pledge

Crates.iopledge
lib.rspledge
version0.4.2
sourcesrc
created_at2016-09-04 17:41:56.310838
updated_at2021-06-16 18:00:16.86361
descriptionRust binding to OpenBSD's pledge(2) interface
homepage
repositoryhttps://github.com/i80and/pledge-rs
max_upload_size
id6236
size14,808
Delan Azabani (delan)

documentation

https://docs.rs/pledge/

README

pledge-rs

MIT licensed crates.io

A Rust binding to OpenBSD's pledge(2) interface.

Usage

/* Rust 2015 only */ #[macro_use] extern crate pledge;
/* Rust 2018 only */ use pledge::{pledge, pledge_promises, pledge_execpromises};

fn foo() {
    // make both promises and execpromises
    pledge![Stdio Proc Exec, Stdio Tty].unwrap();

    // make promises only
    pledge_promises![Stdio Exec].unwrap();

    // make execpromises only
    pledge_execpromises![Stdio].unwrap();
}

This is roughly equivalent to:

/* Rust 2015 only */ extern crate pledge;
use pledge::{pledge, Promise, ToPromiseString};

fn foo() {
    // make both promises and execpromises
    let promises = vec![Promise::Stdio, Promise::Proc, Promise::Exec];
    let execpromises = vec![Promise::Stdio, Promise::Tty];
    pledge(&*promises.to_promise_string(), &*execpromises.to_promise_string()).unwrap();

    // make promises only
    let promises = vec![Promise::Stdio, Promise::Exec];
    pledge(&*promises.to_promise_string(), None).unwrap();

    // make execpromises only
    let execpromises = vec![Promise::Stdio];
    pledge(None, &*execpromises.to_promise_string()).unwrap();
}

You may also provide promises directly as a string:

/* Rust 2015 only */ extern crate pledge;
use pledge::pledge;

fn foo() {
    // make both promises and execpromises
    pledge("stdio proc exec", "stdio tty").unwrap();

    // make promises only
    pledge("stdio exec", None).unwrap();

    // make execpromises only
    pledge(None, "stdio").unwrap();
}

All of these will yield pledge::Error::UnsupportedPlatform on platforms that don’t support pledge(2). You can use pledge::Error::ignore_platform to ignore that variant and make your program portable to those platforms:

/* Rust 2015 only */ extern crate pledge;
/* Rust 2018 only */ use pledge::pledge_promises;

fn foo() {
    ...

    pledge_promises![Stdio Exec]
        .or_else(pledge::Error::ignore_platform)
        .unwrap();

    ...
}

Compatibility

This version of the crate is compatible with the OpenBSD 6.3+ interface, where the second parameter restricts the privileges of the process after execve(2), and guaranteed to be compatible with Rust 1.24.0+ (as shipped by OpenBSD 6.3).

Use version ^0.3 for the OpenBSD 5.9+ interface last supported by Bitrig, where the second parameter sets a whitelist of permitted paths.

To migrate your code from older versions:

  • change pledge![P, Q, R] call sites to pledge_promises![P Q R]
  • change pledge("p q r") call sites to pledge("p q r", None)
  • change pledge_with_paths(promises, paths) to pledge(promises)
  • update usage of renamed Promise variants (e.g. MCastMcast)
  • consider making execpromises to restrict processes after execve(2)
  • consider using unveil(2) and the unveil crate (OpenBSD 6.4+)
Commit count: 58

cargo fmt