Crates.io | priv_sep |
lib.rs | priv_sep |
version | 1.0.1 |
source | src |
created_at | 2023-07-25 06:19:55.703818 |
updated_at | 2024-03-27 18:40:55.366778 |
description | FFI for pledge(2) and unveil(2) on OpenBSD. |
homepage | |
repository | https://git.philomathiclife.com/repos/priv_sep/ |
max_upload_size | |
id | 925219 |
size | 58,919 |
priv_sep
priv_sep
is a library for privilege separation.
It is currently designed around pledge(2)
and
unveil(2)
for OpenBSD-stable—that is correct, -stable not -current—but
in the future may contain functionality for Linux's
seccomp(2)
.
Calls to pledge(2)
are done via Promises::pledge
and pledge_none
.
Note that since the use of execpromises
is quite rare, NULL
is always
used for it.
Calls to unveil(2)
are done via Permissions::unveil
and unveil_no_more
.
Any error returned from the underlying system call is propagated via Error
.
This package will be actively maintained to stay in-sync with the latest version of OpenBSD-stable; as a result,
the crate is only tested on the x86_64-unknown-openbsd
target. While OpenBSD supports both the most recent
-release/-stable release as well as the previous version, only the most recent version will be supported by this
library. For that reason any removal of promises
in subsequent releases of pledge(2)
will lead to breaking
changes in this library as the corresponding Promise
variant will be removed.