Struct SecurityPolicy 

pub struct SecurityPolicy {
    pub require_auth: bool,
    pub access: AccessPolicy,
    pub rate_limits: RateLimitPolicy,
    pub session: SessionPolicy,
    pub blocklist: Vec<BlocklistEntry>,
}

Per-VM security configuration, provisioned on the config drive.

Controls authentication requirements, access permissions, rate limiting, and session lifecycle. Immutable after VM boot.

Default: require_auth = true — authentication is required unless explicitly opted out for dev/testing via SecurityPolicy::dev_defaults().

Fields

require_auth: bool

Require authenticated vsock frames. Default: true. Set to false only for dev/testing environments.

access: AccessPolicy

Access control toggles.

rate_limits: RateLimitPolicy

Frame rate limiting configuration.

session: SessionPolicy

Session lifecycle limits.

blocklist: Vec<BlocklistEntry>

Command blocklist entries for the gate.

Implementations

impl SecurityPolicy

pub fn dev_defaults() -> Self

Permissive defaults for development and testing environments. Authentication is disabled and console access is enabled.

Trait Implementations

impl Clone for SecurityPolicy

fn clone(&self) -> SecurityPolicy

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SecurityPolicy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for SecurityPolicy

fn default() -> Self

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for SecurityPolicy

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for SecurityPolicy

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.