libseccomp-sys-0.2.1/.cargo_vcs_info.json0000644000000001540000000000100137700ustar { "git": { "sha1": "6b30fdac43f55892a8d837c723eabab6e0e8d2c8" }, "path_in_vcs": "libseccomp-sys" }libseccomp-sys-0.2.1/Cargo.toml0000644000000014470000000000100117740ustar # THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g., crates.io) dependencies. # # If you are reading this file be aware that the original Cargo.toml # will likely look very different (and much more reasonable). # See Cargo.toml.orig for the original contents. [package] edition = "2018" name = "libseccomp-sys" version = "0.2.1" authors = ["Manabu Sugimoto "] description = "Raw FFI Bindings for the libseccomp Library" readme = "README.md" categories = ["seccomp", "api-bindings"] license = "MIT OR Apache-2.0" repository = "https://github.com/libseccomp-rs/libseccomp-rs" libseccomp-sys-0.2.1/Cargo.toml.orig000064400000000000000000000005240072674642500155000ustar 00000000000000[package] name = "libseccomp-sys" version = "0.2.1" authors = ["Manabu Sugimoto "] license = "MIT OR Apache-2.0" description = "Raw FFI Bindings for the libseccomp Library" repository = "https://github.com/libseccomp-rs/libseccomp-rs" categories = ["seccomp", "api-bindings"] edition = "2018" readme = "README.md" libseccomp-sys-0.2.1/LICENSE000064400000000000000000000002370072674642500136170ustar 00000000000000This crate is licensed under either of - "Apache License, Version 2.0, (See LICENSE-APACHE file); or - "MIT license" (See LICENSE-MIT file), at your option. libseccomp-sys-0.2.1/LICENSE-APACHE000064400000000000000000000264440072674642500145460ustar 00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.libseccomp-sys-0.2.1/LICENSE-MIT000064400000000000000000000020660072674642500142500ustar 00000000000000MIT License Copyright (c) 2021 Sony Group Corporation Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.libseccomp-sys-0.2.1/README.md000064400000000000000000000013640072674642500140730ustar 00000000000000# libseccomp-sys [![Latest release on crates.io](https://img.shields.io/crates/v/libseccomp-sys.svg)](https://crates.io/crates/libseccomp-sys) [![Documentation on docs.rs](https://docs.rs/libseccomp-sys/badge.svg)](https://docs.rs/libseccomp-sys) Low-level bindings for the libseccomp library The libseccomp-sys crate contains the raw FFI bindings to the [libseccomp library](https://github.com/seccomp/libseccomp). These low-level, mostly `unsafe` bindings are then used by the [libseccomp crate](https://crates.io/crates/libseccomp) which wraps them in a nice to use, mostly safe API. Therefore most users should not need to interact with this crate directly. ## Version information Currently, the libseccomp-sys supports libseccomp version 2.5.3. libseccomp-sys-0.2.1/build.rs000064400000000000000000000016230072674642500142570ustar 00000000000000// SPDX-License-Identifier: Apache-2.0 or MIT // // Copyright 2021 Sony Group Corporation // use std::env; const LIBSECCOMP_LIB_PATH: &str = "LIBSECCOMP_LIB_PATH"; const LIBSECCOMP_LINK_TYPE: &str = "LIBSECCOMP_LINK_TYPE"; fn main() -> Result<(), Box> { println!("cargo:rerun-if-env-changed={}", LIBSECCOMP_LIB_PATH); println!("cargo:rerun-if-env-changed={}", LIBSECCOMP_LINK_TYPE); if let Ok(path) = env::var(LIBSECCOMP_LIB_PATH) { println!("cargo:rustc-link-search=native={}", path); } let link_type = match env::var(LIBSECCOMP_LINK_TYPE) { Ok(link_type) if link_type == "framework" => { return Err("Seccomp is a Linux specific technology".into()); } Ok(link_type) => link_type, // static or dylib Err(_) => String::from("dylib"), }; println!("cargo:rustc-link-lib={}=seccomp", link_type); Ok(()) } libseccomp-sys-0.2.1/src/lib.rs000064400000000000000000000626350072674642500145270ustar 00000000000000// SPDX-License-Identifier: Apache-2.0 or MIT // // Copyright 2021 Sony Group Corporation // #![allow(non_camel_case_types)] #![allow(non_snake_case)] //! Raw FFI bindings for libseccomp library use std::os::raw::*; pub const SECCOMP_MODE_DISABLED: u64 = 0; pub const SECCOMP_MODE_STRICT: u64 = 1; pub const SECCOMP_MODE_FILTER: u64 = 2; pub const SECCOMP_SET_MODE_STRICT: u32 = 0; pub const SECCOMP_SET_MODE_FILTER: u32 = 1; pub const SECCOMP_GET_ACTION_AVAIL: u32 = 2; pub const SECCOMP_GET_NOTIF_SIZES: u32 = 3; pub const SECCOMP_FILTER_FLAG_TSYNC: u32 = 1; pub const SECCOMP_FILTER_FLAG_LOG: u32 = 2; pub const SECCOMP_FILTER_FLAG_SPEC_ALLOW: u32 = 4; pub const SECCOMP_FILTER_FLAG_NEW_LISTENER: u32 = 8; pub const SECCOMP_FILTER_FLAG_TSYNC_ESRCH: u32 = 16; pub const SECCOMP_RET_KILL_PROCESS: u32 = 0x80000000; pub const SECCOMP_RET_KILL_THREAD: u32 = 0x00000000; pub const SECCOMP_RET_KILL: u32 = SECCOMP_RET_KILL_THREAD; pub const SECCOMP_RET_TRAP: u32 = 0x00030000; pub const SECCOMP_RET_ERRNO: u32 = 0x00050000; pub const SECCOMP_RET_USER_NOTIF: u32 = 0x7fc00000; pub const SECCOMP_RET_TRACE: u32 = 0x7ff00000; pub const SECCOMP_RET_LOG: u32 = 0x7ffc0000; pub const SECCOMP_RET_ALLOW: u32 = 0x7fff0000; pub const SECCOMP_RET_ACTION_FULL: u32 = 0xffff0000; pub const SECCOMP_RET_ACTION: u32 = 0x7fff0000; pub const SECCOMP_RET_DATA: u32 = 0x0000ffff; #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct seccomp_data { pub nr: c_int, pub arch: u32, pub instruction_pointer: u64, pub args: [u64; 6], } #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct seccomp_notif_sizes { pub seccomp_notif: u16, pub seccomp_notif_resp: u16, pub seccomp_data: u16, } #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct seccomp_notif { pub id: u64, pub pid: u32, pub flags: u32, pub data: seccomp_data, } /// Tell the kernel to execute the target's system call /// /// `linux/seccomp.h`: /// /// > Note, the `SECCOMP_USER_NOTIF_FLAG_CONTINUE` flag must be used with caution! /// > If set by the process supervising the syscalls of another process the /// > syscall will continue. This is problematic because of an inherent TOCTOU. /// > An attacker can exploit the time while the supervised process is waiting on /// > a response from the supervising process to rewrite syscall arguments which /// > are passed as pointers of the intercepted syscall. /// > It should be absolutely clear that this means that the seccomp notifier /// > _cannot_ be used to implement a security policy! It should only ever be used /// > in scenarios where a more privileged process supervises the syscalls of a /// > lesser privileged process to get around kernel-enforced security /// > restrictions when the privileged process deems this safe. In other words, /// > in order to continue a syscall the supervising process should be sure that /// > another security mechanism or the kernel itself will sufficiently block /// > syscalls if arguments are rewritten to something unsafe. /// > /// > Similar precautions should be applied when stacking `SECCOMP_RET_USER_NOTIF` /// > or `SECCOMP_RET_TRACE`. For `SECCOMP_RET_USER_NOTIF` filters acting on the /// > same syscall, the most recently added filter takes precedence. This means /// > that the new `SECCOMP_RET_USER_NOTIF` filter can override any /// > `SECCOMP_IOCTL_NOTIF_SEND` from earlier filters, essentially allowing all /// > such filtered syscalls to be executed by sending the response /// > `SECCOMP_USER_NOTIF_FLAG_CONTINUE`. Note that `SECCOMP_RET_TRACE` can equally /// > be overriden by `SECCOMP_USER_NOTIF_FLAG_CONTINUE`. pub const SECCOMP_USER_NOTIF_FLAG_CONTINUE: u32 = 1; #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct seccomp_notif_resp { pub id: u64, pub val: i64, pub error: i32, pub flags: u32, } pub const SECCOMP_ADDFD_FLAG_SETFD: u32 = 1; pub const SECCOMP_ADDFD_FLAG_SEND: u32 = 2; #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct seccomp_notif_addfd { pub id: u64, pub flags: u32, pub srcfd: u32, pub newfd: u32, pub newfd_flags: u32, } /// version information #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct scmp_version { pub major: c_uint, pub minor: c_uint, pub micro: c_uint, } /// Filter context/handle (`*mut`) pub type scmp_filter_ctx = *mut c_void; /// Filter context/handle (`*const`) pub type const_scmp_filter_ctx = *const c_void; /// Filter attributes #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub enum scmp_filter_attr { _SCMP_FLTATR_MIN = 0, /// default filter action SCMP_FLTATR_ACT_DEFAULT = 1, /// bad architecture action SCMP_FLTATR_ACT_BADARCH = 2, /// set `NO_NEW_PRIVS` on filter load SCMP_FLTATR_CTL_NNP = 3, /// sync threads on filter load SCMP_FLTATR_CTL_TSYNC = 4, /// allow rules with a -1 syscall SCMP_FLTATR_API_TSKIP = 5, /// log not-allowed actions SCMP_FLTATR_CTL_LOG = 6, /// disable SSB mitigation SCMP_FLTATR_CTL_SSB = 7, /// filter optimization level: /// - 0: currently unused /// - 1: rules weighted by priority and complexity (DEFAULT) /// - 2: binary tree sorted by syscall number SCMP_FLTATR_CTL_OPTIMIZE = 8, /// return the system return codes SCMP_FLTATR_API_SYSRAWRC = 9, _SCMP_FLTATR_MAX, } /// Comparison operators #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub enum scmp_compare { _SCMP_CMP_MIN = 0, /// not equal SCMP_CMP_NE = 1, /// less than SCMP_CMP_LT = 2, /// less than or equal SCMP_CMP_LE = 3, /// equal SCMP_CMP_EQ = 4, /// greater than or equal SCMP_CMP_GE = 5, /// greater than SCMP_CMP_GT = 6, /// masked equality SCMP_CMP_MASKED_EQ = 7, _SCMP_CMP_MAX, } /// Argument datum pub type scmp_datum_t = u64; /// Argument / Value comparison definition #[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] #[repr(C)] pub struct scmp_arg_cmp { /// argument number, starting at 0 pub arg: c_uint, /// the comparison op, e.g. `SCMP_CMP_*` pub op: scmp_compare, pub datum_a: scmp_datum_t, pub datum_b: scmp_datum_t, } /// The native architecture token pub const SCMP_ARCH_NATIVE: u32 = 0x0; /// The x86 (32-bit) architecture token pub const SCMP_ARCH_X86: u32 = 0x40000003; /// The x86-64 (64-bit) architecture token pub const SCMP_ARCH_X86_64: u32 = 0xc000003e; /// The x32 (32-bit x86_64) architecture token /// /// NOTE: this is different from the value used by the kernel because libseccomp need to /// be able to distinguish between x32 and x86_64 pub const SCMP_ARCH_X32: u32 = 0x4000003e; pub const SCMP_ARCH_ARM: u32 = 0x40000028; pub const SCMP_ARCH_AARCH64: u32 = 0xc00000b7; pub const SCMP_ARCH_MIPS: u32 = 0x8; pub const SCMP_ARCH_MIPS64: u32 = 0x80000008; pub const SCMP_ARCH_MIPS64N32: u32 = 0xa0000008; pub const SCMP_ARCH_MIPSEL: u32 = 0x40000008; pub const SCMP_ARCH_MIPSEL64: u32 = 0xc0000008; pub const SCMP_ARCH_MIPSEL64N32: u32 = 0xe0000008; pub const SCMP_ARCH_PPC: u32 = 0x14; pub const SCMP_ARCH_PPC64: u32 = 0x80000015; pub const SCMP_ARCH_PPC64LE: u32 = 0xc0000015; pub const SCMP_ARCH_S390: u32 = 0x16; pub const SCMP_ARCH_S390X: u32 = 0x80000016; pub const SCMP_ARCH_PARISC: u32 = 0xf; pub const SCMP_ARCH_PARISC64: u32 = 0x8000000f; pub const SCMP_ARCH_RISCV64: u32 = 0xc00000f3; pub const SCMP_ACT_MASK: u32 = SECCOMP_RET_ACTION_FULL; /// Kill the process pub const SCMP_ACT_KILL_PROCESS: u32 = 0x80000000; /// Kill the thread pub const SCMP_ACT_KILL_THREAD: u32 = 0x00000000; /// Kill the thread, defined for backward compatibility pub const SCMP_ACT_KILL: u32 = SCMP_ACT_KILL_THREAD; /// Throw a `SIGSYS` signal pub const SCMP_ACT_TRAP: u32 = 0x00030000; /// Notifies userspace pub const SCMP_ACT_NOTIFY: u32 = 0x7fc00000; pub const SCMP_ACT_ERRNO_MASK: u32 = 0x00050000; /// Return the specified error code #[must_use] pub const fn SCMP_ACT_ERRNO(x: u16) -> u32 { SCMP_ACT_ERRNO_MASK | x as u32 } pub const SCMP_ACT_TRACE_MASK: u32 = 0x7ff00000; /// Notify a tracing process with the specified value #[must_use] pub const fn SCMP_ACT_TRACE(x: u16) -> u32 { SCMP_ACT_TRACE_MASK | x as u32 } /// Allow the syscall to be executed after the action has been logged pub const SCMP_ACT_LOG: u32 = 0x7ffc0000; /// Allow the syscall to be executed pub const SCMP_ACT_ALLOW: u32 = 0x7fff0000; #[link(name = "seccomp")] extern "C" { /// Query the library version information /// /// This function returns a pointer to a populated [`scmp_version`] struct, the /// caller does not need to free the structure when finished. pub fn seccomp_version() -> *const scmp_version; /// Query the library's level of API support /// /// This function returns an API level value indicating the current supported /// functionality. It is important to note that this level of support is /// determined at runtime and therefore can change based on the running kernel /// and system configuration (e.g. any previously loaded seccomp filters). This /// function can be called multiple times, but it only queries the system the /// first time it is called, the API level is cached and used in subsequent /// calls. /// /// The current API levels are described below: /// - 0 /// - reserved /// - 1 /// - base level /// - 2 /// - support for the [`SCMP_FLTATR_CTL_TSYNC`](scmp_filter_attr::SCMP_FLTATR_CTL_TSYNC) filter attribute /// - uses the [`seccomp(2)`] syscall instead of the [`prctl(2)`] syscall /// - 3 /// - support for the [`SCMP_FLTATR_CTL_LOG`](scmp_filter_attr::SCMP_FLTATR_CTL_LOG) filter attribute /// - support for the [`SCMP_ACT_LOG`] action /// - support for the [`SCMP_ACT_KILL_PROCESS`] action /// - 4 /// - support for the [`SCMP_FLTATR_CTL_SSB`](scmp_filter_attr::SCMP_FLTATR_CTL_SSB) filter attrbute /// - 5 /// - support for the [`SCMP_ACT_NOTIFY`] action and notify APIs /// - 6 /// - support the simultaneous use of [`SCMP_FLTATR_CTL_TSYNC`](scmp_filter_attr::SCMP_FLTATR_CTL_TSYNC) and notify APIs /// /// [`seccomp(2)`]: https://man7.org/linux/man-pages/man2/seccomp.2.html /// [`prctl(2)`]: https://man7.org/linux/man-pages/man2/prctl.2.html pub fn seccomp_api_get() -> c_uint; /// Set the library's level of API support /// /// This function forcibly sets the API level of the library at runtime. Valid /// API levels are discussed in the description of the [`seccomp_api_get()`] /// function. General use of this function is strongly discouraged. pub fn seccomp_api_set(level: c_uint) -> c_int; /// Initialize the filter state /// /// - `def_action`: the default filter action /// /// This function initializes the internal seccomp filter state and should /// be called before any other functions in this library to ensure the filter /// state is initialized. Returns a filter context on success, `ptr::null()` on failure. pub fn seccomp_init(def_action: u32) -> scmp_filter_ctx; /// Reset the filter state /// /// - `ctx`: the filter context /// - `def_action`: the default filter action /// /// This function resets the given seccomp filter state and ensures the /// filter state is reinitialized. This function does not reset any seccomp /// filters already loaded into the kernel. Returns zero on success, negative /// values on failure. pub fn seccomp_reset(ctx: scmp_filter_ctx, def_action: u32) -> c_int; /// Destroys the filter state and releases any resources /// /// - `ctx`: the filter context /// /// This functions destroys the given seccomp filter state and releases any /// resources, including memory, associated with the filter state. This /// function does not reset any seccomp filters already loaded into the kernel. /// The filter context can no longer be used after calling this function. pub fn seccomp_release(ctx: scmp_filter_ctx); /// Merge two filters /// /// - `ctx_dst`: the destination filter context /// - `ctx_src`: the source filter context /// /// This function merges two filter contexts into a single filter context and /// destroys the second filter context. The two filter contexts must have the /// same attribute values and not contain any of the same architectures; if they /// do, the merge operation will fail. On success, the source filter context /// will be destroyed and should no longer be used; it is not necessary to /// call [`seccomp_release()`] on the source filter context. Returns zero on /// success, negative values on failure. pub fn seccomp_merge(ctx_dst: scmp_filter_ctx, ctx_src: scmp_filter_ctx) -> c_int; /// Resolve the architecture name to a architecture token /// /// - `arch_name`: the architecture name /// /// This function resolves the given architecture name to a token suitable for /// use with libseccomp, returns zero on failure. pub fn seccomp_arch_resolve_name(arch_name: *const c_char) -> u32; /// Return the native architecture token /// /// This function returns the native architecture token value, e.g. `SCMP_ARCH_*`. pub fn seccomp_arch_native() -> u32; /// Check to see if an existing architecture is present in the filter /// /// - `ctx`: the filter context /// - `arch_token`: the architecture token, e.g. `SCMP_ARCH_*` /// /// This function tests to see if a given architecture is included in the filter /// context. If the architecture token is [`SCMP_ARCH_NATIVE`] then the native /// architecture will be assumed. Returns zero if the architecture exists in /// the filter, `-libc::EEXIST` if it is not present, and other negative values on /// failure. pub fn seccomp_arch_exist(ctx: const_scmp_filter_ctx, arch_token: u32) -> c_int; /// Adds an architecture to the filter /// /// - `ctx`: the filter context /// - `arch_token`: the architecture token, e.g. `SCMP_ARCH_*` /// /// This function adds a new architecture to the given seccomp filter context. /// Any new rules added after this function successfully returns will be added /// to this architecture but existing rules will not be added to this /// architecture. If the architecture token is [`SCMP_ARCH_NATIVE`] then the native /// architecture will be assumed. Returns zero on success, `-libc::EEXIST` if /// specified architecture is already present, other negative values on failure. pub fn seccomp_arch_add(ctx: scmp_filter_ctx, arch_token: u32) -> c_int; /// Removes an architecture from the filter /// /// - `ctx`: the filter context /// - `arch_token`: the architecture token, e.g. `SCMP_ARCH_*` /// /// This function removes an architecture from the given seccomp filter context. /// If the architecture token is [`SCMP_ARCH_NATIVE`] then the native architecture /// will be assumed. Returns zero on success, negative values on failure. pub fn seccomp_arch_remove(ctx: scmp_filter_ctx, arch_token: u32) -> c_int; /// Loads the filter into the kernel /// /// - `ctx`: the filter context /// /// This function loads the given seccomp filter context into the kernel. If /// the filter was loaded correctly, the kernel will be enforcing the filter /// when this function returns. Returns zero on success, negative values on /// error. pub fn seccomp_load(ctx: const_scmp_filter_ctx) -> c_int; /// Set the value of a filter attribute /// /// - `ctx`: the filter context /// - `attr`: the filter attribute name /// - `value`: the filter attribute value /// /// This function fetches the value of the given attribute name and returns it /// via `value`. Returns zero on success, negative values on failure. pub fn seccomp_attr_get( ctx: const_scmp_filter_ctx, attr: scmp_filter_attr, value: *mut u32, ) -> c_int; /// Set the value of a filter attribute /// /// - `ctx`: the filter context /// - `attr`: the filter attribute name /// - `value`: the filter attribute value /// /// This function sets the value of the given attribute. Returns zero on /// success, negative values on failure. pub fn seccomp_attr_set(ctx: scmp_filter_ctx, attr: scmp_filter_attr, value: u32) -> c_int; /// Resolve a syscall number to a name /// /// - `arch_token`: the architecture token, e.g. `SCMP_ARCH_*` /// - `num`: the syscall number /// /// Resolve the given syscall number to the syscall name for the given /// architecture; it is up to the caller to free the returned string. Returns /// the syscall name on success, `ptr::null()` on failure pub fn seccomp_syscall_resolve_num_arch(arch_token: u32, num: c_int) -> *const c_char; /// Resolve a syscall name to a number /// /// - `arch_token`: the architecture token, e.g. `SCMP_ARCH_*` /// - `name`: the syscall name /// /// Resolve the given syscall name to the syscall number for the given /// architecture. Returns the syscall number on success, including negative /// pseudo syscall numbers (e.g. `__PNR_*`); returns [`__NR_SCMP_ERROR`] on failure. pub fn seccomp_syscall_resolve_name_arch(arch_token: u32, name: *const c_char) -> c_int; /// Resolve a syscall name to a number and perform any rewriting necessary /// /// - `arch_token`: the architecture token, e.g. `SCMP_ARCH_*` /// - `name`: the syscall name /// /// Resolve the given syscall name to the syscall number for the given /// architecture and do any necessary syscall rewriting needed by the /// architecture. Returns the syscall number on success, including negative /// pseudo syscall numbers (e.g. `__PNR_*`); returns [`__NR_SCMP_ERROR`] on failure. pub fn seccomp_syscall_resolve_name_rewrite(arch_token: u32, name: *const c_char) -> c_int; /// Resolve a syscall name to a number /// /// - `name`: the syscall name /// /// Resolve the given syscall name to the syscall number. Returns the syscall /// number on success, including negative pseudo syscall numbers (e.g. `__PNR_*`); /// returns [`__NR_SCMP_ERROR`] on failure. pub fn seccomp_syscall_resolve_name(name: *const c_char) -> c_int; /// Set the priority of a given syscall /// /// - `ctx`: the filter context /// - `syscall`: the syscall number /// - `priority`: priority value, higher value == higher priority /// /// This function sets the priority of the given syscall; this value is used /// when generating the seccomp filter code such that higher priority syscalls /// will incur less filter code overhead than the lower priority syscalls in the /// filter. Returns zero on success, negative values on failure. pub fn seccomp_syscall_priority(ctx: scmp_filter_ctx, syscall: c_int, priority: u8) -> c_int; /// Add a new rule to the filter /// /// - `ctx`: the filter context /// - `action`: the filter action /// - `syscall`: the syscall number /// - `arg_cnt`: the number of argument filters in the argument filter chain /// - `...`: [`scmp_arg_cmp`] structs /// /// This function adds a series of new argument/value checks to the seccomp /// filter for the given syscall; multiple argument/value checks can be /// specified and they will be chained together (AND'd together) in the filter. /// If the specified rule needs to be adjusted due to architecture specifics it /// will be adjusted without notification. Returns zero on success, negative /// values on failure. pub fn seccomp_rule_add( ctx: scmp_filter_ctx, action: u32, syscall: c_int, arg_cnt: c_uint, ... ) -> c_int; /// Add a new rule to the filter /// /// - `ctx`: the filter context /// - `action`: the filter action /// - `syscall`: the syscall number /// - `arg_cnt`: the number of elements in the arg_array parameter /// - `arg_array`: array of [`scmp_arg_cmp`] structs /// /// This function adds a series of new argument/value checks to the seccomp /// filter for the given syscall; multiple argument/value checks can be /// specified and they will be chained together (AND'd together) in the filter. /// If the specified rule needs to be adjusted due to architecture specifics it /// will be adjusted without notification. Returns zero on success, negative /// values on failure. pub fn seccomp_rule_add_array( ctx: scmp_filter_ctx, action: u32, syscall: c_int, arg_cnt: c_uint, arg_array: *const scmp_arg_cmp, ) -> c_int; /// Add a new rule to the filter /// /// - `ctx`: the filter context /// - `action`: the filter action /// - `syscall`: the syscall number /// - `arg_cnt`: the number of argument filters in the argument filter chain /// - `...`: [`scmp_arg_cmp`] structs /// /// This function adds a series of new argument/value checks to the seccomp /// filter for the given syscall; multiple argument/value checks can be /// specified and they will be chained together (AND'd together) in the filter. /// If the specified rule can not be represented on the architecture the /// function will fail. Returns zero on success, negative values on failure. pub fn seccomp_rule_add_exact( ctx: scmp_filter_ctx, action: u32, syscall: c_int, arg_cnt: c_uint, ... ) -> c_int; /// Add a new rule to the filter /// /// - `ctx`: the filter context /// - `action`: the filter action /// - `syscall`: the syscall number /// - `arg_cnt`: the number of elements in the arg_array parameter /// - `arg_array`: array of scmp_arg_cmp structs /// /// This function adds a series of new argument/value checks to the seccomp /// filter for the given syscall; multiple argument/value checks can be /// specified and they will be chained together (AND'd together) in the filter. /// If the specified rule can not be represented on the architecture the /// function will fail. Returns zero on success, negative values on failure. pub fn seccomp_rule_add_exact_array( ctx: scmp_filter_ctx, action: u32, syscall: c_int, arg_cnt: c_uint, arg_array: *const scmp_arg_cmp, ) -> c_int; /// Allocate a pair of notification request/response structures /// /// - `req`: the request location /// - `resp`: the response location /// /// This function allocates a pair of request/response structure by computing /// the correct sized based on the currently running kernel. It returns zero on /// success, and negative values on failure. pub fn seccomp_notify_alloc( req: *mut *mut seccomp_notif, resp: *mut *mut seccomp_notif_resp, ) -> c_int; /// Free a pair of notification request/response structures. /// /// - `req`: the request location /// - `resp`: the response location pub fn seccomp_notify_free(req: *mut seccomp_notif, resp: *mut seccomp_notif_resp) -> c_int; /// Send a notification response to a seccomp notification fd /// /// - `fd`: the notification fd /// - `resp`: the response buffer to use /// /// Sends a notification response on this fd. This function is thread safe /// (synchronization is performed in the kernel). Returns zero on success, /// negative values on error. pub fn seccomp_notify_receive(fd: c_int, req: *mut seccomp_notif) -> c_int; /// Check if a notification id is still valid /// /// - `fd`: the notification fd /// - `id`: the id to test /// /// Checks to see if a notification id is still valid. Returns 0 on success, and /// negative values on failure. pub fn seccomp_notify_respond(fd: c_int, resp: *mut seccomp_notif_resp) -> c_int; /// Check if a notification id is still valid /// /// - `fd`: the notification fd /// - `id`: the id to test /// /// Checks to see if a notification id is still valid. Returns 0 on success, and /// negative values on failure. pub fn seccomp_notify_id_valid(fd: c_int, id: u64) -> c_int; /// Return the notification fd from a filter that has already been loaded /// /// - `ctx`: the filter context /// /// This returns the listener fd that was generated when the seccomp policy was /// loaded. This is only valid after [`seccomp_load()`] with a filter that makes /// use of [`SCMP_ACT_NOTIFY`]. pub fn seccomp_notify_fd(ctx: const_scmp_filter_ctx) -> c_int; /// Generate seccomp Pseudo Filter Code (PFC) and export it to a file /// /// - `ctx`: the filter context /// - `fd`: the destination fd /// /// This function generates seccomp Pseudo Filter Code (PFC) and writes it to /// the given fd. Returns zero on success, negative values on failure. pub fn seccomp_export_pfc(ctx: const_scmp_filter_ctx, fd: c_int) -> c_int; /// Generate seccomp Berkley Packet Filter (BPF) code and export it to a file /// /// - `ctx`: the filter context /// - `fd`: the destination fd /// /// This function generates seccomp Berkley Packer Filter (BPF) code and writes /// it to the given fd. Returns zero on success, negative values on failure. pub fn seccomp_export_bpf(ctx: const_scmp_filter_ctx, fd: c_int) -> c_int; } /// Negative pseudo syscall number returned by some functions in case of an error pub const __NR_SCMP_ERROR: c_int = -1; pub const __NR_SCMP_UNDEF: c_int = -2;