mirror of
https://github.com/FedericoCeratto/nim-seccomp
synced 2026-01-14 16:01:39 +00:00
No description
|
|
||
|---|---|---|
| seccomp | ||
| tests | ||
| .gitignore | ||
| LICENSE | ||
| README.adoc | ||
| seccomp.nim | ||
| seccomp.nimble | ||
## nim-seccomp
Nim adapter for the https://en.wikipedia.org/wiki/Seccomp[Seccomp sandbox] facility
image:https://img.shields.io/badge/status-beta-orange.svg[badge]
image:https://img.shields.io/github/tag/FedericoCeratto/nim-seccomp.svg[tags]
image:https://img.shields.io/badge/License-LGPL%20v3-blue.svg[License]
### Features
* Provides a high-level adaptor in seccomp.nim
* Low-level wrapper in seccomp_lowlevel.nim
* Tested on Linux
* Basic tests
### Installation
[source,bash]
----
sudo apt-get install libseccomp2
nimble install seccomp
----
### Usage
Refer to the generated documentation for the
link:https://federicoceratto.github.io/nim-seccomp/docs/0.1.0/seccomp.html[seccomp]
and
link:https://federicoceratto.github.io/nim-seccomp/docs/0.1.0/seccomp_lowlevel.html[seccomp_lowlevel]
modules
[source,nim]
----
import seccomp
setSeccomp("write exit_group")
echo """Seccomp is now enabled. Future attempts to change the Seccomp configuration
or to call forbidden system calls will cause the process to be terminated"""
# e.g. createDir("/tmp/foo")
----
or:
[source,nim]
----
import seccomp
let ctx = seccomp_ctx()
ctx.add_rule(Allow, "write")
ctx.add_rule(Allow, "exit_group")
ctx.load()
----
https://github.com/FedericoCeratto/nim-seccomp/blob/master/tests/trigger_seccomp.nim[tests/trigger_seccomp.nim] contains running examples of syscalls that will be blocked
### Contributing
Testing and PRs are welcome.
Running tests:
[source,bash]
----
nimble test
nimble test_trigger_seccomp
----