Lib.rs

Operating systemsUnix APIs
#seccomp-sandbox #syscalls #seccomp-syscalls #action #filter #sandbox #seccomp

syscallz

Simple seccomp library for rust

by kpcyrd and 5 contributors

26 releases (16 breaking)

0.17.0 Sep 28, 2023
0.16.2 Nov 12, 2022
0.16.1 Sep 11, 2021
0.15.0 Oct 6, 2020
0.7.0 Jul 22, 2018

#556 in Unix APIs

Download history 128/week @ 2024-12-25 102/week @ 2025-01-01 117/week @ 2025-01-08 133/week @ 2025-01-15 147/week @ 2025-01-22 163/week @ 2025-01-29 182/week @ 2025-02-05 136/week @ 2025-02-12 185/week @ 2025-02-19 213/week @ 2025-02-26 110/week @ 2025-03-05 216/week @ 2025-03-12 154/week @ 2025-03-19 146/week @ 2025-03-26 95/week @ 2025-04-02 148/week @ 2025-04-09

572 downloads per month
Used in 6 crates

MIT/Apache and LGPL-2.1

105KB
5.5K SLoC

Simple seccomp library for rust. Please note that the syscall list is incomplete and you might need to send a PR to get your syscalls included. This crate releases frequently if the syscall list has been updated.

Example

use syscallz::{Context, Syscall, Action};

fn main() -> syscallz::Result<()> {

    // The default action if no other rule matches is syscallz::DEFAULT_KILL
    // For a different default use `Context::init_with_action`
    let mut ctx = Context::init()?;

    // Allow-list some syscalls
    ctx.allow_syscall(Syscall::open);
    ctx.allow_syscall(Syscall::getpid);
    // Set a specific action for a syscall
    ctx.set_action_for_syscall(Action::Errno(1), Syscall::execve);

    // Enforce the seccomp filter
    ctx.load()?;

    Ok(())
}

syscallz-rs Build Status crates.io docs.rs

Simple seccomp library for rust. Please note that the syscall list is incomplete and you might need to send a PR to get your syscalls included. This crate releases frequently if the syscall list has been updated.

# Cargo.toml
[dependencies]
syscallz = "0.16"

License

MIT/Apache-2.0

Dependencies

~0.3–0.8MB
~18K SLoC