Crate syd

Expand description

§libsyd - syd API Rust Library

libsyd is a C library written in Rust that implements the syd stat API, providing an interface to the /dev/syd of syd. It allows for runtime configuration and interaction with the syd sandboxing environment.

§Overview

The library is designed to interact with the syd sandboxing environment, offering functionalities to check and modify the state of the sandbox lock, and perform system calls to /dev/syd.

For more detailed information and usage instructions, refer to the syd manual, available at syd Manual.

§Author

Ali Polatel alip@chesswob.org

Enums§

action_t
An enumeration of the possible actions for sandboxing.
lock_state_t
An enumeration of the possible states for the sandbox lock.

Functions§

syd_api
Performs a syd API check
syd_check
Performs an lstat system call on the file “/dev/syd”.
syd_default_exec
Set the default action for Exec Sandboxing.
syd_default_force
Set the default action for Force Sandboxing.
syd_default_ioctl
Set the default action for Ioctl Sandboxing.
syd_default_mem
Set the default action for Memory Sandboxing.
syd_default_net
Set the default action for Network Sandboxing.
syd_default_pid
Set the default action for PID Sandboxing.
syd_default_read
Set the default action for Read Sandboxing.
syd_default_segvguard
Set the default action for SegvGuard
syd_default_stat
Set the default action for Stat Sandboxing.
syd_default_tpe
Set the default action for TPE Sandboxing.
syd_default_write
Set the default action for Write Sandboxing.
syd_disable_exec
Disable exec sandboxing.
syd_disable_force
Disable force sandboxing.
syd_disable_ioctl
Disable ioctl sandboxing.
syd_disable_mem
Disable memory sandboxing.
syd_disable_net
Disable net sandboxing.
syd_disable_pid
Disable PID sandboxing.
syd_disable_read
Disable read sandboxing.
syd_disable_stat
Disable stat sandboxing.
syd_disable_tpe
Disable TPE sandboxing.
syd_disable_write
Disable write sandboxing.
syd_enable_exec
Enable exec sandboxing.
syd_enable_force
Enable force sandboxing.
syd_enable_ioctl
Enable ioctl sandboxing.
syd_enable_mem
Enable memory sandboxing.
syd_enable_net
Enable net sandboxing.
syd_enable_pid
Enable PID sandboxing.
syd_enable_read
Enable read sandboxing.
syd_enable_stat
Enable stat sandboxing.
syd_enable_tpe
Enable TPE sandboxing.
syd_enable_write
Enable write sandboxing.
syd_enabled_exec
Checks if exec sandboxing is enabled.
syd_enabled_force
Checks if force sandboxing is enabled.
syd_enabled_ioctl
Checks if ioctl sandboxing is enabled.
syd_enabled_mem
Checks if memory sandboxing is enabled.
syd_enabled_net
Checks if net sandboxing is enabled.
syd_enabled_pid
Checks if PID sandboxing is enabled.
syd_enabled_read
Checks if read sandboxing is enabled.
syd_enabled_stat
Checks if stat sandboxing is enabled.
syd_enabled_tpe
Checks if TPE sandboxing is enabled.
syd_enabled_write
Checks if write sandboxing is enabled.
syd_exec^⚠
Execute a command outside the sandbox without sandboxing
syd_exec_add
Adds to the given actionlist of exec sandboxing.
syd_exec_del
Removes the first instance from the end of the given actionlist of exec sandboxing.
syd_exec_rem
Removes all matching patterns from the given actionlist of exec sandboxing.
syd_force_add^⚠
Adds an entry to the Integrity Force map for Force Sandboxing.
syd_force_clr
Clears the Integrity Force map for Force Sandboxing.
syd_force_del^⚠
Removes an entry from the Integrity Force map for Force Sandboxing.
syd_ioctl_add
Adds to the given actionlist of ioctl sandboxing.
syd_ioctl_del
Removes the first instance from the end of the given actionlist of ioctl sandboxing.
syd_ioctl_deny
Adds a request to the ioctl(2) denylist.
syd_ioctl_rem
Removes all matching patterns from the given actionlist of ioctl sandboxing.
syd_load
Causes syd to read configuration from the given file descriptor.
syd_lock
Sets the state of the sandbox lock.
syd_mem_max
Set syd maximum per-process memory usage limit for memory sandboxing.
syd_mem_vm_max
Set syd maximum per-process virtual memory usage limit for memory sandboxing.
syd_net_bind_add
Adds to the given actionlist of net/bind sandboxing.
syd_net_bind_del
Removes the first instance from the end of the given actionlist of net/bind sandboxing.
syd_net_bind_rem
Removes all matching patterns from the given actionlist of net/bind sandboxing.
syd_net_connect_add
Adds to the given actionlist of net/connect sandboxing.
syd_net_connect_del
Removes the first instance from the end of the given actionlist of net/connect sandboxing.
syd_net_connect_rem
Removes all matching patterns from the given actionlist of net/connect sandboxing.
syd_panic
Causes syd to exit immediately with code 127
syd_pid_max
Set syd maximum process id limit for PID sandboxing
syd_read_add
Adds to the given actionlist of read sandboxing.
syd_read_del
Removes the first instance from the end of the given actionlist of read sandboxing.
syd_read_rem
Removes all matching patterns from the given actionlist of read sandboxing.
syd_reset
Causes syd to reset sandboxing to the default state. Allowlists, denylists and filters are going to be cleared.
syd_segvguard_expiry
Specify SegvGuard entry expiry timeout in seconds. Setting this timeout to 0 effectively disables SegvGuard.
syd_segvguard_maxcrashes
Specify SegvGuard max number of crashes before suspension.
syd_segvguard_suspension
Specify SegvGuard entry suspension timeout in seconds.
syd_stat_add
Adds to the given actionlist of stat sandboxing.
syd_stat_del
Removes the first instance from the end of the given actionlist of stat sandboxing.
syd_stat_rem
Removes all matching patterns from the given actionlist of stat sandboxing.
syd_write_add
Adds to the given actionlist of write sandboxing.
syd_write_del
Removes the first instance from the end of the given actionlist of write sandboxing.
syd_write_rem
Removes all matching patterns from the given actionlist of write sandboxing.