4 releases (1 stable)

1.0.0 Sep 30, 2020
0.2.0 Jun 23, 2020
0.1.1 Mar 16, 2020
0.1.0 Nov 15, 2019

#198 in Unix APIs

Download history 3429/week @ 2021-10-04 3231/week @ 2021-10-11 3300/week @ 2021-10-18 3623/week @ 2021-10-25 3544/week @ 2021-11-01 3406/week @ 2021-11-08 3906/week @ 2021-11-15 4011/week @ 2021-11-22 4081/week @ 2021-11-29 4141/week @ 2021-12-06 4388/week @ 2021-12-13 3103/week @ 2021-12-20 2908/week @ 2021-12-27 2899/week @ 2022-01-03 3041/week @ 2022-01-10 3020/week @ 2022-01-17

12,309 downloads per month
Used in bandsocks-runtime

MIT license

10KB
121 lines

pentacle

pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2).

This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.

This library is based on runc's cloned_binary.c.


lib.rs:

pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2).

This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.

The library provides [a wrapper around Command][SealedCommand] as well as two helper functions for programs that execute sealed versions of themselves.

fn main() {
    pentacle::ensure_sealed().unwrap();

    // The rest of your code
}

Dependencies

~110KB

c+t_