1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

// SPDX-License-Identifier: Apache-2.0 or MIT
//
// Copyright 2021 Sony Group Corporation
//

//! Rust Language Bindings for the libseccomp Library
//!
//! The libseccomp library provides an easy to use, platform independent, interface to
//! the Linux Kernel's syscall filtering mechanism. The libseccomp API is designed to
//! abstract away the underlying BPF based syscall filter language and present a more
//! conventional function-call based filtering interface that should be familiar to, and
//! easily adopted by, application developers.
//!
//! The libseccomp crate is a high-level safe API for the libseccomp library.
//!
//! # Examples
//!
//! ```rust
//! use libseccomp::*;
//!
//! fn main() -> Result<(), Box<dyn std::error::Error>> {
//!     let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
//!     let syscall = ScmpSyscall::from_name("getuid")?;
//!
//!     filter.add_arch(ScmpArch::X8664)?;
//!     filter.add_rule(ScmpAction::Errno(1), syscall)?;
//!     filter.load()?;
//!
//!     Ok(())
//! }
//! ```

//! ```rust
//! use libseccomp::*;
//!
//! fn main() -> Result<(), Box<dyn std::error::Error>> {
//!     let mut filter = ScmpFilterContext::new_filter(ScmpAction::Allow)?;
//!     let syscall = ScmpSyscall::from_name("dup3")?;
//!     let cmp = ScmpArgCompare::new(0, ScmpCompareOp::Equal, 1);
//!
//!     filter.add_arch(ScmpArch::X8664)?;
//!     filter.add_rule_conditional(ScmpAction::Errno(libc::EPERM), syscall, &[cmp])?;
//!     filter.load()?;
//!
//!     Ok(())
//! }
//! ```
//!
//! # Features
//!
//! - `const-syscall`: Allow creating of `ScmpSyscall` in a `const`-context.

#![warn(rust_2018_idioms)]
#![deny(missing_debug_implementations)]
#![deny(missing_docs)]
#![deny(unsafe_op_in_unsafe_fn)]
#![warn(clippy::inefficient_to_string)]
#![warn(clippy::string_to_string)]
#![warn(clippy::semicolon_if_nothing_returned)]
#![warn(clippy::clone_on_ref_ptr)]
#![warn(clippy::unwrap_in_result)]
#![cfg_attr(docsrs, feature(doc_cfg))]

/// Errors
pub mod error;

mod action;
mod api;
mod arch;
mod arg_compare;
mod compare_op;
mod filter_attr;
mod filter_context;
mod functions;
#[cfg(any(libseccomp_v2_5, doc))]
mod notify;
mod syscall;
mod version;

use error::{Result, SeccompError};

pub use action::ScmpAction;
pub use api::{check_api, get_api, set_api};
pub use arch::ScmpArch;
pub use arg_compare::ScmpArgCompare;
pub use compare_op::ScmpCompareOp;
pub use filter_attr::ScmpFilterAttr;
pub use filter_context::ScmpFilterContext;
pub use functions::*;
#[cfg(any(libseccomp_v2_5, doc))]
pub use notify::*;
pub use syscall::ScmpSyscall;
pub use version::{check_version, ScmpVersion};

fn cvt(ret: i32) -> Result<()> {
    if ret == 0 {
        Ok(())
    } else {
        Err(SeccompError::from_errno(ret))
    }
}