Lib.rs

›

#fd #sandbox #passing #imsg

privsep

Privilege Separation for Rust

by Reyk Floeter

1 unstable release

0.0.2	Sep 18, 2021
0.0.1	~~Sep 17, 2021~~
0.0.1-test.6	~~May 17, 2021~~
0.0.1-test.5	~~Apr 18, 2021~~
0.0.1-test.4	~~Mar 31, 2021~~

#889 in Unix APIs

ISC license

64KB
1.5K SLoC

Privilege Separation for Rust

This crate is experimental and WIP.

Minimum Rust version

This crate uses const generics and requires Rust 1.51 or later.

TODO

Many things, including:

Improve documentation and rustdoc.
process:
- Allow to spawn multiple processes of a same child (not really needed with tokio).
- Improve naming of structs.
- Add support for OS-specific sandboxing (e.g. OpenBSD pledge)
- Add support for running privileged operations in a child before privdrop.
- Help to get ancillary into stable.
- Add suppport for nightly.
log:
- Improve async logging and lazy initialization of log messages.
Write more tests to improve code coverage.

Copyright and license

Licensed under an OpenBSD-ISC-style license, see LICENSE for details.

Dependencies

~6–16MB
~190K SLoC