SeccompFilter

sandbox_rs::isolation::seccomp

Struct SeccompFilter 

Source 
pub struct SeccompFilter { /* private fields */ }
Expand description

Seccomp filter builder

Implementations§

Source§

impl SeccompFilter

Source

pub fn from_profile(profile: SeccompProfile) -> Self

Create filter from profile

Source

pub fn minimal() -> Self

Create minimal filter

Source

pub fn allow_syscall(&mut self, name: impl Into<String>)

Add syscall to whitelist

Source

pub fn block_syscall(&mut self, name: impl Into<String>)

Block a syscall (deny even if in whitelist)

Source

pub fn is_allowed(&self, name: &str) -> bool

Check if syscall is allowed

Source

pub fn allowed_syscalls(&self) -> &HashSet<String>

Get allowed syscalls

Source

pub fn blocked_syscalls(&self) -> &HashSet<String>

Get blocked syscalls

Source

pub fn allowed_count(&self) -> usize

Count allowed syscalls

Source

pub fn is_kill_on_violation(&self) -> bool

Check if killing on violation

Source

pub fn set_kill_on_violation(&mut self, kill: bool)

Set kill on violation

Source

pub fn profile(&self) -> SeccompProfile

Get the profile used to create this filter

Source

pub fn set_allow_unknown_syscalls(&mut self, allow: bool)

Set whether unknown syscalls should be allowed (warnings only)

Default is false, which means unknown syscalls cause compilation errors. Setting this to true allows filters with unknown syscalls to compile, but those syscalls will be silently ignored.

Source

pub fn allows_unknown_syscalls(&self) -> bool

Check if unknown syscalls are allowed

Source

pub fn validate(&self) -> Result<()>

Validate that filter is correct

Source

pub fn export(&self) -> Result<Vec<String>>

Export as BPF program (simplified - just returns syscall names)

Trait Implementations§

Source§

impl Clone for SeccompFilter

Source§

fn clone(&self) -> SeccompFilter

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SeccompFilter

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.