Crate syd

libsyd - syd API Rust Library

libsyd is a C library written in Rust that implements the syd stat API, providing an interface to the /dev/syd of syd. It allows for runtime configuration and interaction with the syd sandboxing environment.

Overview

The library is designed to interact with the syd sandboxing environment, offering functionalities to check and modify the state of the sandbox lock, and perform system calls to /dev/syd.

For more detailed information and usage instructions, refer to the syd manual, available at syd Manual.

Author

Ali Polatel alip@chesswob.org

Enums

• action_t
  An enumeration of the possible actions for sandboxing.
• lock_state_t
  An enumeration of the possible states for the sandbox lock.

Functions

• syd_api
  Performs a syd API check
• syd_attr_add
  Adds to the given actionlist of attr sandboxing.
• syd_attr_del
  Removes the first instance from the end of the given actionlist of attr sandboxing.
• syd_attr_rem
  Removes all matching patterns from the given actionlist of attr sandboxing.
• syd_check
  Performs an lstat system call on the file “/dev/syd”.
• syd_chgrp_add
  Adds to the given actionlist of chgrp sandboxing.
• syd_chgrp_del
  Removes the first instance from the end of the given actionlist of chgrp sandboxing.
• syd_chgrp_rem
  Removes all matching patterns from the given actionlist of chgrp sandboxing.
• syd_chown_add
  Adds to the given actionlist of chown sandboxing.
• syd_chown_del
  Removes the first instance from the end of the given actionlist of chown sandboxing.
• syd_chown_rem
  Removes all matching patterns from the given actionlist of chown sandboxing.
• syd_create_add
  Adds to the given actionlist of create sandboxing.
• syd_create_del
  Removes the first instance from the end of the given actionlist of create sandboxing.
• syd_create_rem
  Removes all matching patterns from the given actionlist of create sandboxing.
• syd_default_attr
  Set the default action for Attr Sandboxing.
• syd_default_block
  Set the default action for IP blocklist violations.
• syd_default_chgrp
  Set the default action for Chgrp Sandboxing.
• syd_default_chown
  Set the default action for Chown Sandboxing.
• syd_default_create
  Set the default action for Create Sandboxing.
• syd_default_delete
  Set the default action for Delete Sandboxing.
• syd_default_exec
  Set the default action for Exec Sandboxing.
• syd_default_force
  Set the default action for Force Sandboxing.
• syd_default_ioctl
  Set the default action for Ioctl Sandboxing.
• syd_default_mem
  Set the default action for Memory Sandboxing.
• syd_default_net
  Set the default action for Network Sandboxing.
• syd_default_node
  Set the default action for Node Sandboxing.
• syd_default_pid
  Set the default action for PID Sandboxing.
• syd_default_read
  Set the default action for Read Sandboxing.
• syd_default_segvguard
  Set the default action for SegvGuard
• syd_default_stat
  Set the default action for Stat Sandboxing.
• syd_default_tmpfile
  Set the default action for Tmpfile Sandboxing.
• syd_default_tpe
  Set the default action for TPE Sandboxing.
• syd_default_truncate
  Set the default action for Truncate Sandboxing.
• syd_default_write
  Set the default action for Write Sandboxing.
• syd_delete_add
  Adds to the given actionlist of delete sandboxing.
• syd_delete_del
  Removes the first instance from the end of the given actionlist of delete sandboxing.
• syd_delete_rem
  Removes all matching patterns from the given actionlist of delete sandboxing.
• syd_disable_attr
  Disable attr sandboxing.
• syd_disable_chgrp
  Disable chgrp sandboxing.
• syd_disable_chown
  Disable chown sandboxing.
• syd_disable_create
  Disable create sandboxing.
• syd_disable_delete
  Disable delete sandboxing.
• syd_disable_exec
  Disable exec sandboxing.
• syd_disable_force
  Disable force sandboxing.
• syd_disable_ioctl
  Disable ioctl sandboxing.
• syd_disable_mem
  Disable memory sandboxing.
• syd_disable_net
  Disable net sandboxing.
• syd_disable_node
  Disable node sandboxing.
• syd_disable_pid
  Disable PID sandboxing.
• syd_disable_read
  Disable read sandboxing.
• syd_disable_stat
  Disable stat sandboxing.
• syd_disable_tmpfile
  Disable tmpfile sandboxing.
• syd_disable_tpe
  Disable TPE sandboxing.
• syd_disable_truncate
  Disable truncate sandboxing.
• syd_disable_write
  Disable write sandboxing.
• syd_enable_attr
  Enable attr sandboxing.
• syd_enable_chgrp
  Enable chgrp sandboxing.
• syd_enable_chown
  Enable chown sandboxing.
• syd_enable_create
  Enable create sandboxing.
• syd_enable_delete
  Enable delete sandboxing.
• syd_enable_exec
  Enable exec sandboxing.
• syd_enable_force
  Enable force sandboxing.
• syd_enable_ioctl
  Enable ioctl sandboxing.
• syd_enable_mem
  Enable memory sandboxing.
• syd_enable_net
  Enable net sandboxing.
• syd_enable_node
  Enable node sandboxing.
• syd_enable_pid
  Enable PID sandboxing.
• syd_enable_read
  Enable read sandboxing.
• syd_enable_stat
  Enable stat sandboxing.
• syd_enable_tmpfile
  Enable tmpfile sandboxing.
• syd_enable_tpe
  Enable TPE sandboxing.
• syd_enable_truncate
  Enable truncate sandboxing.
• syd_enable_write
  Enable write sandboxing.
• syd_enabled_attr
  Checks if attr sandboxing is enabled.
• syd_enabled_chgrp
  Checks if chgrp sandboxing is enabled.
• syd_enabled_chown
  Checks if chown sandboxing is enabled.
• syd_enabled_create
  Checks if create sandboxing is enabled.
• syd_enabled_crypt
  Checks if crypt sandboxing is enabled.
• syd_enabled_delete
  Checks if delete sandboxing is enabled.
• syd_enabled_exec
  Checks if exec sandboxing is enabled.
• syd_enabled_force
  Checks if force sandboxing is enabled.
• syd_enabled_ioctl
  Checks if ioctl sandboxing is enabled.
• syd_enabled_lock
  Checks if lock sandboxing is enabled.
• syd_enabled_mem
  Checks if memory sandboxing is enabled.
• syd_enabled_net
  Checks if net sandboxing is enabled.
• syd_enabled_node
  Checks if node sandboxing is enabled.
• syd_enabled_pid
  Checks if PID sandboxing is enabled.
• syd_enabled_proxy
  Checks if proxy sandboxing is enabled.
• syd_enabled_read
  Checks if read sandboxing is enabled.
• syd_enabled_stat
  Checks if stat sandboxing is enabled.
• syd_enabled_tmpfile
  Checks if tmpfile sandboxing is enabled.
• syd_enabled_tpe
  Checks if TPE sandboxing is enabled.
• syd_enabled_truncate
  Checks if truncate sandboxing is enabled.
• syd_enabled_write
  Checks if write sandboxing is enabled.
• syd_exec^⚠
  Execute a command outside the sandbox without sandboxing
• syd_exec_add
  Adds to the given actionlist of exec sandboxing.
• syd_exec_del
  Removes the first instance from the end of the given actionlist of exec sandboxing.
• syd_exec_rem
  Removes all matching patterns from the given actionlist of exec sandboxing.
• syd_force_add^⚠
  Adds an entry to the Integrity Force map for Force Sandboxing.
• syd_force_clr
  Clears the Integrity Force map for Force Sandboxing.
• syd_force_del^⚠
  Removes an entry from the Integrity Force map for Force Sandboxing.
• syd_ioctl_add
  Adds to the given actionlist of ioctl sandboxing.
• syd_ioctl_del
  Removes the first instance from the end of the given actionlist of ioctl sandboxing.
• syd_ioctl_deny
  Adds a request to the ioctl(2) denylist.
• syd_ioctl_rem
  Removes all matching patterns from the given actionlist of ioctl sandboxing.
• syd_load
  Causes syd to read configuration from the given file descriptor.
• syd_lock
  Sets the state of the sandbox lock.
• syd_mem_max
  Set syd maximum per-process memory usage limit for memory sandboxing.
• syd_mem_vm_max
  Set syd maximum per-process virtual memory usage limit for memory sandboxing.
• syd_net_bind_add
  Adds to the given actionlist of net/bind sandboxing.
• syd_net_bind_del
  Removes the first instance from the end of the given actionlist of net/bind sandboxing.
• syd_net_bind_rem
  Removes all matching patterns from the given actionlist of net/bind sandboxing.
• syd_net_connect_add
  Adds to the given actionlist of net/connect sandboxing.
• syd_net_connect_del
  Removes the first instance from the end of the given actionlist of net/connect sandboxing.
• syd_net_connect_rem
  Removes all matching patterns from the given actionlist of net/connect sandboxing.
• syd_net_link_add
  Adds to the given actionlist of net/link sandboxing.
• syd_net_link_del
  Removes the first instance from the end of the given actionlist of net/link sandboxing.
• syd_net_link_rem
  Removes all matching patterns from the given actionlist of net/link sandboxing.
• syd_net_send_add
  Adds to the given actionlist of net/send sandboxing.
• syd_net_send_del
  Removes the first instance from the end of the given actionlist of net/send sandboxing.
• syd_net_send_rem
  Removes all matching patterns from the given actionlist of net/send sandboxing.
• syd_node_add
  Adds to the given actionlist of node sandboxing.
• syd_node_del
  Removes the first instance from the end of the given actionlist of node sandboxing.
• syd_node_rem
  Removes all matching patterns from the given actionlist of node sandboxing.
• syd_panic
  Causes syd to exit immediately with code 127
• syd_pid_max
  Set syd maximum process id limit for PID sandboxing
• syd_read_add
  Adds to the given actionlist of read sandboxing.
• syd_read_del
  Removes the first instance from the end of the given actionlist of read sandboxing.
• syd_read_rem
  Removes all matching patterns from the given actionlist of read sandboxing.
• syd_reset
  Causes syd to reset sandboxing to the default state. Allowlists, denylists and filters are going to be cleared.
• syd_segvguard_expiry
  Specify SegvGuard entry expiry timeout in seconds. Setting this timeout to 0 effectively disables SegvGuard.
• syd_segvguard_maxcrashes
  Specify SegvGuard max number of crashes before suspension.
• syd_segvguard_suspension
  Specify SegvGuard entry suspension timeout in seconds.
• syd_stat_add
  Adds to the given actionlist of stat sandboxing.
• syd_stat_del
  Removes the first instance from the end of the given actionlist of stat sandboxing.
• syd_stat_rem
  Removes all matching patterns from the given actionlist of stat sandboxing.
• syd_tmpfile_add
  Adds to the given actionlist of tmpfile sandboxing.
• syd_tmpfile_del
  Removes the first instance from the end of the given actionlist of tmpfile sandboxing.
• syd_tmpfile_rem
  Removes all matching patterns from the given actionlist of tmpfile sandboxing.
• syd_truncate_add
  Adds to the given actionlist of truncate sandboxing.
• syd_truncate_del
  Removes the first instance from the end of the given actionlist of truncate sandboxing.
• syd_truncate_rem
  Removes all matching patterns from the given actionlist of truncate sandboxing.
• syd_write_add
  Adds to the given actionlist of write sandboxing.
• syd_write_del
  Removes the first instance from the end of the given actionlist of write sandboxing.
• syd_write_rem
  Removes all matching patterns from the given actionlist of write sandboxing.