Expand description
Raw FFI bindings for libseccomp library
Structs§
- scmp_
arg_ cmp - Argument / Value comparison definition
- scmp_
version - version information
- seccomp_
data - seccomp_
notif - seccomp_
notif_ addfd - seccomp_
notif_ resp - seccomp_
notif_ sizes
Enums§
- scmp_
compare - Comparison operators
- scmp_
filter_ attr - Filter attributes
Constants§
- SCMP_
ACT_ ALLOW - Allow the syscall to be executed
- SCMP_
ACT_ ERRNO_ MASK - SCMP_
ACT_ KILL - Kill the thread, defined for backward compatibility
- SCMP_
ACT_ KILL_ PROCESS - Kill the process
- SCMP_
ACT_ KILL_ THREAD - Kill the thread
- SCMP_
ACT_ LOG - Allow the syscall to be executed after the action has been logged
- SCMP_
ACT_ MASK - SCMP_
ACT_ NOTIFY - Notifies userspace
- SCMP_
ACT_ TRACE_ MASK - SCMP_
ACT_ TRAP - Throw a
SIGSYSsignal - SCMP_
ARCH_ AARC H64 - SCMP_
ARCH_ ARM - SCMP_
ARCH_ LOONGARC H64 - SCMP_
ARCH_ M68K - SCMP_
ARCH_ MIPS - SCMP_
ARCH_ MIPS64 - SCMP_
ARCH_ MIPS64 N32 - SCMP_
ARCH_ MIPSEL - SCMP_
ARCH_ MIPSE L64 - SCMP_
ARCH_ MIPSE L64N32 - SCMP_
ARCH_ NATIVE - The native architecture token
- SCMP_
ARCH_ PARISC - SCMP_
ARCH_ PARIS C64 - SCMP_
ARCH_ PPC - SCMP_
ARCH_ PPC64 - SCMP_
ARCH_ PPC64LE - SCMP_
ARCH_ RISC V64 - SCMP_
ARCH_ S390 - SCMP_
ARCH_ S390X - SCMP_
ARCH_ SH - SCMP_
ARCH_ SHEB - SCMP_
ARCH_ X32 - The x32 (32-bit x86_64) architecture token
- SCMP_
ARCH_ X86 - The x86 (32-bit) architecture token
- SCMP_
ARCH_ X86_ 64 - The x86-64 (64-bit) architecture token
- SECCOMP_
ADDFD_ FLAG_ SEND - SECCOMP_
ADDFD_ FLAG_ SETFD - SECCOMP_
FILTER_ FLAG_ LOG - SECCOMP_
FILTER_ FLAG_ NEW_ LISTENER - SECCOMP_
FILTER_ FLAG_ SPEC_ ALLOW - SECCOMP_
FILTER_ FLAG_ TSYNC - SECCOMP_
FILTER_ FLAG_ TSYNC_ ESRCH - SECCOMP_
GET_ ACTION_ AVAIL - SECCOMP_
GET_ NOTIF_ SIZES - SECCOMP_
MODE_ DISABLED - SECCOMP_
MODE_ FILTER - SECCOMP_
MODE_ STRICT - SECCOMP_
RET_ ACTION - SECCOMP_
RET_ ACTION_ FULL - SECCOMP_
RET_ ALLOW - SECCOMP_
RET_ DATA - SECCOMP_
RET_ ERRNO - SECCOMP_
RET_ KILL - SECCOMP_
RET_ KILL_ PROCESS - SECCOMP_
RET_ KILL_ THREAD - SECCOMP_
RET_ LOG - SECCOMP_
RET_ TRACE - SECCOMP_
RET_ TRAP - SECCOMP_
RET_ USER_ NOTIF - SECCOMP_
SET_ MODE_ FILTER - SECCOMP_
SET_ MODE_ STRICT - SECCOMP_
USER_ NOTIF_ FLAG_ CONTINUE - Tell the kernel to execute the target’s system call
- __
NR_ SCMP_ ERROR - Negative pseudo syscall number returned by some functions in case of an error
- __
NR_ SCMP_ UNDEF
Functions§
- SCMP_
ACT_ ERRNO - Return the specified error code
- SCMP_
ACT_ TRACE - Notify a tracing process with the specified value
- seccomp_
api_ ⚠get - Query the library’s level of API support
- seccomp_
api_ ⚠set - Set the library’s level of API support
- seccomp_
arch_ ⚠add - Adds an architecture to the filter
- seccomp_
arch_ ⚠exist - Check to see if an existing architecture is present in the filter
- seccomp_
arch_ ⚠native - Return the native architecture token
- seccomp_
arch_ ⚠remove - Removes an architecture from the filter
- seccomp_
arch_ ⚠resolve_ name - Resolve the architecture name to a architecture token
- seccomp_
attr_ ⚠get - Set the value of a filter attribute
- seccomp_
attr_ ⚠set - Set the value of a filter attribute
- seccomp_
export_ ⚠bpf - Generate seccomp Berkeley Packet Filter (BPF) code and export it to a file
- seccomp_
export_ ⚠bpf_ mem - Generate seccomp Berkeley Packet Filter (BPF) code and export it to a buffer
- seccomp_
export_ ⚠pfc - Generate seccomp Pseudo Filter Code (PFC) and export it to a file
- seccomp_
init ⚠ - Initialize the filter state
- seccomp_
load ⚠ - Loads the filter into the kernel
- seccomp_
merge ⚠ - Merge two filters
- seccomp_
notify_ ⚠alloc - Allocate a pair of notification request/response structures
- seccomp_
notify_ ⚠fd - Return the notification fd from a filter that has already been loaded
- seccomp_
notify_ ⚠free - Free a pair of notification request/response structures.
- seccomp_
notify_ ⚠id_ valid - Check if a notification id is still valid
- seccomp_
notify_ ⚠receive - Send a notification response to a seccomp notification fd
- seccomp_
notify_ ⚠respond - Check if a notification id is still valid
- seccomp_
precompute ⚠ - Precompute the seccomp filter for future use
- seccomp_
release ⚠ - Destroys the filter state and releases any resources
- seccomp_
reset ⚠ - Reset the filter state
- seccomp_
rule_ ⚠add - Add a new rule to the filter
- seccomp_
rule_ ⚠add_ array - Add a new rule to the filter
- seccomp_
rule_ ⚠add_ exact - Add a new rule to the filter
- seccomp_
rule_ ⚠add_ exact_ array - Add a new rule to the filter
- seccomp_
syscall_ ⚠priority - Set the priority of a given syscall
- seccomp_
syscall_ ⚠resolve_ name - Resolve a syscall name to a number
- seccomp_
syscall_ ⚠resolve_ name_ arch - Resolve a syscall name to a number
- seccomp_
syscall_ ⚠resolve_ name_ rewrite - Resolve a syscall name to a number and perform any rewriting necessary
- seccomp_
syscall_ ⚠resolve_ num_ arch - Resolve a syscall number to a name
- seccomp_
transaction_ ⚠commit - Commit a transaction started by
seccomp_transaction_start - seccomp_
transaction_ ⚠reject - Reject a transaction started by
seccomp_transaction_start - seccomp_
transaction_ ⚠start - Start a new seccomp filter transaction
- seccomp_
version ⚠ - Query the library version information
Type Aliases§
- const_
scmp_ filter_ ctx - Filter context/handle (
*const) - scmp_
datum_ t - Argument datum
- scmp_
filter_ ctx - Filter context/handle (
*mut)