Crates.io | cap-std |
lib.rs | cap-std |
version | |
source | src |
created_at | 2020-06-25 21:01:04.347897 |
updated_at | 2024-12-04 01:51:31.646608 |
description | Capability-based version of the Rust standard library |
homepage | |
repository | https://github.com/bytecodealliance/cap-std |
max_upload_size | |
id | 258181 |
Cargo.toml error: | TOML parse error at line 21, column 1 | 21 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
size | 0 |
This crate provides a capability-based version of std
, providing
sandboxed filesystem, networking, and clock APIs. See the toplevel README.md
for more information about sandboxing using capability-based security.
The filesystem module cap_std::fs
, the networking module cap_std::net
,
and the time module cap_std::time
currently support Linux, macOS, FreeBSD,
and Windows. WASI support is in development, though not yet usable.
Example usage of Dir
for filesystem access:
use std::io;
use cap_std::fs::Dir;
/// Open files relative to `dir`.
fn dir_example(dir: &Dir) -> io::Result<()> {
// This works (assuming symlinks don't lead outside of `dir`).
let file = dir.open("the/thing.txt")?;
// This fails, since `..` leads outside of `dir`.
let hidden = dir.open("../hidden.txt")?;
// This fails, as creating symlinks to absolute paths is not permitted.
dir.symlink("/hidden.txt", "misdirection.txt")?;
// However, even if the symlink had succeeded, or, if there is a
// pre-existing symlink to an absolute directory, following a
// symlink which would lead outside the sandbox also fails.
let secret = dir.open("misdirection.txt")?;
Ok(())
}
Example usage of Pool
for network access:
use std::io;
use cap_std::net::Pool;
/// Open network addresses within `pool`.
fn pool_example(pool: &Pool) -> io::Result<()> {
// Connect to an address. This succeeds only if the given address and
// port are present in `pool`.
let stream = pool.connect_tcp_stream("localhost:3333")?;
Ok(())
}