Releases: libseccomp-rs/libseccomp-rs
Releases · libseccomp-rs/libseccomp-rs
v0.3.0
Changelog
Added
impl From<ScmpSyscall> for i32
impl fmt::Display for ScmpSyscall
impl PartialEq<i32> for ScmpSyscall
andimpl PartialEq<ScmpSyscall> for i32
SeccompError::errno
+SeccompErrno
to query the errno returned by the libseccomp API.ScmpNotifResp::new_val()
,ScmpNotifResp::new_error()
andScmpNotifResp::new_continue()
ScmpNotifRespFlags
const fn ScmpSyscall::new
(behindconst-syscall
feature)
Changed
- Re-export
notify
module with private so that users can use the more convenient
structure (Incompatible change). add_arch
/remove_arch
returnOk(false)
if the architecture was already
present/not present in the filter andOk(true)
if the architecture was really
added/removed (Incompatible change).get_api
returnsu32
insteadResult<u32>
(Incompatible change).ScmpArch::native()
panics instead of returning an error (Incompatible change).ScmpNotifData.syscall
is nowScmpSyscall
instead ofi32
(Incompatible change).- Marked
ScmpNotifData
,ScmpNotifReq
andScmpNotifResp
#[non_exhaustive]
(Incompatible change).
Deprecated
NOTIF_FLAG_CONTINUE
useScmpNotifRespFlags::CONTINUE.bits()
instead.
Removed
Syscall
traitget_native_arch()
enum error::ErrorKind
type error::Result
Fixed
scmp_cmp!
:allow(unused_parens)
in$mask
v0.2.3
Changelog
Added
"SCMP_ARCH_MIPS64N32"
toScmpArch::from_str()
.ScmpFilterContext::{get,set}_act_badarch()
to get/set the default action taken on a syscall for
an architecture not in the filter.ScmpFilterContext::get_act_default()
to get the default action as specified in the call to
new_filter()
orreset()
.ScmpFilterContext::get_ctl_nnp
(replacesScmpFilterContext::get_no_new_privs_bit
).ScmpFilterContext::set_ctl_nnp
(replacesScmpFilterContext::set_no_new_privs_bit
).ScmpFilterContext::{get,set}_ctl_log()
to get/set the state of theScmpFilterAttr::CtlLog
.ScmpFilterContext::{get,set}_ctl_ssb()
to get/set the state of theScmpFilterAttr::CtlSsb
.ScmpFilterContext::{get,set}_ctl_optimize()
to get/set the level of theScmpFilterAttr::CtlOptimize
.ScmpFilterContext::{get,set}_api_sysrawrc()
to get/set the state of theScmpFilterAttr::ApiSysRawRc
.ScmpFilterContext::{get,set}_ctl_tsync()
to get/set the state of theScmpFilterAttr::CtlTsync
.reset_global_state()
to reset libseccomp's global state.derive(Hash)
for the most typesScmpSyscall
typeScmpSyscall::from_name()
(replacesget_syscall_from_name
)ScmpSyscall::from_name_by_arch()
(replacesget_syscall_from_name
)ScmpSyscall::from_name_by_arch_rewrite()
(new)ScmpSyscall::get_name()
(replacesget_syscall_name_from_arch
)ScmpSyscall::get_name_by_arch()
(replacesget_syscall_name_from_arch
)
Deprecated
get_syscall_from_name
, useScmpSyscall::from_name*()
get_syscall_name_from_arch
, useScmpSyscall::get_name*()
ScmpFilterContext::get_no_new_privs_bit
, useScmpFilterContext::get_ctl_nnp
.ScmpFilterContext::set_no_new_privs_bit
, useScmpFilterContext::set_ctl_nnp
.
v0.2.2
v0.2.1
v0.2.0
ChangeLog
Added
ScmpVersion::current()
as rustified replacement forget_library_version()
.ScmpFilterContext::get_no_new_privs_bit()
to query the state of the No New Privileges bit.ScmpArch::native()
as rustified replacement forget_native_arch()
.ScmpFilterContext::as_ptr()
to return a raw pointer to thescmp_filter_ctx
.scmp_cmp!
macro to create aScmpArgCompare
in a more elegant way.impl From<&ScmpArgCompare> for scmp_arg_cmp
.ScmpFilterContext::set_syscall_priority()
to set the priority of a given syscall.ScmpFilterContext::add_rule_conditional()
to add a single rule for a conditional
action on a syscall.ScmpFilterContext::add_rule_exact()
to add a single rule for an unconditional
action on a syscall.ScmpFilterContext::add_rule_conditional_exact()
to add a single rule for a conditional
action on a syscall.impl From<(u32, u32, u32)> for ScmpVersion
.check_version()
to check that the libseccomp version being used is equal to
or greater than the specified version.check_api()
to check that both the libseccomp API level and the libseccomp
version being used are queal to or greater than the specified API level and version.
Changed
get_syscall_name_from_arch
andget_syscall_from_name
output a syscall number with
an error message when the functions cannot resolve the syscall name.ScmpAction::Trace
now holds anu16
since you can not use any more bits anyway
(Incompatible change).ScmpAction::Errno
now holds ani32
to makeScmpAction::Errno(libc::EPERM)
work without casting (Incompatible change).ScmpArgCompare::new
is now aconst fn
.ScmpFilterContext::export_{pfc,bpf}()
take all types which implementAsRawFd
.ScmpFilterContext::export_{pfc,bpf}()
take a&mut
reference instead of consuming the ownership
(Incompatible change).ScmpFilterContext::set_filter_attr()
takes&mut self
rather than&self
(Incompatible change).- Fixed memory leak in
get_syscall_name_from_arch
. - Made
ScmpArgCompare::new
to take only onedatum
(Incompatible change). - Made
ScmpCompareOp::MaskedEqual
to contain the mask (Incompatible change). - Implemented a debug trait for
SeccompError
by hand without the derive macro. - The
libseccomp-sys
crate supports the libseccomp library v2.5.3. ScmpFilterContext::add_rule()
does not take anOption<&[ScmpArgCompare]>
argument
, useScmpFilterContext::add_rule_conditional()
(Incompatible change).- Reworked the seccomp userspace notification APIs to be safer and easier to use them
(Incompatible change).
Deprecated
get_library_version()
usesScmpVersion::current()
instead.get_native_arch()
usesScmpArch::native()
instead.
Removed
ScmpData
(was unused)..to_native()
functions (Incompatible change).Clone
onScmpFilterContext
because it causes double-free/use-after-free
in the safe code (Incompatible change).
Security
- Fixed double-free/use-after-free when cloning
ScmpFilterContext
.
v0.1.3
v0.1.2
v0.1.1
libseccomp-rs v0.1.0
Release native Rust crate for libseccomp library