Lib.rs

Operating systemsUnix APIs
#memfd-create #exec #command #seal

pentacle

Executes programs as sealed anonymous files on Linux

by iliana etaoin

4 releases (1 stable)

1.0.0 Sep 30, 2020
0.2.0 Jun 23, 2020
0.1.1 Mar 16, 2020
0.1.0 Nov 15, 2019

#576 in Unix APIs

Download history 445/week @ 2023-11-20 637/week @ 2023-11-27 895/week @ 2023-12-04 526/week @ 2023-12-11 544/week @ 2023-12-18 455/week @ 2023-12-25 1086/week @ 2024-01-01 1118/week @ 2024-01-08 971/week @ 2024-01-15 840/week @ 2024-01-22 838/week @ 2024-01-29 1259/week @ 2024-02-05 1164/week @ 2024-02-12 1202/week @ 2024-02-19 918/week @ 2024-02-26 854/week @ 2024-03-04

4,154 downloads per month
Used in 2 crates

MIT license

10KB
121 lines

pentacle

pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2).

This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.

This library is based on runc's cloned_binary.c.

lib.rs:

pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2).

This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.

The library provides a wrapper around Command as well as two helper functions for programs that execute sealed versions of themselves.

fn main() {
    pentacle::ensure_sealed().unwrap();

    // The rest of your code
}

Dependencies

~130KB