Struct libseccomp::ScmpFilterContext [−][src]
pub struct ScmpFilterContext { /* fields omitted */ }
Expand description
ScmpFilterContext represents a filter context in libseccomp.
Implementations
impl ScmpFilterContext
[src]
impl ScmpFilterContext
[src]pub fn new_filter(default_action: ScmpAction) -> Result<ScmpFilterContext>
[src]
pub fn new_filter(default_action: ScmpAction) -> Result<ScmpFilterContext>
[src]new_filter creates and returns a new filter context.
Accepts a default action to be taken for syscalls which match no rules in the filter. Returns a reference to a valid filter context, or an error if the filter context could not be created or an invalid default action was given.
pub fn merge(&mut self, src: Self) -> Result<()>
[src]
pub fn merge(&mut self, src: Self) -> Result<()>
[src]merge merges two filters. In order to merge two seccomp filters, both filters must have the same attribute values and no overlapping architectures. If successful, the src seccomp filter is released and all internal memory associated with the filter is freed.
Accepts a seccomp filter in src that will be merged into the filter this is called on. Returns an error if merging the filters failed.
pub fn is_arch_present(&self, arch: ScmpArch) -> Result<bool>
[src]
pub fn is_arch_present(&self, arch: ScmpArch) -> Result<bool>
[src]is_arch_present checks if an architecture is present in a filter.
If a filter contains an architecture, it uses its default action for syscalls which do not match rules in it, and its rules can match syscalls for that ABI. If a filter does not contain an architecture, all syscalls made to that kernel ABI will fail with the filter’s default Bad Architecture Action (by default, killing the proc). Accepts an architecture constant. Returns true if the architecture is present in the filter, false otherwise, and an error on an invalid filter context, architecture constant, or an issue with the call to libseccomp
pub fn add_arch(&mut self, arch: ScmpArch) -> Result<()>
[src]
pub fn add_arch(&mut self, arch: ScmpArch) -> Result<()>
[src]add_arch adds an architecture to the filter.
Accepts an architecture constant. Returns an architecture token, or an error with the call to libseccomp.
pub fn remove_arch(&mut self, arch: ScmpArch) -> Result<()>
[src]
pub fn remove_arch(&mut self, arch: ScmpArch) -> Result<()>
[src]remove_arch removes an architecture from the filter.
Accepts an architecture constant. Returns an error on invalid filter context or architecture token, or an issue with the call to libseccomp.
pub fn add_rule(
&mut self,
action: ScmpAction,
syscall: i32,
comparators: Option<&[ScmpArgCompare]>
) -> Result<()>
[src]
pub fn add_rule(
&mut self,
action: ScmpAction,
syscall: i32,
comparators: Option<&[ScmpArgCompare]>
) -> Result<()>
[src]add_rule adds a single rule for an unconditional or conditional action on a syscall.
Accepts the number of the syscall the action and the conditions to be taken on the call being made. If the compartors is None, the function adds a single rule for an unconditional action. Returns an error if an issue was encountered adding the rule.
pub fn load(&self) -> Result<()>
[src]
pub fn load(&self) -> Result<()>
[src]load loads a filter context into the kernel.
Returns an error if the filter context is invalid or the syscall failed.
pub fn get_filter_attr(&self, attr: ScmpFilterAttr) -> Result<u32>
[src]
pub fn get_filter_attr(&self, attr: ScmpFilterAttr) -> Result<u32>
[src]get_filter_attr gets a raw filter attribute
pub fn set_filter_attr(&self, attr: ScmpFilterAttr, value: u32) -> Result<()>
[src]
pub fn set_filter_attr(&self, attr: ScmpFilterAttr, value: u32) -> Result<()>
[src]set_filter_attr sets a raw filter attribute
pub fn set_no_new_privs_bit(&self, state: bool) -> Result<()>
[src]
pub fn set_no_new_privs_bit(&self, state: bool) -> Result<()>
[src]set_no_new_privs_bit sets the state of the No New Privileges bit, which will be applied on filter load, or an error if an issue was encountered setting the value. Filters with No New Privileges set to 0 can only be loaded if the process has the CAP_SYS_ADMIN capability.
pub fn export_pfc(&self, fd: File) -> Result<()>
[src]
pub fn export_pfc(&self, fd: File) -> Result<()>
[src]export_pfc outputs PFC-formatted, human-readable dump of a filter context’s rules to a file.
Accepts file to write to (must be open for writing). Returns an error if writing to the file fails.
pub fn export_bpf(&self, fd: File) -> Result<()>
[src]
pub fn export_bpf(&self, fd: File) -> Result<()>
[src]export_bpf outputs Berkeley Packet Filter-formatted, kernel-readable dump of a filter context’s rules to a file.
Accepts file to write to (must be open for writing). Returns an error if writing to the file fails.
pub fn reset(&mut self, action: ScmpAction) -> Result<()>
[src]
pub fn reset(&mut self, action: ScmpAction) -> Result<()>
[src]reset resets a filter context, removing all its existing state.
Accepts a new default action to be taken for syscalls which do not match. Returns an error if the filter or action provided are invalid.
Trait Implementations
impl Clone for ScmpFilterContext
[src]
impl Clone for ScmpFilterContext
[src]fn clone(&self) -> ScmpFilterContext
[src]
fn clone(&self) -> ScmpFilterContext
[src]Returns a copy of the value. Read more
fn clone_from(&mut self, source: &Self)
1.0.0[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]Performs copy-assignment from source
. Read more
impl Debug for ScmpFilterContext
[src]
impl Debug for ScmpFilterContext
[src]impl Drop for ScmpFilterContext
[src]
impl Drop for ScmpFilterContext
[src]Auto Trait Implementations
impl RefUnwindSafe for ScmpFilterContext
impl !Send for ScmpFilterContext
impl !Sync for ScmpFilterContext
impl Unpin for ScmpFilterContext
impl UnwindSafe for ScmpFilterContext
Blanket Implementations
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]pub fn borrow_mut(&mut self) -> &mut T
[src]
pub fn borrow_mut(&mut self) -> &mut T
[src]Mutably borrows from an owned value. Read more
impl<T> ToOwned for T where
T: Clone,
[src]
impl<T> ToOwned for T where
T: Clone,
[src]type Owned = T
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn to_owned(&self) -> T
[src]Creates owned data from borrowed data, usually by cloning. Read more
pub fn clone_into(&self, target: &mut T)
[src]
pub fn clone_into(&self, target: &mut T)
[src]🔬 This is a nightly-only experimental API. (toowned_clone_into
)
recently added
Uses borrowed data to replace owned data, usually by cloning. Read more