1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# unveil-rs
[](https://crates.io/crates/unveil)
[](https://docs.rs/unveil)
Rust binding for OpenBSD's [unveil(2)](https://man.openbsd.org/unveil.2).
## Requirements
- OpenBSD 6.4 or later
## Usage
```rust
extern crate unveil;
use std::fs::File;
use std::io::prelude::*;
use unveil::unveil;
fn main() {
let path = "public.txt";
let contents = b"Hello world!";
File::create(path).unwrap().write_all(contents).unwrap();
// Restrict filesystem view by only allowing read operations on the specified path
unveil(path, "r")
.or_else(unveil::Error::ignore_platform)
.unwrap();
// Reading from unveiled paths will succeed
let mut file = File::open(path).unwrap();
let mut buffer = Vec::new();
file.read_to_end(&mut buffer).unwrap();
assert_eq!(contents, &buffer[..]);
// Reading from paths which have not been unveiled will fail
assert!(File::open("/etc/passwd").is_err());
// Disable further calls to unveil
unveil("", "")
.or_else(unveil::Error::ignore_platform)
.unwrap();
// All calls to unveil will now fail
assert!(unveil(path, "rw").is_err());
}
```
## Related projects
- [pledge-rs](https://crates.io/crates/pledge) - Rust binding for OpenBSD's pledge(2).
|
