Struct libseccomp_rs::Seccomp

pub struct Seccomp { /* fields omitted */ }

Methods

impl Seccomp

pub fn init(act: c_uint) -> Self

initialize the seccomp and set the context into the struct

pub fn load(self) -> Result<c_int, String>

load seccomp to kernel

pub fn add_arch(&self, arch_token: c_uint) -> Result<c_int, String>

add an architecture

pub fn remove_arch(&self, arch_token: c_uint) -> Result<c_int, String>

remove an architecture

pub fn get_attr(
    ctx: *const SCMP_FILTER_CTX,
    attr: SCMP_FILTER_ATTR,
    value: *mut c_uint
) -> Result<*mut c_uint, String>

pub fn set_attr(
    &self,
    attr: SCMP_FILTER_ATTR,
    value: c_uint
) -> Result<c_int, String>

pub fn add_exact_rule(
    &self,
    action: c_uint,
    syscall: c_int,
    arg_cnt: c_uint,
    arg: SCMP_ARG_CMP
) -> Result<c_int, String>

pub fn add_exact_rules(
    &self,
    action: c_uint,
    syscall: c_int,
    arg_cnt: c_uint,
    arg_array: Vec<SCMP_ARG_CMP>
) -> Result<c_int, String>

pub fn add_rule(
    &self,
    action: c_uint,
    syscall: c_int,
    arg_cnt: c_uint,
    arg: SCMP_ARG_CMP
) -> Result<c_int, String>

adding rule to seccomp before the seccomp loaded to kernel

pub fn add_rules(
    &self,
    action: c_uint,
    syscall: c_int,
    arg_cnt: c_uint,
    arg_array: Vec<SCMP_ARG_CMP>
) -> Result<c_int, String>

adding rules(vector) to seccomp before the seccomp loaded to kernel

pub fn export_bpf(
    ctx: *const SCMP_FILTER_CTX,
    fd: c_int
) -> Result<c_int, String>

pub fn export_pfc(
    ctx: *const SCMP_FILTER_CTX,
    fd: c_int
) -> Result<c_int, String>

pub fn resolve_syscall_name(name: &str) -> i32

if you are using arm/aarch64 you could use this instead of SCMP_SYS

pub fn syscall_priority(
    &self,
    syscall: c_int,
    priority: u8
) -> Result<c_int, String>

pub fn reset(&self, def_action: c_uint) -> Result<c_int, String>

reset the seccomp

pub fn release(ctx: *mut SCMP_FILTER_CTX)

release the seccomp from kernel