Lib.rs

Operating systemsUnix APIs
#openbsd #security #api-bindings

unveil

Rust binding for OpenBSD's unveil(2)

by António Marques

6 releases

Uses old Rust 2015

0.3.2 May 22, 2022
0.3.1 Jun 6, 2021
0.3.0 Jan 10, 2021
0.2.1 Feb 16, 2020
0.1.0 Oct 20, 2018

#343 in Unix APIs

Download history 29/week @ 2024-01-05 45/week @ 2024-01-12 21/week @ 2024-01-19 12/week @ 2024-01-26 9/week @ 2024-02-02 23/week @ 2024-02-09 41/week @ 2024-02-16 41/week @ 2024-02-23 51/week @ 2024-03-01 61/week @ 2024-03-08 73/week @ 2024-03-15 54/week @ 2024-03-22 87/week @ 2024-03-29 45/week @ 2024-04-05 67/week @ 2024-04-12 47/week @ 2024-04-19

251 downloads per month
Used in 9 crates

MIT/Apache

8KB
120 lines

unveil-rs

Crate Documentation

Rust binding for OpenBSD's unveil(2).

Requirements

  • OpenBSD 6.4 or later

Usage

extern crate unveil;

use std::fs::File;
use std::io::prelude::*;
use unveil::unveil;

fn main() {
    let path = "public.txt";
    let contents = b"Hello world!";
    File::create(path).unwrap().write_all(contents).unwrap();

    // Restrict filesystem view by only allowing read operations on the specified path
    unveil(path, "r")
    .or_else(unveil::Error::ignore_platform)
    .unwrap();

    // Reading from unveiled paths will succeed
    let mut file = File::open(path).unwrap();
    let mut buffer = Vec::new();
    file.read_to_end(&mut buffer).unwrap();
    assert_eq!(contents, &buffer[..]);

    // Reading from paths which have not been unveiled will fail
    assert!(File::open("/etc/passwd").is_err());

    // Disable further calls to unveil
    unveil("", "")
    .or_else(unveil::Error::ignore_platform)
    .unwrap();

    // All calls to unveil will now fail
    assert!(unveil(path, "rw").is_err());
}
  • pledge-rs - Rust binding for OpenBSD's pledge(2).

Dependencies

~42KB