Struct landlock::RulesetCreated
source · pub struct RulesetCreated { /* private fields */ }
Expand description
Ruleset created with Ruleset::create()
.
Implementations§
source§impl RulesetCreated
impl RulesetCreated
sourcepub fn restrict_self(self) -> Result<RestrictionStatus, RulesetError>
pub fn restrict_self(self) -> Result<RestrictionStatus, RulesetError>
Attempts to restrict the calling thread with the ruleset
according to the best-effort configuration
(see RulesetCreated::set_compatibility()
and CompatLevel::BestEffort
).
Call prctl(2)
with the PR_SET_NO_NEW_PRIVS
according to the ruleset configuration.
On error, returns a wrapped RestrictSelfError
.
sourcepub fn try_clone(&self) -> Result<Self>
pub fn try_clone(&self) -> Result<Self>
Creates a new RulesetCreated
instance by duplicating the underlying file descriptor.
Rule modification will affect both RulesetCreated
instances simultaneously.
On error, returns std::io::Error
.
Trait Implementations§
source§impl AsMut<RulesetCreated> for RulesetCreated
impl AsMut<RulesetCreated> for RulesetCreated
source§fn as_mut(&mut self) -> &mut RulesetCreated
fn as_mut(&mut self) -> &mut RulesetCreated
Converts this type into a mutable reference of the (usually inferred) input type.
source§impl Compatible for &mut RulesetCreated
impl Compatible for &mut RulesetCreated
source§fn set_compatibility(self, level: CompatLevel) -> Self
fn set_compatibility(self, level: CompatLevel) -> Self
To enable a best-effort security approach,
Landlock features that are not supported by the running system
are silently ignored by default,
which is a sane choice for most use cases.
However, on some rare circumstances,
developers may want to have some guarantees that their applications
will not run if a certain level of sandboxing is not possible.
If we really want to error out when not all our requested requirements are met,
then we can configure it with
set_compatibility()
. Read moresource§fn set_best_effort(self, best_effort: bool) -> Selfwhere
Self: Sized,
fn set_best_effort(self, best_effort: bool) -> Selfwhere
Self: Sized,
👎Deprecated: Use set_compatibility() instead
source§impl Compatible for RulesetCreated
impl Compatible for RulesetCreated
source§fn set_compatibility(self, level: CompatLevel) -> Self
fn set_compatibility(self, level: CompatLevel) -> Self
To enable a best-effort security approach,
Landlock features that are not supported by the running system
are silently ignored by default,
which is a sane choice for most use cases.
However, on some rare circumstances,
developers may want to have some guarantees that their applications
will not run if a certain level of sandboxing is not possible.
If we really want to error out when not all our requested requirements are met,
then we can configure it with
set_compatibility()
. Read moresource§fn set_best_effort(self, best_effort: bool) -> Selfwhere
Self: Sized,
fn set_best_effort(self, best_effort: bool) -> Selfwhere
Self: Sized,
👎Deprecated: Use set_compatibility() instead
source§impl Drop for RulesetCreated
impl Drop for RulesetCreated
source§impl RulesetCreatedAttr for &mut RulesetCreated
impl RulesetCreatedAttr for &mut RulesetCreated
source§fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
Attempts to add a new rule to the ruleset. Read more
source§fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
Attempts to add a set of new rules to the ruleset. Read more
source§fn set_no_new_privs(self, no_new_privs: bool) -> Self
fn set_no_new_privs(self, no_new_privs: bool) -> Self
Configures the ruleset to call
prctl(2)
with the PR_SET_NO_NEW_PRIVS
command
in restrict_self()
. Read moresource§impl RulesetCreatedAttr for RulesetCreated
impl RulesetCreatedAttr for RulesetCreated
source§fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
Attempts to add a new rule to the ruleset. Read more
source§fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
Attempts to add a set of new rules to the ruleset. Read more
source§fn set_no_new_privs(self, no_new_privs: bool) -> Self
fn set_no_new_privs(self, no_new_privs: bool) -> Self
Configures the ruleset to call
prctl(2)
with the PR_SET_NO_NEW_PRIVS
command
in restrict_self()
. Read moreAuto Trait Implementations§
impl RefUnwindSafe for RulesetCreated
impl Send for RulesetCreated
impl Sync for RulesetCreated
impl Unpin for RulesetCreated
impl UnwindSafe for RulesetCreated
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more