Crate syd

libsyd - SydB☮x API Rust Library

libsyd is a C library written in Rust that implements the SydB☮x stat API, providing an interface to the /dev/syd of Sydb☮x. It allows for runtime configuration and interaction with the Sydb☮x sandboxing environment.

Overview

The library is designed to interact with the Sydb☮x sandboxing environment, offering functionalities to check and modify the state of the sandbox lock, and perform system calls to /dev/syd.

Attention

This library is a work in progress, and the API is not stable.

For more detailed information and usage instructions, refer to the Sydb☮x manual, available at Sydb☮x Manual.

Author

Ali Polatel alip@chesswob.org

Enums

• lock_state_t
  An enumeration of the possible states for the sandbox lock.

Functions

• syd_allow_exec_add
  Adds to the allowlist of exec sandboxing.
• syd_allow_exec_del
  Removes the first instance from the end of the allowlist of exec sandboxing.
• syd_allow_exec_rem
  Removes all matching patterns from the allowlist of exec sandboxing.
• syd_allow_net_bind_add
  Adds to the allowlist of net/bind sandboxing.
• syd_allow_net_bind_del
  Removes the first instance from the end of the allowlist of net/bind sandboxing.
• syd_allow_net_bind_rem
  Removes all matching patterns from the allowlist of net/bind sandboxing.
• syd_allow_net_connect_add
  Adds to the allowlist of net/connect sandboxing.
• syd_allow_net_connect_del
  Removes the first instance from the end of the allowlist of net/connect sandboxing.
• syd_allow_net_connect_rem
  Removes all matching patterns from the allowlist of net/connect sandboxing.
• syd_allow_read_add
  Adds to the allowlist of read sandboxing.
• syd_allow_read_del
  Removes the first instance from the end of the allowlist of read sandboxing.
• syd_allow_read_rem
  Removes all matching patterns from the allowlist of read sandboxing.
• syd_allow_stat_add
  Adds to the allowlist of stat sandboxing.
• syd_allow_stat_del
  Removes the first instance from the end of the allowlist of stat sandboxing.
• syd_allow_stat_rem
  Removes all matching patterns from the allowlist of stat sandboxing.
• syd_allow_write_add
  Adds to the allowlist of write sandboxing.
• syd_allow_write_del
  Removes the first instance from the end of the allowlist of write sandboxing.
• syd_allow_write_rem
  Removes all matching patterns from the allowlist of write sandboxing.
• syd_api
  Performs a Sydb☮x API check
• syd_check
  Performs an lstat system call on the file “/dev/syd”.
• syd_deny_exec_add
  Adds to the denylist of exec sandboxing.
• syd_deny_exec_del
  Removes the first instance from the end of the denylist of exec sandboxing.
• syd_deny_exec_rem
  Removes all matching patterns from the denylist of exec sandboxing.
• syd_deny_net_bind_add
  Adds to the denylist of net/bind sandboxing.
• syd_deny_net_bind_del
  Removes the first instance from the end of the denylist of net/bind sandboxing.
• syd_deny_net_bind_rem
  Removes all matching patterns from the denylist of net/bind sandboxing.
• syd_deny_net_connect_add
  Adds to the denylist of net/connect sandboxing.
• syd_deny_net_connect_del
  Removes the first instance from the end of the denylist of net/connect sandboxing.
• syd_deny_net_connect_rem
  Removes all matching patterns from the denylist of net/connect sandboxing.
• syd_deny_read_add
  Adds to the denylist of read sandboxing.
• syd_deny_read_del
  Removes the first instance from the end of the denylist of read sandboxing.
• syd_deny_read_rem
  Removes all matching patterns from the denylist of read sandboxing.
• syd_deny_stat_add
  Adds to the denylist of stat sandboxing.
• syd_deny_stat_del
  Removes the first instance from the end of the denylist of stat sandboxing.
• syd_deny_stat_rem
  Removes all matching patterns from the denylist of stat sandboxing.
• syd_deny_write_add
  Adds to the denylist of write sandboxing.
• syd_deny_write_del
  Removes the first instance from the end of the denylist of write sandboxing.
• syd_deny_write_rem
  Removes all matching patterns from the denylist of write sandboxing.
• syd_disable_exec
  Disable exec sandboxing.
• syd_disable_mem
  Disable memory sandboxing.
• syd_disable_net
  Disable net sandboxing.
• syd_disable_pid
  Disable PID sandboxing.
• syd_disable_read
  Disable read sandboxing.
• syd_disable_stat
  Disable stat sandboxing.
• syd_disable_write
  Disable write sandboxing.
• syd_enable_exec
  Enable exec sandboxing.
• syd_enable_mem
  Enable memory sandboxing.
• syd_enable_net
  Enable net sandboxing.
• syd_enable_pid
  Enable PID sandboxing.
• syd_enable_read
  Enable read sandboxing.
• syd_enable_stat
  Enable stat sandboxing.
• syd_enable_write
  Enable write sandboxing.
• syd_enabled_exec
  Checks if exec sandboxing is enabled.
• syd_enabled_mem
  Checks if memory sandboxing is enabled.
• syd_enabled_net
  Checks if net sandboxing is enabled.
• syd_enabled_pid
  Checks if PID sandboxing is enabled.
• syd_enabled_read
  Checks if read sandboxing is enabled.
• syd_enabled_stat
  Checks if stat sandboxing is enabled.
• syd_enabled_write
  Checks if write sandboxing is enabled.
• syd_exec
  Execute a command outside the sandbox without sandboxing
• syd_filter_exec_add
  Adds to the filter of exec sandboxing.
• syd_filter_exec_del
  Removes the first instance from the end of the filter of exec sandboxing.
• syd_filter_exec_rem
  Removes all matching patterns from the filter of exec sandboxing.
• syd_filter_net_bind_add
  Adds to the filter of net/bind sandboxing.
• syd_filter_net_bind_del
  Removes the first instance from the end of the filter of net/bind sandboxing.
• syd_filter_net_bind_rem
  Removes all matching patterns from the filter of net/bind sandboxing.
• syd_filter_net_connect_add
  Adds to the filter of net/connect sandboxing.
• syd_filter_net_connect_del
  Removes the first instance from the end of the filter of net/connect sandboxing.
• syd_filter_net_connect_rem
  Removes all matching patterns from the filter of net/connect sandboxing.
• syd_filter_read_add
  Adds to the filter of read sandboxing.
• syd_filter_read_del
  Removes the first instance from the end of the filter of read sandboxing.
• syd_filter_read_rem
  Removes all matching patterns from the filter of read sandboxing.
• syd_filter_stat_add
  Adds to the filter of stat sandboxing.
• syd_filter_stat_del
  Removes the first instance from the end of the filter of stat sandboxing.
• syd_filter_stat_rem
  Removes all matching patterns from the filter of stat sandboxing.
• syd_filter_write_add
  Adds to the filter of write sandboxing.
• syd_filter_write_del
  Removes the first instance from the end of the filter of write sandboxing.
• syd_filter_write_rem
  Removes all matching patterns from the filter of write sandboxing.
• syd_kill_add
  Adds to the list of glob patterns used to determine which paths should be killed (prevented from executing) in the sandbox.
• syd_kill_del
  Deletes the first matching item from the end of the list of glob patterns used to determine which paths should be killed (prevented from executing) in the sandbox.
• syd_kill_rem
  Removes all matching items from the list of glob patterns used to determine which paths should be killed (prevented from executing) in the sandbox.
• syd_load
  Causes Sydb☮x to read configuration from the given file descriptor.
• syd_lock
  Sets the state of the sandbox lock.
• syd_mem_max
  Set SydB☮x maximum per-process memory usage limit for memory sandboxing.
• syd_mem_vm_max
  Set SydB☮x maximum per-process virtual memory usage limit for memory sandboxing.
• syd_panic
  Causes Sydb☮x to exit immediately with code 127
• syd_pid_max
  Set SydB☮x maximum process id limit for PID sandboxing
• syd_reset
  Causes Sydb☮x to reset sandboxing to the default state. Allowlists, denylists and filters are going to be cleared.