Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/federicoceratto/nim-seccomp

Seccomp (libseccomp2) adapter for the Nim language
https://github.com/federicoceratto/nim-seccomp

nim nim-lang seccomp security

Last synced: 6 days ago
JSON representation

Seccomp (libseccomp2) adapter for the Nim language

Awesome Lists containing this project

README 

        
## nim-seccomp



Nim adapter for the https://en.wikipedia.org/wiki/Seccomp[Seccomp sandbox] facility



image:https://img.shields.io/badge/status-beta-orange.svg[badge]

image:https://img.shields.io/github/tag/FedericoCeratto/nim-seccomp.svg[tags]

image:https://img.shields.io/badge/License-LGPL%20v3-blue.svg[License]



### Features



* Provides a high-level adaptor in seccomp.nim

* Low-level wrapper in seccomp_lowlevel.nim

* Tested on Linux

* Basic tests



### Installation



[source,bash]

----

sudo apt-get install libseccomp2

nimble install seccomp

----



### Usage



Refer to the generated documentation for the

link:https://federicoceratto.github.io/nim-seccomp/docs/0.1.0/seccomp.html[seccomp]

and

link:https://federicoceratto.github.io/nim-seccomp/docs/0.1.0/seccomp_lowlevel.html[seccomp_lowlevel]

modules



[source,nim]

----

import seccomp



setSeccomp("write exit_group")



echo """Seccomp is now enabled. Future attempts to change the Seccomp configuration

or to call forbidden system calls will cause the process to be terminated"""



# e.g. createDir("/tmp/foo")

----



or:

[source,nim]

----

import seccomp



let ctx = seccomp_ctx()

ctx.add_rule(Allow, "write")

ctx.add_rule(Allow, "exit_group")

ctx.load()



----



https://github.com/FedericoCeratto/nim-seccomp/blob/master/tests/trigger_seccomp.nim[tests/trigger_seccomp.nim] contains running examples of syscalls that will be blocked



### Contributing



Testing and PRs are welcome.



Running tests:



[source,bash]

----

nimble test

nimble test_trigger_seccomp

----