Struct seccompiler::SeccompFilter
source · [−]pub struct SeccompFilter { /* private fields */ }
Expand description
Filter containing rules assigned to syscall numbers.
Implementations
sourceimpl SeccompFilter
impl SeccompFilter
sourcepub fn new(
rules: BTreeMap<i64, Vec<SeccompRule>>,
mismatch_action: SeccompAction,
match_action: SeccompAction,
target_arch: TargetArch
) -> Result<Self, Error>
pub fn new(
rules: BTreeMap<i64, Vec<SeccompRule>>,
mismatch_action: SeccompAction,
match_action: SeccompAction,
target_arch: TargetArch
) -> Result<Self, Error>
Creates a new filter with a set of rules, an on-match and default action.
Arguments
rules
- Map containing syscall numbers and their respectiveSeccompRule
s.mismatch_action
-SeccompAction
taken for all syscalls that do not match any rule.match_action
-SeccompAction
taken for system calls that match the filter.target_arch
- Target architecture of the generated BPF filter.
Example
use seccompiler::{
SeccompAction, SeccompCmpArgLen, SeccompCmpOp, SeccompCondition, SeccompFilter, SeccompRule,
};
use std::convert::TryInto;
let filter = SeccompFilter::new(
vec![
(libc::SYS_accept4, vec![]),
(
libc::SYS_fcntl,
vec![
SeccompRule::new(vec![
SeccompCondition::new(
1,
SeccompCmpArgLen::Dword,
SeccompCmpOp::Eq,
libc::F_SETFD as u64,
)
.unwrap(),
SeccompCondition::new(
2,
SeccompCmpArgLen::Dword,
SeccompCmpOp::Eq,
libc::FD_CLOEXEC as u64,
)
.unwrap(),
])
.unwrap(),
SeccompRule::new(vec![SeccompCondition::new(
1,
SeccompCmpArgLen::Dword,
SeccompCmpOp::Eq,
libc::F_GETFD as u64,
)
.unwrap()])
.unwrap(),
],
),
]
.into_iter()
.collect(),
SeccompAction::Trap,
SeccompAction::Allow,
std::env::consts::ARCH.try_into().unwrap(),
);
Trait Implementations
sourceimpl Clone for SeccompFilter
impl Clone for SeccompFilter
sourcefn clone(&self) -> SeccompFilter
fn clone(&self) -> SeccompFilter
Returns a copy of the value. Read more
1.0.0 · sourcefn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from source
. Read more
sourceimpl Debug for SeccompFilter
impl Debug for SeccompFilter
sourceimpl PartialEq<SeccompFilter> for SeccompFilter
impl PartialEq<SeccompFilter> for SeccompFilter
sourcefn eq(&self, other: &SeccompFilter) -> bool
fn eq(&self, other: &SeccompFilter) -> bool
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
sourceimpl TryFrom<SeccompFilter> for BpfProgram
impl TryFrom<SeccompFilter> for BpfProgram
impl Eq for SeccompFilter
impl StructuralEq for SeccompFilter
impl StructuralPartialEq for SeccompFilter
Auto Trait Implementations
impl RefUnwindSafe for SeccompFilter
impl Send for SeccompFilter
impl Sync for SeccompFilter
impl Unpin for SeccompFilter
impl UnwindSafe for SeccompFilter
Blanket Implementations
sourceimpl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more