Skip to content

Commit

Permalink
feat: allow pipe syscalls in Pipes ruleset
Browse files Browse the repository at this point in the history
  • Loading branch information
@gotlougit @boustrophedon
gotlougit authored and boustrophedon committed Oct 2, 2023
1 parent 43552f0 commit 4430e79
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/builtins/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,3 +36,4 @@ pub mod time;
pub use time::Time;

pub mod danger_zone;
pub mod pipes;
22 changes: 22 additions & 0 deletions src/builtins/pipes.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
//! Contains a [`RuleSet`] for allowing pipes

use std::collections::HashMap;
use syscalls::Sysno;
use crate::{SeccompRule, RuleSet};

/// [`Pipes`] allows you to create anonymous pipes for inter-process communication via the `pipe`
/// syscalls.
pub struct Pipes;
impl RuleSet for Pipes {
fn simple_rules(&self) -> Vec<Sysno> {
vec![Sysno::pipe, Sysno::pipe2]
}

fn conditional_rules(&self) -> HashMap<Sysno, Vec<SeccompRule>> {
HashMap::new()
}

fn name(&self) -> &'static str {
"Pipes"
}
}

0 comments on commit 4430e79

Please sign in to comment.