feat: allow unlink and unlinkat for SystemIO

Fixes #17
boustrophedon · Sep 1, 2023 · c6bd29e · c6bd29e
1 parent 8709822
commit c6bd29e
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/builtins/systemio.rs b/src/builtins/systemio.rs
@@ -21,6 +21,7 @@ const IO_METADATA_SYSCALLS: &[Sysno] = &[Sysno::stat, Sysno::fstat, Sysno::newfs
                                          Sysno::getdents, Sysno::getdents64,
                                          Sysno::getcwd];
 const IO_CLOSE_SYSCALLS: &[Sysno] = &[Sysno::close, Sysno::close_range];
+const IO_UNLINK_SYSCALLS: &[Sysno] = &[Sysno::unlink, Sysno::unlinkat];
 
 /// A [`RuleSet`] representing syscalls that perform IO - open/close/read/write/seek/stat.
 ///
@@ -50,6 +51,7 @@ impl SystemIO {
             .allow_write()
             .allow_open().yes_really()
             .allow_metadata()
+            .allow_unlink()
             .allow_close()
     }
 
@@ -71,6 +73,14 @@ impl SystemIO {
         self
     }
 
+    /// Allow `unlink` syscalls.
+    #[must_use]
+    pub fn allow_unlink(mut self) -> SystemIO {
+        self.allowed.extend(IO_UNLINK_SYSCALLS);
+
+        self
+    }
+
     /// Allow `open` syscalls.
     ///
     /// # Security