Struct Filter 

pub struct Filter { /* private fields */ }

The Filter is a wrapper around a SECCOMP Context.

This implementation has first-class support for the SECCOMP Notify API, but a lot of the logic needs to be implemented in the application. Firstly, implement the Notifier trait for the calling process (The one that loads the filter). Then, use a notify::Pair on the monitoring process. A working implementation of both exist in Antimony.

Examples

Load a basic rule that logs everything but read.

use seccomp::{filter::Filter, action::Action, attribute::Attribute, syscall::Syscall};
let mut filter = Filter::new(Action::Log).unwrap();
filter.set_attribute(Attribute::NoNewPrivileges(true)).unwrap();
filter.add_rule(Action::Allow, Syscall::from_name("read").unwrap()).unwrap();
filter.load();

Implementations

impl Filter

pub fn new(def_action: Action) -> Result<Self, Error>

Construct a new filter with a default action.

pub fn set_notifier(&mut self, f: impl Notifier)

Set a notifier monitor process. See the Notifier trait for more information.

pub fn set_attribute(&mut self, attr: Attribute) -> Result<(), Error>

Set an attribute.

pub fn add_rule( &mut self, action: Action, syscall: Syscall, ) -> Result<(), Error>

Add a rule. Complex rules are not supported.

pub fn write(&self, path: &Path) -> Result<OwnedFd, Error>

Write the filter to a new file with the BPF format of the filter.

pub fn setup(&mut self) -> Result<(), Error>

Execute the notifier’s setup functions. This is necessary to call before calling load().

pub fn load(self)

Loads the policy, optionally executing a Notifier function.

Note that this function treats failure as fatal. It will panic the program if the policy cannot be loaded.

Trait Implementations

impl Drop for Filter

fn drop(&mut self)

Executes the destructor for this type.

impl Send for Filter

impl Sync for Filter