2 unstable releases
0.2.0 | Mar 16, 2021 |
---|---|
0.1.0 | Jun 20, 2019 |
#730 in Unix APIs
41KB
428 lines
rust-illumos-priv
Adjust illumos privilege sets.
illumos implements a set of privileges that provide fine-grained control over the actions of processes. The possession of a certain privilege allows a process to perform a specific set of restricted operations.
See PRIVILEGES(5) for a list of privileges and their descriptions, or take a look at this crates documentation.
Example
Dropping fork and exec privileges from a process running as root results in
failure to fork-exec ls
. Source for the below example can be found in
examples/fork-exec.rs.
root - rustdev ~/src/rust-illumos-priv (git:master) # cargo run --example fork-exec
Finished dev [unoptimized + debuginfo] target(s) in 0.02s
Running `target/debug/examples/fork-exec`
failed to fork/exec ls: PermissionDenied
lib.rs
:
illumos implements a set of privileges that provide fine-grained control over the actions of processes. The possession of a certain privilege allows a process to perform a specific set of restricted operations.
This crate provides a safe wrapper around this interface and lets you add/remove/replace a privilege set for a process or its off-spring.
Example:
use illumos_priv::{PrivOp, PrivPtype, PrivSet, Privilege};
// Get a new basic PrivSet.
let mut set = PrivSet::new_basic().unwrap();
// Remove the ability to fork(2) from the set.
let _ = set
.delset(Privilege::ProcFork)
.expect("failed to delete from set");
// Replace the effective privilege set with the new one
illumos_priv::setppriv(PrivOp::Set, PrivPtype::Effective, &set).unwrap();