>

Get the current optimization level of the filter.

See seccomp_attr_get(3) for more information.

Note: This only works on libseccomp v2.5.0+.

Source

pub fn set_optimize_level(&mut self, level: u32) -> Result<()>

Set the optimization level of the filter.

See seccomp_attr_get(3) for more information.

Note: This only works on libseccomp v2.5.0+.

Source

pub fn get_notify_fd(&self) -> Result<RawFd>

Available on crate feature libseccomp-2-5 only.

Get the notification file descriptor of the filter after it has been loaded.

Source

pub fn receive_notify(&self) -> Result<Notification>

Available on crate feature libseccomp-2-5 only.

Receive a seccomp notification from the notification file descriptor of this filter.

Source

pub fn respond_notify(&self, response: &mut NotificationResponse) -> Result<()>

Available on crate feature libseccomp-2-5 only.

Send a seccomp notification response along the notification file descriptor of this filter.

Trait Implementations§

Source§

impl Debug for Filter

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for Filter

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more

Auto Trait Implementations§

§

impl Freeze for Filter

§

impl RefUnwindSafe for Filter

§

impl !Send for Filter

§

impl !Sync for Filter

§

impl Unpin for Filter

§

impl UnwindSafe for Filter

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.