pub struct RulesetCreated { /* private fields */ }
Expand description

Ruleset created with Ruleset::create().

Implementations§

source§

impl RulesetCreated

source

pub fn restrict_self(self) -> Result<RestrictionStatus, RulesetError>

Attempts to restrict the calling thread with the ruleset according to the best-effort configuration (see RulesetCreated::set_compatibility() and CompatLevel::BestEffort). Call prctl(2) with the PR_SET_NO_NEW_PRIVS according to the ruleset configuration.

On error, returns a wrapped RestrictSelfError.

source

pub fn try_clone(&self) -> Result<Self>

Creates a new RulesetCreated instance by duplicating the underlying file descriptor. Rule modification will affect both RulesetCreated instances simultaneously.

On error, returns std::io::Error.

Trait Implementations§

source§

impl AsMut<RulesetCreated> for RulesetCreated

source§

fn as_mut(&mut self) -> &mut RulesetCreated

Converts this type into a mutable reference of the (usually inferred) input type.
source§

impl Compatible for &mut RulesetCreated

source§

fn set_compatibility(self, level: CompatLevel) -> Self

To enable a best-effort security approach, Landlock features that are not supported by the running system are silently ignored by default, which is a sane choice for most use cases. However, on some rare circumstances, developers may want to have some guarantees that their applications will not run if a certain level of sandboxing is not possible. If we really want to error out when not all our requested requirements are met, then we can configure it with set_compatibility(). Read more
source§

fn set_best_effort(self, best_effort: bool) -> Self
where Self: Sized,

👎Deprecated: Use set_compatibility() instead
source§

impl Compatible for RulesetCreated

source§

fn set_compatibility(self, level: CompatLevel) -> Self

To enable a best-effort security approach, Landlock features that are not supported by the running system are silently ignored by default, which is a sane choice for most use cases. However, on some rare circumstances, developers may want to have some guarantees that their applications will not run if a certain level of sandboxing is not possible. If we really want to error out when not all our requested requirements are met, then we can configure it with set_compatibility(). Read more
source§

fn set_best_effort(self, best_effort: bool) -> Self
where Self: Sized,

👎Deprecated: Use set_compatibility() instead
source§

impl Drop for RulesetCreated

source§

fn drop(&mut self)

Executes the destructor for this type. Read more
source§

impl RulesetCreatedAttr for &mut RulesetCreated

source§

fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
where T: Rule<U>, U: Access,

Attempts to add a new rule to the ruleset. Read more
source§

fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
where I: IntoIterator<Item = Result<T, E>>, T: Rule<U>, U: Access, E: From<RulesetError>,

Attempts to add a set of new rules to the ruleset. Read more
source§

fn set_no_new_privs(self, no_new_privs: bool) -> Self

Configures the ruleset to call prctl(2) with the PR_SET_NO_NEW_PRIVS command in restrict_self(). Read more
source§

impl RulesetCreatedAttr for RulesetCreated

source§

fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
where T: Rule<U>, U: Access,

Attempts to add a new rule to the ruleset. Read more
source§

fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
where I: IntoIterator<Item = Result<T, E>>, T: Rule<U>, U: Access, E: From<RulesetError>,

Attempts to add a set of new rules to the ruleset. Read more
source§

fn set_no_new_privs(self, no_new_privs: bool) -> Self

Configures the ruleset to call prctl(2) with the PR_SET_NO_NEW_PRIVS command in restrict_self(). Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.