Crate pentacle

Expand description

pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2).

This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.

The library provides a wrapper around Command as well as two helper functions, ensure_sealed and is_sealed, for programs that execute sealed versions of themselves.

fn main() {
    pentacle::ensure_sealed().unwrap();

    // The rest of your code
}

Lower-level control over the creation and sealing of anonymous files is available via SealOptions.

Structs§

MustSealError: The Error::source returned by SealOptions::seal if required seals are not present.
SealOptions: Options for creating a sealed anonymous file.
SealedCommand: A Command wrapper that spawns sealed memory-backed programs.

Functions§

ensure_sealed: Ensure the currently running program is a sealed anonymous file.
is_sealed: Verify whether the currently running program is a sealed anonymous file.

Crate pentacleCopy item path

Structs§

Functions§

Crate pentacle