Nim adapter for the https://en.wikipedia.org/wiki/Seccomp[Seccomp sandbox] facility
image:https://img.shields.io/badge/status-beta-orange.svg[badge] image:https://img.shields.io/github/tag/FedericoCeratto/nim-seccomp.svg[tags] image:https://img.shields.io/badge/License-LGPL%20v3-blue.svg[License]
Refer to the generated documentation for the link:https://federicoceratto.github.io/nim-seccomp/docs/0.1.0/seccomp.html[seccomp] and link:https://federicoceratto.github.io/nim-seccomp/docs/0.1.0/seccomp_lowlevel.html[seccomp_lowlevel] modules
import seccomp
setSeccomp("write exit_group")
echo """Seccomp is now enabled. Future attempts to change the Seccomp configuration or to call forbidden system calls will cause the process to be terminated"""
import seccomp
let ctx = seccomp_ctx() ctx.add_rule(Allow, "write") ctx.add_rule(Allow, "exit_group") ctx.load()
https://github.com/FedericoCeratto/nim-seccomp/blob/master/tests/trigger_seccomp.nim[tests/trigger_seccomp.nim] contains running examples of syscalls that will be blocked
Testing and PRs are welcome.
Running tests: