Expand description
Simple seccomp library for rust. Please note that the syscall list is incomplete and you might need to send a PR to get your syscalls included. This crate releases frequently if the syscall list has been updated.
§Example
use syscallz::{Context, Syscall, Action};
fn main() -> syscallz::Result<()> {
// The default action if no other rule matches is syscallz::DEFAULT_KILL
// For a different default use `Context::init_with_action`
let mut ctx = Context::init()?;
// Allow-list some syscalls
ctx.allow_syscall(Syscall::open);
ctx.allow_syscall(Syscall::getpid);
// Set a specific action for a syscall
ctx.set_action_for_syscall(Action::Errno(1), Syscall::execve);
// Enforce the seccomp filter
ctx.load()?;
Ok(())
}Structs§
- Comparator
- A compare rule to restrict an argument syscall
- Context
- The context to configure and enforce seccomp rules
- Error
- The error type
Enums§
- Action
- The action to execute if a rule matches
- Cmp
- An enum for
!=,<,<=,==,>=,> - Syscall
- An enum of all syscalls
Constants§
- DEFAULT_
KILL - The default kill action, defaults to KillProcess on supported libseccomp versions and falls back to KillThread otherwise
Type Aliases§
- Result
- A type wrapper around
Result<T, syscallz::Error>