#openbsd #security

unveil

Rust binding for OpenBSD’s unveil(2)

2 unstable releases

0.2.0 Nov 3, 2018
0.1.0 Oct 20, 2018

#40 in #security

Download history 11/week @ 2018-11-16 4/week @ 2018-11-23 6/week @ 2018-11-30 3/week @ 2018-12-07 4/week @ 2018-12-14 4/week @ 2018-12-21 37/week @ 2018-12-28 1/week @ 2019-01-04 4/week @ 2019-01-11 3/week @ 2019-01-18 3/week @ 2019-01-25 3/week @ 2019-02-01 3/week @ 2019-02-08

35 downloads per month
Used in 1 crate

MIT/Apache

7KB
66 lines

unveil-rs

Rust binding for OpenBSD's unveil(2).

Requirements

  • OpenBSD 6.4 or later

Usage

extern crate unveil;

use std::fs::File;
use std::io::prelude::*;
use unveil::unveil;

fn main() {
    let path = "public.txt";
    let contents = b"Hello world!";
    File::create(path).unwrap().write_all(contents).unwrap();

    // Restrict filesystem view by only allowing read operations on the specified path
    unveil(path, "r").unwrap();

    // Reading from unveiled paths will succeed
    let mut file = File::open(path).unwrap();
    let mut buffer = Vec::new();
    file.read_to_end(&mut buffer).unwrap();
    assert_eq!(contents, &buffer[..]);

    // Reading from paths which have not been unveiled will fail
    assert!(File::open("/etc/passwd").is_err());

    // Disable further calls to unveil
    unveil("", "").unwrap();

    // All calls to unveil will now fail
    assert!(unveil(path, "rw").is_err());
}

Related projects

  • pledge-rs - Rust binding for OpenBSD's pledge(2).

Dependencies