Crate syd

libsyd - syd API Rust Library

libsyd is a C library written in Rust that implements the syd stat API, providing an interface to the /dev/syd of syd. It allows for runtime configuration and interaction with the syd sandboxing environment.

Overview

The library is designed to interact with the syd sandboxing environment, offering functionalities to check and modify the state of the sandbox lock, and perform system calls to /dev/syd.

For more detailed information and usage instructions, refer to the syd manual, available at syd Manual.

Author

Ali Polatel alip@chesswob.org

Enums

• force_action_t
  An enumeration of the possible actions for force sandboxing.
• lock_state_t
  An enumeration of the possible states for the sandbox lock.

Functions

• syd_allow_exec_add
  Adds to the allowlist of exec sandboxing.
• syd_allow_exec_del
  Removes the first instance from the end of the allowlist of exec sandboxing.
• syd_allow_exec_rem
  Removes all matching patterns from the allowlist of exec sandboxing.
• syd_allow_net_bind_add
  Adds to the allowlist of net/bind sandboxing.
• syd_allow_net_bind_del
  Removes the first instance from the end of the allowlist of net/bind sandboxing.
• syd_allow_net_bind_rem
  Removes all matching patterns from the allowlist of net/bind sandboxing.
• syd_allow_net_connect_add
  Adds to the allowlist of net/connect sandboxing.
• syd_allow_net_connect_del
  Removes the first instance from the end of the allowlist of net/connect sandboxing.
• syd_allow_net_connect_rem
  Removes all matching patterns from the allowlist of net/connect sandboxing.
• syd_allow_read_add
  Adds to the allowlist of read sandboxing.
• syd_allow_read_del
  Removes the first instance from the end of the allowlist of read sandboxing.
• syd_allow_read_rem
  Removes all matching patterns from the allowlist of read sandboxing.
• syd_allow_stat_add
  Adds to the allowlist of stat sandboxing.
• syd_allow_stat_del
  Removes the first instance from the end of the allowlist of stat sandboxing.
• syd_allow_stat_rem
  Removes all matching patterns from the allowlist of stat sandboxing.
• syd_allow_write_add
  Adds to the allowlist of write sandboxing.
• syd_allow_write_del
  Removes the first instance from the end of the allowlist of write sandboxing.
• syd_allow_write_rem
  Removes all matching patterns from the allowlist of write sandboxing.
• syd_api
  Performs a syd API check
• syd_check
  Performs an lstat system call on the file “/dev/syd”.
• syd_deny_exec_add
  Adds to the denylist of exec sandboxing.
• syd_deny_exec_del
  Removes the first instance from the end of the denylist of exec sandboxing.
• syd_deny_exec_rem
  Removes all matching patterns from the denylist of exec sandboxing.
• syd_deny_net_bind_add
  Adds to the denylist of net/bind sandboxing.
• syd_deny_net_bind_del
  Removes the first instance from the end of the denylist of net/bind sandboxing.
• syd_deny_net_bind_rem
  Removes all matching patterns from the denylist of net/bind sandboxing.
• syd_deny_net_connect_add
  Adds to the denylist of net/connect sandboxing.
• syd_deny_net_connect_del
  Removes the first instance from the end of the denylist of net/connect sandboxing.
• syd_deny_net_connect_rem
  Removes all matching patterns from the denylist of net/connect sandboxing.
• syd_deny_read_add
  Adds to the denylist of read sandboxing.
• syd_deny_read_del
  Removes the first instance from the end of the denylist of read sandboxing.
• syd_deny_read_rem
  Removes all matching patterns from the denylist of read sandboxing.
• syd_deny_stat_add
  Adds to the denylist of stat sandboxing.
• syd_deny_stat_del
  Removes the first instance from the end of the denylist of stat sandboxing.
• syd_deny_stat_rem
  Removes all matching patterns from the denylist of stat sandboxing.
• syd_deny_write_add
  Adds to the denylist of write sandboxing.
• syd_deny_write_del
  Removes the first instance from the end of the denylist of write sandboxing.
• syd_deny_write_rem
  Removes all matching patterns from the denylist of write sandboxing.
• syd_disable_exec
  Disable exec sandboxing.
• syd_disable_force
  Disable force sandboxing.
• syd_disable_mem
  Disable memory sandboxing.
• syd_disable_net
  Disable net sandboxing.
• syd_disable_pid
  Disable PID sandboxing.
• syd_disable_read
  Disable read sandboxing.
• syd_disable_stat
  Disable stat sandboxing.
• syd_disable_write
  Disable write sandboxing.
• syd_enable_exec
  Enable exec sandboxing.
• syd_enable_force
  Enable force sandboxing.
• syd_enable_mem
  Enable memory sandboxing.
• syd_enable_net
  Enable net sandboxing.
• syd_enable_pid
  Enable PID sandboxing.
• syd_enable_read
  Enable read sandboxing.
• syd_enable_stat
  Enable stat sandboxing.
• syd_enable_write
  Enable write sandboxing.
• syd_enabled_exec
  Checks if exec sandboxing is enabled.
• syd_enabled_force
  Checks if force sandboxing is enabled.
• syd_enabled_mem
  Checks if memory sandboxing is enabled.
• syd_enabled_net
  Checks if net sandboxing is enabled.
• syd_enabled_pid
  Checks if PID sandboxing is enabled.
• syd_enabled_read
  Checks if read sandboxing is enabled.
• syd_enabled_stat
  Checks if stat sandboxing is enabled.
• syd_enabled_write
  Checks if write sandboxing is enabled.
• syd_exec^⚠
  Execute a command outside the sandbox without sandboxing
• syd_filter_exec_add
  Adds to the filter of exec sandboxing.
• syd_filter_exec_del
  Removes the first instance from the end of the filter of exec sandboxing.
• syd_filter_exec_rem
  Removes all matching patterns from the filter of exec sandboxing.
• syd_filter_mem
  Toggle the reporting of access violations for memory sandboxing
• syd_filter_net_bind_add
  Adds to the filter of net/bind sandboxing.
• syd_filter_net_bind_del
  Removes the first instance from the end of the filter of net/bind sandboxing.
• syd_filter_net_bind_rem
  Removes all matching patterns from the filter of net/bind sandboxing.
• syd_filter_net_connect_add
  Adds to the filter of net/connect sandboxing.
• syd_filter_net_connect_del
  Removes the first instance from the end of the filter of net/connect sandboxing.
• syd_filter_net_connect_rem
  Removes all matching patterns from the filter of net/connect sandboxing.
• syd_filter_pid
  Toggle the reporting of access violations for PID sandboxing
• syd_filter_read_add
  Adds to the filter of read sandboxing.
• syd_filter_read_del
  Removes the first instance from the end of the filter of read sandboxing.
• syd_filter_read_rem
  Removes all matching patterns from the filter of read sandboxing.
• syd_filter_stat_add
  Adds to the filter of stat sandboxing.
• syd_filter_stat_del
  Removes the first instance from the end of the filter of stat sandboxing.
• syd_filter_stat_rem
  Removes all matching patterns from the filter of stat sandboxing.
• syd_filter_write_add
  Adds to the filter of write sandboxing.
• syd_filter_write_del
  Removes the first instance from the end of the filter of write sandboxing.
• syd_filter_write_rem
  Removes all matching patterns from the filter of write sandboxing.
• syd_force_add^⚠
  Adds an entry to the Integrity Force map for Force Sandboxing.
• syd_force_clr
  Clears the Integrity Force map for Force Sandboxing.
• syd_force_def
  Set the default action for Force Sandboxing.
• syd_force_del^⚠
  Removes an entry from the Integrity Force map for Force Sandboxing.
• syd_kill_add
  Adds to the list of glob patterns used to determine which paths should be killed (prevented from executing) in the sandbox.
• syd_kill_del
  Deletes the first matching item from the end of the list of glob patterns used to determine which paths should be killed (prevented from executing) in the sandbox.
• syd_kill_mem
  Toggle kill of the offending process for Memory sandboxing
• syd_kill_pid
  Toggle kill of the offending process for PID sandboxing
• syd_kill_rem
  Removes all matching items from the list of glob patterns used to determine which paths should be killed (prevented from executing) in the sandbox.
• syd_load
  Causes syd to read configuration from the given file descriptor.
• syd_lock
  Sets the state of the sandbox lock.
• syd_mem_max
  Set syd maximum per-process memory usage limit for memory sandboxing.
• syd_mem_vm_max
  Set syd maximum per-process virtual memory usage limit for memory sandboxing.
• syd_panic
  Causes syd to exit immediately with code 127
• syd_pid_max
  Set syd maximum process id limit for PID sandboxing
• syd_reset
  Causes syd to reset sandboxing to the default state. Allowlists, denylists and filters are going to be cleared.
• syd_segvguard_expiry
  Specify SegvGuard entry expiry timeout in seconds. Setting this timeout to 0 effectively disables SegvGuard.
• syd_segvguard_maxcrashes
  Specify SegvGuard max number of crashes before suspension.
• syd_segvguard_suspension
  Specify SegvGuard entry suspension timeout in seconds.