Skip to main content

RulesetCreatedAttr

landlock

Trait RulesetCreatedAttr 

Source 
pub trait RulesetCreatedAttr:
    Sized
    + AsMut<RulesetCreated>
    + Compatible
    + RestrictSelfAttr {
    // Provided methods
    fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
       where T: Rule<U>,
             U: HandledAccess + PrivateHandledAccess { ... }
    fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
       where I: IntoIterator<Item = Result<T, E>>,
             T: Rule<U>,
             U: HandledAccess + PrivateHandledAccess,
             E: From<RulesetError> { ... }
    fn no_new_privs(self, yes: bool) -> Self { ... }
    fn set_no_new_privs(self, yes: bool) -> Self { ... }
    fn log_same_exec(self, set: bool) -> Result<Self, RulesetError> { ... }
    fn log_new_exec(self, set: bool) -> Result<Self, RulesetError> { ... }
}

Provided Methods§

Source

fn add_rule<T, U>(self, rule: T) -> Result<Self, RulesetError>
where T: Rule<U>, U: HandledAccess + PrivateHandledAccess,

Attempts to add a new rule to the ruleset.

On error, returns a wrapped AddRulesError.

Source

fn add_rules<I, T, U, E>(self, rules: I) -> Result<Self, E>
where I: IntoIterator<Item = Result<T, E>>, T: Rule<U>, U: HandledAccess + PrivateHandledAccess, E: From<RulesetError>,

Attempts to add a set of new rules to the ruleset.

On error, returns a (double) wrapped AddRulesError.

§Example

Create a custom iterator to read paths from environment variable.

use landlock::{
    Access, AccessFs, BitFlags, PathBeneath, PathFd, PathFdError, RestrictionStatus, Ruleset,
    RulesetAttr, RulesetCreatedAttr, RulesetError, ABI,
};
use std::env;
use std::ffi::OsStr;
use std::os::unix::ffi::{OsStrExt, OsStringExt};
use thiserror::Error;

#[derive(Debug, Error)]
enum PathEnvError<'a> {
    #[error(transparent)]
    Ruleset(#[from] RulesetError),
    #[error(transparent)]
    AddRuleIter(#[from] PathFdError),
    #[error("missing environment variable {0}")]
    MissingVar(&'a str),
}

struct PathEnv {
    paths: Vec<u8>,
    access: BitFlags<AccessFs>,
}

impl PathEnv {
    // env_var is the name of an environment variable
    // containing paths requested to be allowed.
    // Paths are separated with ":", e.g. "/bin:/lib:/usr:/proc".
    // In case an empty string is provided,
    // no restrictions are applied.
    // `access` is the set of access rights allowed for each of the parsed paths.
    fn new<'a>(
        env_var: &'a str, access: BitFlags<AccessFs>
    ) -> Result<Self, PathEnvError<'a>> {
        Ok(Self {
            paths: env::var_os(env_var)
                .ok_or(PathEnvError::MissingVar(env_var))?
                .into_vec(),
            access,
        })
    }

    fn iter(
        &self,
    ) -> impl Iterator<Item = Result<PathBeneath<PathFd>, PathEnvError<'static>>> + '_ {
        let is_empty = self.paths.is_empty();
        self.paths
            .split(|b| *b == b':')
            // Skips the first empty element from of an empty string.
            .skip_while(move |_| is_empty)
            .map(OsStr::from_bytes)
            .map(move |path|
                Ok(PathBeneath::new(PathFd::new(path)?, self.access)))
    }
}

fn restrict_env() -> Result<RestrictionStatus, PathEnvError<'static>> {
    Ok(Ruleset::default()
        .handle_access(AccessFs::from_all(ABI::V1))?
        .create()?
        // In the shell: export EXECUTABLE_PATH="/usr:/bin:/sbin"
        .add_rules(PathEnv::new("EXECUTABLE_PATH", AccessFs::Execute.into())?.iter())?
        .restrict_self()?)
}
Source

fn no_new_privs(self, yes: bool) -> Self

Configures the ruleset to call prctl(2) with the PR_SET_NO_NEW_PRIVS command in restrict_self().

This prctl(2) call is never ignored, even if an error was encountered on a Ruleset or RulesetCreated method call while CompatLevel::SoftRequirement was set.

Source

fn set_no_new_privs(self, yes: bool) -> Self

👎Deprecated: Use no_new_privs() instead.

Alias for no_new_privs().

Source

fn log_same_exec(self, set: bool) -> Result<Self, RulesetError>

Controls logging of denied accesses for the creating thread and its children running the same executable (before execve(2)). Logging is enabled by default. See kernel documentation.

Calling with false sets the LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF flag. Calling with true is a no-op (the default behavior).

This setter only applies when restricting with a domain.

On error, returns a wrapped SyscallFlagError<RestrictSelfFlag>.

Source

fn log_new_exec(self, set: bool) -> Result<Self, RulesetError>

Controls logging of denied accesses after an execve(2) call. Logging is disabled by default. See kernel documentation.

Calling with true sets the LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON flag. Calling with false is a no-op (the default behavior).

This setter only applies when restricting with a domain.

On error, returns a wrapped SyscallFlagError<RestrictSelfFlag>.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§