Lib.rs

Memory management
#memory #syscalls #sealing #linux #security #memory-safety #api-bindings

rseal

Memory sealing operations

by Abdelwahab

1 unstable release

new 0.1.0 Feb 4, 2025

#161 in Memory management

Download history 98/week @ 2025-02-02

98 downloads per month

MIT/Apache

23KB
381 lines

RSeal

A Rust library for memory sealing operations using Linux's mseal syscall.

Overview

RSeal provides a safe Rust interface for sealing memory regions, preventing them from being modified after initialization. This is useful for security-sensitive applications that need to protect critical data from tampering.

Features

  • Safe wrapper around the Linux mseal syscall
  • Page-aligned memory allocation and sealing
  • Comprehensive error handling
  • Memory safety guarantees through Rust's ownership system
  • Extensive test coverage

Installation

Add this to your Cargo.toml:

[dependencies]
rseal = "0.1.0"

Quick Start

use rseal::SealedBuffer;

fn main() -> Result<(), rseal::errors::RSealMemError> {
    // Create a new sealed buffer with 4KB capacity
    let mut buffer = SealedBuffer::new(4096)?;

    // Write data to the buffer (before sealing)
    let data = b"Sensitive data";
    buffer.write(data);

    // After this point, the memory cannot be modified
    let sealed_data = buffer.read();
    assert_eq!(&sealed_data[..data.len()], data);

    Ok(())
}

API Documentation

Key Types

  • SealedMemory<T>: Low-level wrapper for sealed memory regions
  • SealedBuffer: High-level wrapper for byte-oriented sealed memory
  • RSealError: Error types for sealing operations
  • RSealMemError: Memory-specific error types

Safety

Memory sealing is irreversible - sealed memory regions cannot be freed until process termination. Use this library judiciously and be aware of the memory usage implications.

Technical Details

RSeal uses the Linux mseal syscall to prevent further modifications to memory regions. Key features include:

  • Page-aligned memory allocation
  • Comprehensive error checking
  • Safe Rust abstractions over unsafe system calls
  • Automatic handling of memory alignment requirements

Contributing

Contributions are welcome! Please feel free to submit a Pull Request. Areas for improvement include:

  • Support for other operating systems
  • Additional memory protection features
  • Performance optimizations
  • Documentation improvements

License

This project is licensed under either of

at your option.

Platform Support

Currently supports Linux only. The mseal syscall is required.

Dependencies

~0.3–7MB
~48K SLoC