#security #openbsd

unveil

Rust binding for OpenBSD’s unveil(2)

1 unstable release

0.1.0 Oct 20, 2018

#85 in #security

Download history 10/week @ 2018-10-25 5/week @ 2018-11-01 18/week @ 2018-11-08 12/week @ 2018-11-15 6/week @ 2018-11-22

3 downloads per month
Used in 1 crate

MIT/Apache

7KB
66 lines

unveil-rs

Rust binding for OpenBSD's unveil(2).

Requirements

  • OpenBSD 6.4 or later

Usage

extern crate unveil;

use std::fs::File;
use std::io::prelude::*;
use unveil::unveil;

fn main() {
    let path = "public.txt";
    let contents = b"Hello world!";
    File::create(path).unwrap().write_all(contents).unwrap();

    // Restrict filesystem view by only allowing read operations on the specified path
    unveil(path, "r").unwrap();

    // Reading from unveiled paths will succeed
    let mut file = File::open(path).unwrap();
    let mut buffer = Vec::new();
    file.read_to_end(&mut buffer).unwrap();
    assert_eq!(contents, &buffer[..]);

    // Reading from paths which have not been unveiled will fail
    assert!(File::open("/etc/passwd").is_err());

    // Disable further calls to unveil
    unveil("", "").unwrap();

    // All calls to unveil will now fail
    assert!(unveil(path, "rw").is_err());
}

Related projects

  • pledge-rs - Rust binding for OpenBSD's pledge(2).

Dependencies

~168KB