Documentation for <syd.h>

Back to index

Table of contents

ACTION_ABORT 

#define ACTION_ABORT

ACTION_ALLOW 

#define ACTION_ALLOW

ACTION_DENY 

#define ACTION_DENY

ACTION_EXIT 

#define ACTION_EXIT

ACTION_FILTER 

#define ACTION_FILTER

ACTION_KILL 

#define ACTION_KILL

ACTION_PANIC 

#define ACTION_PANIC

ACTION_STOP 

#define ACTION_STOP

typedef action_t 

typedef uint8_t action_t;

`action_t` type represents possible sandboxing action values.

ACTION_WARN 

#define ACTION_WARN

LOCK_EXEC 

#define LOCK_EXEC

LOCK_OFF 

#define LOCK_OFF

LOCK_ON 

#define LOCK_ON

typedef lock_state_t 

typedef uint8_t lock_state_t;

`lock_state_t_t` type represents possible states for the sandbox lock.

syd_api() 

int syd_api(​void);

Performs a syd API check

The caller is advised to perform this check before calling any other syd API calls.

Returns API number on success, negated errno on failure.

syd_chattr_add() 

int syd_chattr_add(​action_t action, const char *glob);

Adds to the given actionlist of chattr sandboxing.

Returns 0 on success, negated errno on failure.

syd_chattr_del() 

int syd_chattr_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of chattr sandboxing.

Returns 0 on success, negated errno on failure.

syd_chattr_rem() 

int syd_chattr_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of chattr sandboxing.

Returns 0 on success, negated errno on failure.

syd_chdir_add() 

int syd_chdir_add(​action_t action, const char *glob);

Adds to the given actionlist of chdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_chdir_del() 

int syd_chdir_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of chdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_chdir_rem() 

int syd_chdir_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of chdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_check() 

int syd_check(​void);

Performs an lstat system call on the file "/dev/syd".

Returns 0 on success, negated errno on failure.

syd_chgrp_add() 

int syd_chgrp_add(​action_t action, const char *glob);

Adds to the given actionlist of chgrp sandboxing.

Returns 0 on success, negated errno on failure.

syd_chgrp_del() 

int syd_chgrp_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of chgrp sandboxing.

Returns 0 on success, negated errno on failure.

syd_chgrp_rem() 

int syd_chgrp_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of chgrp sandboxing.

Returns 0 on success, negated errno on failure.

syd_chmod_add() 

int syd_chmod_add(​action_t action, const char *glob);

Adds to the given actionlist of chmod sandboxing.

Returns 0 on success, negated errno on failure.

syd_chmod_del() 

int syd_chmod_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of chmod sandboxing.

Returns 0 on success, negated errno on failure.

syd_chmod_rem() 

int syd_chmod_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of chmod sandboxing.

Returns 0 on success, negated errno on failure.

syd_chown_add() 

int syd_chown_add(​action_t action, const char *glob);

Adds to the given actionlist of chown sandboxing.

Returns 0 on success, negated errno on failure.

syd_chown_del() 

int syd_chown_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of chown sandboxing.

Returns 0 on success, negated errno on failure.

syd_chown_rem() 

int syd_chown_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of chown sandboxing.

Returns 0 on success, negated errno on failure.

syd_chroot_add() 

int syd_chroot_add(​action_t action, const char *glob);

Adds to the given actionlist of chroot sandboxing.

Returns 0 on success, negated errno on failure.

syd_chroot_del() 

int syd_chroot_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of chroot sandboxing.

Returns 0 on success, negated errno on failure.

syd_chroot_rem() 

int syd_chroot_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of chroot sandboxing.

Returns 0 on success, negated errno on failure.

syd_create_add() 

int syd_create_add(​action_t action, const char *glob);

Adds to the given actionlist of create sandboxing.

Returns 0 on success, negated errno on failure.

syd_create_del() 

int syd_create_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of create sandboxing.

Returns 0 on success, negated errno on failure.

syd_create_rem() 

int syd_create_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of create sandboxing.

Returns 0 on success, negated errno on failure.

syd_default_block() 

int syd_default_block(​action_t action);

Set the default action for IP blocklist violations.

syd_default_chattr() 

int syd_default_chattr(​action_t action);

Set the default action for Chattr Sandboxing.

syd_default_chdir() 

int syd_default_chdir(​action_t action);

Set the default action for Chdir Sandboxing.

syd_default_chgrp() 

int syd_default_chgrp(​action_t action);

Set the default action for Chgrp Sandboxing.

syd_default_chmod() 

int syd_default_chmod(​action_t action);

Set the default action for Chmod Sandboxing.

syd_default_chown() 

int syd_default_chown(​action_t action);

Set the default action for Chown Sandboxing.

syd_default_chroot() 

int syd_default_chroot(​action_t action);

Set the default action for Chroot Sandboxing.

syd_default_create() 

int syd_default_create(​action_t action);

Set the default action for Create Sandboxing.

syd_default_delete() 

int syd_default_delete(​action_t action);

Set the default action for Delete Sandboxing.

syd_default_exec() 

int syd_default_exec(​action_t action);

Set the default action for Exec Sandboxing.

syd_default_force() 

int syd_default_force(​action_t action);

Set the default action for Force Sandboxing.

syd_default_ioctl() 

int syd_default_ioctl(​action_t action);

Set the default action for Ioctl Sandboxing.

syd_default_mem() 

int syd_default_mem(​action_t action);

Set the default action for Memory Sandboxing.

syd_default_mkdev() 

int syd_default_mkdev(​action_t action);

Set the default action for Mkdev Sandboxing.

syd_default_mkdir() 

int syd_default_mkdir(​action_t action);

Set the default action for Mkdir Sandboxing.

syd_default_mkfifo() 

int syd_default_mkfifo(​action_t action);

Set the default action for Mkfifo Sandboxing.

syd_default_mktemp() 

int syd_default_mktemp(​action_t action);

Set the default action for Mktemp Sandboxing.

syd_default_net() 

int syd_default_net(​action_t action);

Set the default action for Network Sandboxing.

syd_default_pid() 

int syd_default_pid(​action_t action);

Set the default action for PID Sandboxing.

syd_default_read() 

int syd_default_read(​action_t action);

Set the default action for Read Sandboxing.

syd_default_readdir() 

int syd_default_readdir(​action_t action);

Set the default action for Readdir Sandboxing.

syd_default_rename() 

int syd_default_rename(​action_t action);

Set the default action for Rename Sandboxing.

syd_default_rmdir() 

int syd_default_rmdir(​action_t action);

Set the default action for Rmdir Sandboxing.

syd_default_segvguard() 

int syd_default_segvguard(​action_t action);

Set the default action for SegvGuard

syd_default_stat() 

int syd_default_stat(​action_t action);

Set the default action for Stat Sandboxing.

int syd_default_symlink(​action_t action);

Set the default action for Symlink Sandboxing.

syd_default_tpe() 

int syd_default_tpe(​action_t action);

Set the default action for TPE Sandboxing.

syd_default_truncate() 

int syd_default_truncate(​action_t action);

Set the default action for Truncate Sandboxing.

syd_default_utime() 

int syd_default_utime(​action_t action);

Set the default action for Utime Sandboxing.

syd_default_write() 

int syd_default_write(​action_t action);

Set the default action for Write Sandboxing.

syd_delete_add() 

int syd_delete_add(​action_t action, const char *glob);

Adds to the given actionlist of delete sandboxing.

Returns 0 on success, negated errno on failure.

syd_delete_del() 

int syd_delete_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of delete sandboxing.

Returns 0 on success, negated errno on failure.

syd_delete_rem() 

int syd_delete_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of delete sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_chattr() 

int syd_disable_chattr(​void);

Disable chattr sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_chdir() 

int syd_disable_chdir(​void);

Disable chdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_chgrp() 

int syd_disable_chgrp(​void);

Disable chgrp sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_chmod() 

int syd_disable_chmod(​void);

Disable chmod sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_chown() 

int syd_disable_chown(​void);

Disable chown sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_chroot() 

int syd_disable_chroot(​void);

Disable chroot sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_create() 

int syd_disable_create(​void);

Disable create sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_delete() 

int syd_disable_delete(​void);

Disable delete sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_exec() 

int syd_disable_exec(​void);

Disable exec sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_force() 

int syd_disable_force(​void);

Disable force sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_ioctl() 

int syd_disable_ioctl(​void);

Disable ioctl sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_mem() 

int syd_disable_mem(​void);

Disable memory sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_mkdev() 

int syd_disable_mkdev(​void);

Disable mkdev sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_mkdir() 

int syd_disable_mkdir(​void);

Disable mkdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_mkfifo() 

int syd_disable_mkfifo(​void);

Disable mkfifo sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_mktemp() 

int syd_disable_mktemp(​void);

Disable mktemp sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_net() 

int syd_disable_net(​void);

Disable net sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_pid() 

int syd_disable_pid(​void);

Disable PID sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_read() 

int syd_disable_read(​void);

Disable read sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_readdir() 

int syd_disable_readdir(​void);

Disable readdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_rename() 

int syd_disable_rename(​void);

Disable rename sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_rmdir() 

int syd_disable_rmdir(​void);

Disable rmdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_stat() 

int syd_disable_stat(​void);

Disable stat sandboxing.

Returns 0 on success, negated errno on failure.

int syd_disable_symlink(​void);

Disable symlink sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_tpe() 

int syd_disable_tpe(​void);

Disable TPE sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_truncate() 

int syd_disable_truncate(​void);

Disable truncate sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_utime() 

int syd_disable_utime(​void);

Disable utime sandboxing.

Returns 0 on success, negated errno on failure.

syd_disable_write() 

int syd_disable_write(​void);

Disable write sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_chattr() 

int syd_enable_chattr(​void);

Enable chattr sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_chdir() 

int syd_enable_chdir(​void);

Enable chdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_chgrp() 

int syd_enable_chgrp(​void);

Enable chgrp sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_chmod() 

int syd_enable_chmod(​void);

Enable chmod sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_chown() 

int syd_enable_chown(​void);

Enable chown sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_chroot() 

int syd_enable_chroot(​void);

Enable chroot sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_create() 

int syd_enable_create(​void);

Enable create sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_delete() 

int syd_enable_delete(​void);

Enable delete sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_exec() 

int syd_enable_exec(​void);

Enable exec sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_force() 

int syd_enable_force(​void);

Enable force sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_ioctl() 

int syd_enable_ioctl(​void);

Enable ioctl sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_mem() 

int syd_enable_mem(​void);

Enable memory sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_mkdev() 

int syd_enable_mkdev(​void);

Enable mkdev sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_mkdir() 

int syd_enable_mkdir(​void);

Enable mkdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_mkfifo() 

int syd_enable_mkfifo(​void);

Enable mkfifo sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_mktemp() 

int syd_enable_mktemp(​void);

Enable mktemp sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_net() 

int syd_enable_net(​void);

Enable net sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_pid() 

int syd_enable_pid(​void);

Enable PID sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_read() 

int syd_enable_read(​void);

Enable read sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_readdir() 

int syd_enable_readdir(​void);

Enable readdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_rename() 

int syd_enable_rename(​void);

Enable rename sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_rmdir() 

int syd_enable_rmdir(​void);

Enable rmdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_stat() 

int syd_enable_stat(​void);

Enable stat sandboxing.

Returns 0 on success, negated errno on failure.

int syd_enable_symlink(​void);

Enable symlink sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_tpe() 

int syd_enable_tpe(​void);

Enable TPE sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_truncate() 

int syd_enable_truncate(​void);

Enable truncate sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_utime() 

int syd_enable_utime(​void);

Enable utime sandboxing.

Returns 0 on success, negated errno on failure.

syd_enable_write() 

int syd_enable_write(​void);

Enable write sandboxing.

Returns 0 on success, negated errno on failure.

syd_enabled_chattr() 

bool syd_enabled_chattr(​void);

syd_enabled_chdir() 

bool syd_enabled_chdir(​void);

syd_enabled_chgrp() 

bool syd_enabled_chgrp(​void);

syd_enabled_chmod() 

bool syd_enabled_chmod(​void);

syd_enabled_chown() 

bool syd_enabled_chown(​void);

syd_enabled_chroot() 

bool syd_enabled_chroot(​void);

syd_enabled_create() 

bool syd_enabled_create(​void);

syd_enabled_crypt() 

bool syd_enabled_crypt(​void);

syd_enabled_delete() 

bool syd_enabled_delete(​void);

syd_enabled_exec() 

bool syd_enabled_exec(​void);

syd_enabled_force() 

bool syd_enabled_force(​void);

syd_enabled_ioctl() 

bool syd_enabled_ioctl(​void);

syd_enabled_lock() 

bool syd_enabled_lock(​void);

syd_enabled_mem() 

bool syd_enabled_mem(​void);

syd_enabled_mkdev() 

bool syd_enabled_mkdev(​void);

syd_enabled_mkdir() 

bool syd_enabled_mkdir(​void);

syd_enabled_mkfifo() 

bool syd_enabled_mkfifo(​void);

syd_enabled_mktemp() 

bool syd_enabled_mktemp(​void);

syd_enabled_net() 

bool syd_enabled_net(​void);

syd_enabled_pid() 

bool syd_enabled_pid(​void);

syd_enabled_proxy() 

bool syd_enabled_proxy(​void);

syd_enabled_read() 

bool syd_enabled_read(​void);

syd_enabled_readdir() 

bool syd_enabled_readdir(​void);

syd_enabled_rename() 

bool syd_enabled_rename(​void);

syd_enabled_rmdir() 

bool syd_enabled_rmdir(​void);

syd_enabled_stat() 

bool syd_enabled_stat(​void);
bool syd_enabled_symlink(​void);

syd_enabled_tpe() 

bool syd_enabled_tpe(​void);

syd_enabled_truncate() 

bool syd_enabled_truncate(​void);

syd_enabled_utime() 

bool syd_enabled_utime(​void);

syd_enabled_write() 

bool syd_enabled_write(​void);

syd_exec() 

int syd_exec(​const char *file, const char **argv);

Execute a command outside the sandbox without sandboxing

# Safety

This function is marked `unsafe` because it dereferences raw pointers, which is inherently unsafe in Rust.

The caller must ensure the following conditions are met to safely use this function:

1. The `file` pointer must point to a valid, null-terminated C-style string.

2. The `argv` pointer must point to an array of pointers, where each pointer refers to a valid, null-terminated C-style string. The last pointer in the array must be null, indicating the end of the array.

3. The memory pointed to by `file` and `argv` must remain valid for the duration of the call.

Failing to uphold these guarantees can lead to undefined behavior, including memory corruption and data races.

Returns 0 on success, negated errno on failure.

syd_exec_add() 

int syd_exec_add(​action_t action, const char *glob);

Adds to the given actionlist of exec sandboxing.

Returns 0 on success, negated errno on failure.

syd_exec_del() 

int syd_exec_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of exec sandboxing.

Returns 0 on success, negated errno on failure.

syd_exec_rem() 

int syd_exec_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of exec sandboxing.

Returns 0 on success, negated errno on failure.

syd_force_add() 

int syd_force_add(​const char *path, const char *hash, action_t action);

Adds an entry to the Integrity Force map for Force Sandboxing.

# Safety

This function is marked `unsafe` because it dereferences raw pointers, which is inherently unsafe in Rust.

The caller must ensure the following conditions are met to safely use this function:

1. The `path` pointer must point to a valid, null-terminated C-style string. 2. The `hash` pointer must point to a valid, null-terminated C-style string.

syd_force_clr() 

int syd_force_clr(​void);

Clears the Integrity Force map for Force Sandboxing.

syd_force_del() 

int syd_force_del(​const char *path);

Removes an entry from the Integrity Force map for Force Sandboxing. # Safety

This function is marked `unsafe` because it dereferences raw pointers, which is inherently unsafe in Rust.

The caller must ensure the following conditions are met to safely use this function:

1. The `path` pointer must point to a valid, null-terminated C-style string.

syd_ioctl_add() 

int syd_ioctl_add(​action_t action, const char *glob);

Adds to the given actionlist of ioctl sandboxing.

Returns 0 on success, negated errno on failure.

syd_ioctl_del() 

int syd_ioctl_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of ioctl sandboxing.

Returns 0 on success, negated errno on failure.

syd_ioctl_deny() 

int syd_ioctl_deny(​uint64_t request);

Adds a request to the _ioctl_(2) denylist.

syd_ioctl_rem() 

int syd_ioctl_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of ioctl sandboxing.

Returns 0 on success, negated errno on failure.

syd_load() 

int syd_load(​int fd);

Causes syd to read configuration from the given file descriptor.

Returns 0 on success, negated errno on failure.

syd_lock() 

int syd_lock(​lock_state_t state);

Sets the state of the sandbox lock.

state: The desired state of the sandbox lock.

Returns 0 on success, negated errno on failure.

syd_mem_max() 

int syd_mem_max(​const char *size);

Set syd maximum per-process memory usage limit for memory sandboxing.

parse-size crate is used to parse the value so formatted strings are OK.

Returns 0 on success, negated errno on failure.

syd_mem_vm_max() 

int syd_mem_vm_max(​const char *size);

Set syd maximum per-process virtual memory usage limit for memory sandboxing.

parse-size crate is used to parse the value so formatted strings are OK.

Returns 0 on success, negated errno on failure.

syd_mkdev_add() 

int syd_mkdev_add(​action_t action, const char *glob);

Adds to the given actionlist of mkdev sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkdev_del() 

int syd_mkdev_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of mkdev sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkdev_rem() 

int syd_mkdev_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of mkdev sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkdir_add() 

int syd_mkdir_add(​action_t action, const char *glob);

Adds to the given actionlist of mkdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkdir_del() 

int syd_mkdir_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of mkdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkdir_rem() 

int syd_mkdir_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of mkdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkfifo_add() 

int syd_mkfifo_add(​action_t action, const char *glob);

Adds to the given actionlist of mkfifo sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkfifo_del() 

int syd_mkfifo_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of mkfifo sandboxing.

Returns 0 on success, negated errno on failure.

syd_mkfifo_rem() 

int syd_mkfifo_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of mkfifo sandboxing.

Returns 0 on success, negated errno on failure.

syd_mktemp_add() 

int syd_mktemp_add(​action_t action, const char *glob);

Adds to the given actionlist of mktemp sandboxing.

Returns 0 on success, negated errno on failure.

syd_mktemp_del() 

int syd_mktemp_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of mktemp sandboxing.

Returns 0 on success, negated errno on failure.

syd_mktemp_rem() 

int syd_mktemp_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of mktemp sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_bind_add() 

int syd_net_bind_add(​action_t action, const char *glob);

Adds to the given actionlist of net/bind sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_bind_del() 

int syd_net_bind_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of net/bind sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_bind_rem() 

int syd_net_bind_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of net/bind sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_connect_add() 

int syd_net_connect_add(​action_t action, const char *glob);

Adds to the given actionlist of net/connect sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_connect_del() 

int syd_net_connect_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of net/connect sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_connect_rem() 

int syd_net_connect_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of net/connect sandboxing.

Returns 0 on success, negated errno on failure.

int syd_net_link_add(​action_t action, const char *family);

Adds to the given actionlist of net/link sandboxing.

Returns 0 on success, negated errno on failure.

int syd_net_link_del(​action_t action, const char *family);

Removes the first instance from the end of the given actionlist of net/link sandboxing.

Returns 0 on success, negated errno on failure.

int syd_net_link_rem(​action_t action, const char *family);

Removes all matching patterns from the given actionlist of net/link sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_sendfd_add() 

int syd_net_sendfd_add(​action_t action, const char *glob);

Adds to the given actionlist of net/sendfd sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_sendfd_del() 

int syd_net_sendfd_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of net/sendfd sandboxing.

Returns 0 on success, negated errno on failure.

syd_net_sendfd_rem() 

int syd_net_sendfd_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of net/sendfd sandboxing.

Returns 0 on success, negated errno on failure.

syd_panic() 

int syd_panic(​void);

Causes syd to exit immediately with code 127

Returns 0 on success, negated errno on failure.

syd_pid_max() 

int syd_pid_max(​size_t size);

Set syd maximum process id limit for PID sandboxing

Returns 0 on success, negated errno on failure.

syd_read_add() 

int syd_read_add(​action_t action, const char *glob);

Adds to the given actionlist of read sandboxing.

Returns 0 on success, negated errno on failure.

syd_read_del() 

int syd_read_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of read sandboxing.

Returns 0 on success, negated errno on failure.

syd_read_rem() 

int syd_read_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of read sandboxing.

Returns 0 on success, negated errno on failure.

syd_readdir_add() 

int syd_readdir_add(​action_t action, const char *glob);

Adds to the given actionlist of readdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_readdir_del() 

int syd_readdir_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of readdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_readdir_rem() 

int syd_readdir_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of readdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_rename_add() 

int syd_rename_add(​action_t action, const char *glob);

Adds to the given actionlist of rename sandboxing.

Returns 0 on success, negated errno on failure.

syd_rename_del() 

int syd_rename_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of rename sandboxing.

Returns 0 on success, negated errno on failure.

syd_rename_rem() 

int syd_rename_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of rename sandboxing.

Returns 0 on success, negated errno on failure.

syd_reset() 

int syd_reset(​void);

Causes syd to reset sandboxing to the default state. Allowlists, denylists and filters are going to be cleared.

Returns 0 on success, negated errno on failure.

syd_rmdir_add() 

int syd_rmdir_add(​action_t action, const char *glob);

Adds to the given actionlist of rmdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_rmdir_del() 

int syd_rmdir_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of rmdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_rmdir_rem() 

int syd_rmdir_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of rmdir sandboxing.

Returns 0 on success, negated errno on failure.

syd_segvguard_expiry() 

int syd_segvguard_expiry(​uint64_t timeout);

Specify SegvGuard entry expiry timeout in seconds. Setting this timeout to 0 effectively disables SegvGuard.

Returns 0 on success, negated errno on failure.

syd_segvguard_maxcrashes() 

int syd_segvguard_maxcrashes(​uint8_t max);

Specify SegvGuard max number of crashes before suspension.

Returns 0 on success, negated errno on failure.

syd_segvguard_suspension() 

int syd_segvguard_suspension(​uint64_t timeout);

Specify SegvGuard entry suspension timeout in seconds.

Returns 0 on success, negated errno on failure.

syd_stat_add() 

int syd_stat_add(​action_t action, const char *glob);

Adds to the given actionlist of stat sandboxing.

Returns 0 on success, negated errno on failure.

syd_stat_del() 

int syd_stat_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of stat sandboxing.

Returns 0 on success, negated errno on failure.

syd_stat_rem() 

int syd_stat_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of stat sandboxing.

Returns 0 on success, negated errno on failure.

int syd_symlink_add(​action_t action, const char *glob);

Adds to the given actionlist of symlink sandboxing.

Returns 0 on success, negated errno on failure.

int syd_symlink_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of symlink sandboxing.

Returns 0 on success, negated errno on failure.

int syd_symlink_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of symlink sandboxing.

Returns 0 on success, negated errno on failure.

syd_truncate_add() 

int syd_truncate_add(​action_t action, const char *glob);

Adds to the given actionlist of truncate sandboxing.

Returns 0 on success, negated errno on failure.

syd_truncate_del() 

int syd_truncate_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of truncate sandboxing.

Returns 0 on success, negated errno on failure.

syd_truncate_rem() 

int syd_truncate_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of truncate sandboxing.

Returns 0 on success, negated errno on failure.

syd_utime_add() 

int syd_utime_add(​action_t action, const char *glob);

Adds to the given actionlist of utime sandboxing.

Returns 0 on success, negated errno on failure.

syd_utime_del() 

int syd_utime_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of utime sandboxing.

Returns 0 on success, negated errno on failure.

syd_utime_rem() 

int syd_utime_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of utime sandboxing.

Returns 0 on success, negated errno on failure.

syd_write_add() 

int syd_write_add(​action_t action, const char *glob);

Adds to the given actionlist of write sandboxing.

Returns 0 on success, negated errno on failure.

syd_write_del() 

int syd_write_del(​action_t action, const char *glob);

Removes the first instance from the end of the given actionlist of write sandboxing.

Returns 0 on success, negated errno on failure.

syd_write_rem() 

int syd_write_rem(​action_t action, const char *glob);

Removes all matching patterns from the given actionlist of write sandboxing.

Returns 0 on success, negated errno on failure.