Skip to content

Releases: libseccomp-rs/libseccomp-rs

v0.3.0

01 Oct 04:29
@ManaSugi ManaSugi
v0.3.0
e4bcb2a
Compare
Choose a tag to compare
v0.3.0 Latest
Latest

Changelog

Added

  • impl From<ScmpSyscall> for i32
  • impl fmt::Display for ScmpSyscall
  • impl PartialEq<i32> for ScmpSyscall and impl PartialEq<ScmpSyscall> for i32
  • SeccompError::errno + SeccompErrno to query the errno returned by the libseccomp API.
  • ScmpNotifResp::new_val(), ScmpNotifResp::new_error() and ScmpNotifResp::new_continue()
  • ScmpNotifRespFlags
  • const fn ScmpSyscall::new (behind const-syscall feature)

Changed

  • Re-export notify module with private so that users can use the more convenient
    structure (Incompatible change).
  • add_arch/remove_arch return Ok(false) if the architecture was already
    present/not present in the filter and Ok(true) if the architecture was really
    added/removed (Incompatible change).
  • get_api returns u32 instead Result<u32> (Incompatible change).
  • ScmpArch::native() panics instead of returning an error (Incompatible change).
  • ScmpNotifData.syscall is now ScmpSyscall instead of i32 (Incompatible change).
  • Marked ScmpNotifData, ScmpNotifReq and ScmpNotifResp #[non_exhaustive] (Incompatible change).

Deprecated

  • NOTIF_FLAG_CONTINUE use ScmpNotifRespFlags::CONTINUE.bits() instead.

Removed

  • Syscall trait
  • get_native_arch()
  • enum error::ErrorKind
  • type error::Result

Fixed

  • scmp_cmp!: allow(unused_parens) in $mask
Assets 2

v0.2.3

14 Feb 12:55
@ManaSugi ManaSugi
v0.2.3
6b30fda
Compare
Choose a tag to compare
v0.2.3

Changelog

Added

  • "SCMP_ARCH_MIPS64N32" to ScmpArch::from_str().
  • ScmpFilterContext::{get,set}_act_badarch() to get/set the default action taken on a syscall for
    an architecture not in the filter.
  • ScmpFilterContext::get_act_default() to get the default action as specified in the call to
    new_filter() or reset().
  • ScmpFilterContext::get_ctl_nnp (replaces ScmpFilterContext::get_no_new_privs_bit).
  • ScmpFilterContext::set_ctl_nnp (replaces ScmpFilterContext::set_no_new_privs_bit).
  • ScmpFilterContext::{get,set}_ctl_log() to get/set the state of the ScmpFilterAttr::CtlLog.
  • ScmpFilterContext::{get,set}_ctl_ssb() to get/set the state of the ScmpFilterAttr::CtlSsb.
  • ScmpFilterContext::{get,set}_ctl_optimize() to get/set the level of the ScmpFilterAttr::CtlOptimize.
  • ScmpFilterContext::{get,set}_api_sysrawrc() to get/set the state of the ScmpFilterAttr::ApiSysRawRc.
  • ScmpFilterContext::{get,set}_ctl_tsync() to get/set the state of the ScmpFilterAttr::CtlTsync.
  • reset_global_state() to reset libseccomp's global state.
  • derive(Hash) for the most types
  • ScmpSyscall type
    • ScmpSyscall::from_name() (replaces get_syscall_from_name)
    • ScmpSyscall::from_name_by_arch() (replaces get_syscall_from_name)
    • ScmpSyscall::from_name_by_arch_rewrite() (new)
    • ScmpSyscall::get_name() (replaces get_syscall_name_from_arch)
    • ScmpSyscall::get_name_by_arch() (replaces get_syscall_name_from_arch)

Deprecated

  • get_syscall_from_name, use ScmpSyscall::from_name*()
  • get_syscall_name_from_arch, use ScmpSyscall::get_name*()
  • ScmpFilterContext::get_no_new_privs_bit, use ScmpFilterContext::get_ctl_nnp.
  • ScmpFilterContext::set_no_new_privs_bit, use ScmpFilterContext::set_ctl_nnp.
Assets 2

v0.2.2

01 Jan 13:32
@ManaSugi ManaSugi
v0.2.2
b22788b
Compare
Choose a tag to compare
v0.2.2

ChangeLog

Added

  • Some more examples to function documentation.

Changed

  • Re-fixed docs.rs build to make the notify module visible in the documentations by doc_cfg feature.
Assets 2

v0.2.1

31 Dec 18:06
@ManaSugi ManaSugi
v0.2.1
696cf3c
Compare
Choose a tag to compare
v0.2.1

ChangeLog

Changed

  • Fixed docs.rs build to make the notify module visible in the documentations.
Assets 2

v0.2.0

31 Dec 17:00
@ManaSugi ManaSugi
v0.2.0
66a16f4
Compare
Choose a tag to compare
v0.2.0

ChangeLog

Added

  • ScmpVersion::current() as rustified replacement for get_library_version().
  • ScmpFilterContext::get_no_new_privs_bit() to query the state of the No New Privileges bit.
  • ScmpArch::native() as rustified replacement for get_native_arch().
  • ScmpFilterContext::as_ptr() to return a raw pointer to the scmp_filter_ctx.
  • scmp_cmp! macro to create a ScmpArgCompare in a more elegant way.
  • impl From<&ScmpArgCompare> for scmp_arg_cmp.
  • ScmpFilterContext::set_syscall_priority() to set the priority of a given syscall.
  • ScmpFilterContext::add_rule_conditional() to add a single rule for a conditional
    action on a syscall.
  • ScmpFilterContext::add_rule_exact() to add a single rule for an unconditional
    action on a syscall.
  • ScmpFilterContext::add_rule_conditional_exact()to add a single rule for a conditional
    action on a syscall.
  • impl From<(u32, u32, u32)> for ScmpVersion.
  • check_version() to check that the libseccomp version being used is equal to
    or greater than the specified version.
  • check_api() to check that both the libseccomp API level and the libseccomp
    version being used are queal to or greater than the specified API level and version.

Changed

  • get_syscall_name_from_arch and get_syscall_from_name output a syscall number with
    an error message when the functions cannot resolve the syscall name.
  • ScmpAction::Trace now holds an u16 since you can not use any more bits anyway
    (Incompatible change).
  • ScmpAction::Errno now holds an i32 to make ScmpAction::Errno(libc::EPERM)
    work without casting (Incompatible change).
  • ScmpArgCompare::new is now a const fn.
  • ScmpFilterContext::export_{pfc,bpf}() take all types which implement AsRawFd.
  • ScmpFilterContext::export_{pfc,bpf}() take a &mut reference instead of consuming the ownership
    (Incompatible change).
  • ScmpFilterContext::set_filter_attr() takes &mut self rather than &self (Incompatible change).
  • Fixed memory leak in get_syscall_name_from_arch.
  • Made ScmpArgCompare::new to take only one datum (Incompatible change).
  • Made ScmpCompareOp::MaskedEqual to contain the mask (Incompatible change).
  • Implemented a debug trait for SeccompError by hand without the derive macro.
  • The libseccomp-sys crate supports the libseccomp library v2.5.3.
  • ScmpFilterContext::add_rule() does not take an Option<&[ScmpArgCompare]> argument
    , use ScmpFilterContext::add_rule_conditional() (Incompatible change).
  • Reworked the seccomp userspace notification APIs to be safer and easier to use them
    (Incompatible change).

Deprecated

  • get_library_version() uses ScmpVersion::current() instead.
  • get_native_arch() uses ScmpArch::native() instead.

Removed

  • ScmpData (was unused).
  • .to_native() functions (Incompatible change).
  • Clone on ScmpFilterContext because it causes double-free/use-after-free
    in the safe code (Incompatible change).

Security

  • Fixed double-free/use-after-free when cloning ScmpFilterContext.
Assets 2

v0.1.3

11 May 08:32
@ManaSugi ManaSugi
v0.1.3
0ccbfbb
Compare
Choose a tag to compare
v0.1.3

ChangeLog

  • Modify add_rule function about handling of multiple arguments
  • Update unit tests
  • Add original libseccomp library v2.5.1 as a submodule
  • Fix sample code in README and document
  • Fix typo in error message
Assets 2

v0.1.2

01 May 08:55
@ManaSugi ManaSugi
v0.1.2
bc9af4f
Compare
Choose a tag to compare
v0.1.2

ChangeLog

  • Add filter merge function
  • Add get_native_arch function
  • Add non_exhaustive attribute
  • Add export_pfc and export_bpf function
  • Fix bug about error messages
  • Update README
Assets 2

v0.1.1

21 Apr 14:00
@ManaSugi ManaSugi
v0.1.1
c616843
Compare
Choose a tag to compare
v0.1.1

ChangeLog

  • Add get_library_version function
  • Move build.rs to the libseccomp directory
  • Fix typos in error message
  • Update README
Assets 2

libseccomp-rs v0.1.0

21 Apr 13:55
@ManaSugi ManaSugi
v0.1.0
6fcb773
Compare
Choose a tag to compare
libseccomp-rs v0.1.0

Release native Rust crate for libseccomp library

Assets 2