4 releases (1 stable)
1.0.0 | Sep 30, 2020 |
---|---|
0.2.0 | Jun 23, 2020 |
0.1.1 | Mar 16, 2020 |
0.1.0 | Nov 15, 2019 |
#576 in Unix APIs
4,154 downloads per month
Used in 2 crates
10KB
121 lines
pentacle
pentacle is a library for executing programs as sealed anonymous files on Linux, using memfd_create(2)
.
This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.
This library is based on runc's cloned_binary.c.
lib.rs
:
pentacle is a library for executing programs as sealed anonymous files on Linux, using
memfd_create(2)
.
This is useful for executing programs that execute untrusted programs with root permissions, or ensuring a cryptographically-verified program is not tampered with after verification but before execution.
The library provides a wrapper around Command
as well as two helper
functions for programs that execute sealed versions of themselves.
fn main() {
pentacle::ensure_sealed().unwrap();
// The rest of your code
}
Dependencies
~130KB