A safe, sane Rust interface to libseccomp on Linux

Note: This is not a high-level interface; most functions/methods in this library directly correspond to a libseccomp function

libscmp

A safe, sane Rust interface to libseccomp on Linux.

Note: This is not a high-level interface; most functions/methods in this library directly correspond to a libseccomp function. However, this library provides a sane, usable interface to libseccomp, something that seems to be lacking.

Supported versions of libseccomp

By default, libscmp supports libseccomp v2.3.0+. Enabling the libseccomp-2-4 feature enables support for libseccomp v2.4.0+ APIs (and also tells libscmp that it can assume it will never run against a version of libseccomp prior to v2.4.0). The libseccomp-2-5 feature works similarly (and implies libseccomp-2-4).

IMPORTANT: minimum version detection

libscmp assumes that the minimum version as specified by the feature flags is correct. For example, if the libseccomp-2-4 feature is specified, libscmp may perform optimizations by assuming that features added in libseccomp v2.4.0 are present, rather than explicitly probing for them. However, it does NOT check the version of libseccomp that actually gets loaded at runtime to see if this is correct.

This is unlikely to cause any serious issues, and in most cases everything will be fine. However, if you cannot guarantee that the correct version of libseccomp will always be loaded (for example, if you are distributing compiled binaries that end users may download and run on older systems), it is recommended to check libseccomp_version() like so: assert!(libscmp::libseccomp_version() >= (2, 4, 0));.

Building dependent crates

To build a crate that depends on libscmp, you need libseccomp installed :-). You may need to install the "development" libseccomp package (for example, libseccomp-dev on Debian/Ubuntu) so that it can be found properly.

Statically linking against musl libc

Building this crate against musl libc is tricky, because you need to have a statically-linked version of libseccomp installed that was compiled against musl. This usually means you have to either build libseccomp manually (!) or use a musl-based distribution that provides a statically-linked libseccomp.

Here's a proof of concept for building against musl using an Alpine Linux Docker container. In most cases you'd want to create a separate Docker image with the dependencies installed (and then switch users when actually compiling), but this illustrates the process:

docker run -v $PWD:/src --rm alpine:latest sh -c '
set -e
apk add libseccomp-static gcc
wget -O- https://sh.rustup.rs | sh /dev/stdin -y --default-host x86_64-unknown-linux-musl --default-toolchain stable
source $HOME/.cargo/env
cd /src
export RUSTFLAGS="-L /usr/lib"
cargo build
'
Versions

Find the latest versions by id

v0.2.0 - Jun 05, 2021

Changelog:

  • feat: add support for libseccomp notification API
  • refactor: switch to a custom error type (can be converted to an io::Error)
  • refactor: make all public enums non-exhaustive
  • refactor(filter): correct interfaces based off seccomp_attr_get()
  • fix(arch): correct Arch::is_supported() check
  • refactor(build): improve static/dynamic detection
  • fix(arch): fix Arch::native() on x32
  • refactor: properly tell cargo we link to libseccomp
  • fix(sys): fix libseccomp v2.5.0+ linking
  • Minor performance improvements
  • Improve tests and documentation

v0.1.0 - Feb 25, 2021

Initial release

Information - Updated Feb 11, 2022

Stars: 1
Forks: 0
Issues: 0

Repositories & Extras

cargo-ndk - Build Rust code for Android

This cargo extension handles all the environment configuration needed for successfully building libraries

cargo-ndk - Build Rust code for Android

Build, bundle & ship your Rust WASM application to the web

”Pack your things, we’re going on an adventure!” ~ Ferris

Build, bundle & ship your Rust WASM application to the web

a minimal Linux kernel module written in rust

A recent build of Rust (latest nightly)

a minimal Linux kernel module written in rust

Low-level R library bindings

The recommended way to build this library is to use precomputed bindings, which are available for Linux, macOS, and Windows (32- and 64-bit)

Low-level R library bindings

Build Rust RPC services powered by Warp + Reqwest

Provides server and client macros to implement the boilerplate for service RPC over

Build Rust RPC services powered by Warp + Reqwest

Rust AWS Lambda Example

Configure your Mac to build targets for Amazon Linux

Rust AWS Lambda Example

Build tool for deploying Rust WASM repositories to Screeps game servers

Build tool for deploying Rust WASM repositories to cargo-web, adding the ability to trim node

Build tool for deploying Rust WASM repositories to Screeps game servers

A 3d rust game using OpenGl and Emscripten to build for the wasm32-unknown-emscripten

It can also run standalone, developed and tested on Linux but will

A 3d rust game using OpenGl and Emscripten to build for the wasm32-unknown-emscripten

🛠️ Build with wasm-pack build

🔬 Test in Headless Browsers with wasm-pack test

🛠️ Build with wasm-pack build
Facebook Instagram Twitter GitHub Dribbble
Privacy