rusty-snake
rusty-snake
- [ ] `MemoryDenyWriteExecuteMask` bitflags (mask or flags?) - [ ] `REFUSE_EXEC_GAIN` - [ ] `NO_INHERIT` (Linux 6.6) - [ ] `set_mdwe(mask)` or `set_memory_deny_write_execute(mask)` or `set_memory_deny_write_execute_protection(mask)` - [ ] `mdwe()...
https://docs.kernel.org/next/userspace-api/check_exec.html - [ ] `AT_EXECVE_CHECK` - for `execveat` which is `rustix_1_0_5::not_implemented::quite_yet` ATM. However we do not need to wait for it, we can just add it to `AtFlags`. - [...
The return type of `speculative_feature_state` is `Result`. The return logic is - error -> `Err(Errno)` - success, value known by rustix -> `Ok(Some(SpeculationFeatureState))` - success, value not known by rustix...
Closes #1453
`Uid` in rustix has a strange history of not liking the value `-1`. While it is nowadays sound (no `unsafe`) to create one, it is still incorrect. At the same...
This is an early draft seeking for feedback on the API. The `SecureComputingFilter` is based on my own seccomp abstractions https://codeberg.org/crabjail/crablock/src/commit/c6cadc33b0e605bf16b8dc2fc0ba8156c7693567/seccomp/src/bpf.rs#L416 . Closes #1451
- [x] rust-lang/libc#4402 - [ ] `PidfdFlags::THREAD = PIDFD_THREAD` - [x] `pidfd_send_signal` (#992) is in `rustix::not_implemented::yet` and `rustix::process` (#1448) - [ ] `PIDFD_SIGNAL_THREAD`, `PIDFD_SIGNAL_THREAD_GROUP` and `PIDFD_SIGNAL_PROCESS_GROUP`. - Because the `rustix::process::pidfd_send_signal`...
The kernel knows for `set_child_subreaper` only poor man boolean (int `== 0`/`!= 0`).
Issue for addition of `listmount` and `statmount` and related ioctls. - https://www.man7.org/linux/man-pages/man2/listmount.2.html - https://www.man7.org/linux/man-pages/man2/statmount.2.html - https://brauner.io/2024/12/16/list-all-mounts.html Note that these syscalls see heavy development and the manpages are likely to be...
The C interface looks like ```C [[deprecated]] int prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, struct sock_fprog *filter); ``` however rustix' iterface looks like ```Rust set_secure_computing_mode(SecureComputingMode::Filter) ``` so `filter` will be some garbage, mostly likely...