Struct seccompiler::SeccompFilter
source · pub struct SeccompFilter { /* private fields */ }
Expand description
Filter containing rules assigned to syscall numbers.
Implementations§
source§impl SeccompFilter
impl SeccompFilter
sourcepub fn new(
rules: BTreeMap<i64, Vec<SeccompRule>>,
mismatch_action: SeccompAction,
match_action: SeccompAction,
target_arch: TargetArch
) -> Result<Self, Error>
pub fn new( rules: BTreeMap<i64, Vec<SeccompRule>>, mismatch_action: SeccompAction, match_action: SeccompAction, target_arch: TargetArch ) -> Result<Self, Error>
Creates a new filter with a set of rules, an on-match and default action.
Arguments
rules
- Map containing syscall numbers and their respectiveSeccompRule
s.mismatch_action
-SeccompAction
taken for all syscalls that do not match any rule.match_action
-SeccompAction
taken for system calls that match the filter.target_arch
- Target architecture of the generated BPF filter.
Example
use seccompiler::{
SeccompAction, SeccompCmpArgLen, SeccompCmpOp, SeccompCondition, SeccompFilter, SeccompRule,
};
use std::convert::TryInto;
let filter = SeccompFilter::new(
vec![
(libc::SYS_accept4, vec![]),
(
libc::SYS_fcntl,
vec![
SeccompRule::new(vec![
SeccompCondition::new(
1,
SeccompCmpArgLen::Dword,
SeccompCmpOp::Eq,
libc::F_SETFD as u64,
)
.unwrap(),
SeccompCondition::new(
2,
SeccompCmpArgLen::Dword,
SeccompCmpOp::Eq,
libc::FD_CLOEXEC as u64,
)
.unwrap(),
])
.unwrap(),
SeccompRule::new(vec![SeccompCondition::new(
1,
SeccompCmpArgLen::Dword,
SeccompCmpOp::Eq,
libc::F_GETFD as u64,
)
.unwrap()])
.unwrap(),
],
),
]
.into_iter()
.collect(),
SeccompAction::Trap,
SeccompAction::Allow,
std::env::consts::ARCH.try_into().unwrap(),
);
Trait Implementations§
source§impl Clone for SeccompFilter
impl Clone for SeccompFilter
source§fn clone(&self) -> SeccompFilter
fn clone(&self) -> SeccompFilter
Returns a copy of the value. Read more
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
Performs copy-assignment from
source
. Read moresource§impl Debug for SeccompFilter
impl Debug for SeccompFilter
source§impl PartialEq for SeccompFilter
impl PartialEq for SeccompFilter
source§fn eq(&self, other: &SeccompFilter) -> bool
fn eq(&self, other: &SeccompFilter) -> bool
This method tests for
self
and other
values to be equal, and is used
by ==
.source§impl TryFrom<SeccompFilter> for BpfProgram
impl TryFrom<SeccompFilter> for BpfProgram
impl Eq for SeccompFilter
impl StructuralEq for SeccompFilter
impl StructuralPartialEq for SeccompFilter
Auto Trait Implementations§
impl RefUnwindSafe for SeccompFilter
impl Send for SeccompFilter
impl Sync for SeccompFilter
impl Unpin for SeccompFilter
impl UnwindSafe for SeccompFilter
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more