seccomp_tiny/lib.rs
1//! Tiny Seccomp
2//! -------------
3//!
4//! Sometimes you need a syscall filter without an entire dynamic
5//! library. Or std. Or an allocator. Whatever! Just throw some
6//! instructions in a buffer, we can do it.
7//!
8//! This crate does not include any kind of optimizer or compiler
9//! for building BPF filters, but it has some basic syntax for
10//! constructing them manually in a mostly unpainful way without
11//! any allocations.
12//!
13//! You can use the lower-level pieces of this crate on their
14//! own if you like, but the easiest way to get started is to
15//! add instructions or blocks of instructions to a
16//! seccomp_tiny::ProgramBuffer and then call its method
17//! seccomp_tiny::ProgramBuffer::activate() to irrevocably
18//! apply the filter and panic on failure.
19//!
20//! ```
21//! use std;
22//! use seccomp_tiny::{ProgramBuffer, bpf, abi};
23//! let mut p = ProgramBuffer::new();
24//! p.inst( bpf::ret( abi::SECCOMP_RET_ALLOW ) );
25//! p.activate()
26//! ```
27
28#![no_std]
29
30#[cfg(not(any(target_os = "linux", target_os = "android")))]
31compile_error!("seccomp only works on linux or android");
32
33mod buffer;
34mod seccomp;
35
36pub mod abi;
37pub mod bpf;
38
39pub use buffer::ProgramBuffer;
40pub use seccomp::activate;