Rust implementation of a FreeBSD jail library

Related tags

Platform specific rust freebsd jails rust-library freebsd-jail-manager freebsd-jails
Overview

libjail-rs

Crates.io GitHub last commit Gitter Libraries.io for releases Crates.io Crates.io BuildBot Travis Docs: x86_64-unknown-freebsd Docs: i686-unknown-freebsd FOSSA Status

libjail-rs aims to be a rust implementation of the FreeBSD jail(3) library. While feature parity is a goal, a one-to-one implementation of all functions in jail(3) is not.

Is it any good?

Yes.

Can I use it?

This library is still under heavy development, but seems to work so far. No stability guarantees are made.

How do I use it?

jail = "*"

Execute a command in a jail:

use jail::process::Jailed;
use jail::StoppedJail;
use std::process::Command;

fn main() {
    let stopped = StoppedJail::new("/path/to/root")
        .name("alcatraz")
        .ip("127.0.1.2".parse().unwrap())
        .ip("fe80::2".parse().unwrap * ())
        .param("allow.raw_sockets", param::Value::Int(1));

    let running = stopped.start().expect("Couldn't start Jail");

    let output = Command::new("hostname")
        .jail(&running)
        .output()
        .expect("Failed to execute command");

    println!("output: {:?}", output.stdout);

    running.kill();
}

Is it fast?

There are a few benchmarks included. Run them with sudo cargo bench (yes, starting a jail requires being root).

These are some results on my laptop, on slow, spinning disks:

test echo_helloworld_free       ... bench:     271,418 ns/iter (+/- 17,522)
test echo_helloworld_jailed     ... bench:     461,749 ns/iter (+/- 26,267)
test get_ips                    ... bench:      29,591 ns/iter (+/- 3,315)
test start_echo_helloworld_stop ... bench:     504,978 ns/iter (+/- 23,717)
test start_stop_ipjail          ... bench:      27,220 ns/iter (+/- 2,141)
test start_stop_ipv4jail        ... bench:      26,307 ns/iter (+/- 2,159)
test start_stop_ipv6jail        ... bench:      26,988 ns/iter (+/- 2,486)
test start_stop_jail            ... bench:      25,760 ns/iter (+/- 2,244)

License

FOSSA Status

Comments
  • Consumers of libjail-rs need to increase type_length_limit

    Consumers of libjail-rs need to increase type_length_limit

    Describe the bug Rust 1.35.0 has broken some things via what is described in https://github.com/rust-lang/rust/issues/58952, meaning libjail-rs no longer compiles.

    To Reproduce Attempt to compile under Rust 1.35.0

    Expected behavior The crate compiles.

    Additional context I’m not sure if there is anything for libjail to do here, but I thought a tracking issue might be good.

    upstream tracking 
    opened by phyber 14
  • RCTL/RACCT Support

    RCTL/RACCT Support

    Closes #8

    • Implement wrappers for RCTL structures (moved to fubarnetes/rctl):
      • [X] Subject
        • [X] impl Display
        • [X] Parser
        • [X] Docs
      • [X] Action
        • [X] impl Display
        • [X] Parser
        • [X] Docs
      • [X] Resource
        • [X] impl Display
        • [X] Parser
        • [X] Docs
      • [X] Limit
        • [x] impl Display
        • [X] Parser
        • [x] Docs
      • [x] Rule
        • [x] impl Display
        • [x] Parser
        • [x] Docs
      • [x] Filter
        • [x] impl Display
        • [x] Docs
    • wrap functions (moved to fubarnetes/rctl):
      • [x] Check kernel RCTL/RACCT support
      • [X] Iteration over all rules matching a Filter
      • [X] Iteration over all rules applying to a Subject
      • [X] add a rule
      • [X] remove all rules matching a Filter
      • [x] get accounting information for a subject
    • Jail Boilerplate:
      • [X] Convenient wrapper to set rules on a StoppedJail, so that they get applied on jail start.
      • [X] Convenient wrapper to get resource usage information
    enhancement 
    opened by fabianfreyer 14
  • Update nix requirement from ^0.11.0 to ^0.12.0

    Update nix requirement from ^0.11.0 to ^0.12.0

    Updates the requirements on nix to permit the latest version.

    Changelog

    Sourced from nix's changelog.

    [0.12.0] 2018-11-28

    Added

    • Added FromStr and Display impls for nix::sys::Signal (#884)
    • Added a sync wrapper. (#961)
    • Added a sysinfo wrapper. (#922)
    • Support the SO_PEERCRED socket option and the UnixCredentials type on all Linux and Android targets. (#921)
    • Added support for SCM_CREDENTIALS, allowing to send process credentials over Unix sockets. (#923)
    • Added a dir module for reading directories (wraps fdopendir, readdir, and rewinddir). (#916)
    • Added kmod module that allows loading and unloading kernel modules on Linux. (#930)
    • Added futimens and utimesat wrappers (#944), an lutimes wrapper (#967), and a utimes wrapper (#946).
    • Added AF_UNSPEC wrapper to AddressFamily (#948)
    • Added the mode_t public alias within sys::stat. (#954)
    • Added a truncate wrapper. (#956)
    • Added a fchownat wrapper. (#955)
    • Added support for ptrace on BSD operating systems (#949)
    • Added ptrace functions for reads and writes to tracee memory and ptrace kill (#949) (#958)
    • Added a acct wrapper module for enabling and disabling process accounting (#952)
    • Added the time_t and suseconds_t public aliases within sys::time. (#968)
    • Added unistd::execvpe for Haiku, Linux and OpenBSD (#975)
    • Added Error::as_errno. (#977)

    Changed

    • Increased required Rust version to 1.24.1 (#900) (#966)

    Fixed

    • Made preadv take immutable slice of IoVec. (#914)
    • Fixed passing multiple file descriptors over Unix Sockets. (#918)
    ... (truncated)
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Pull request limits (per update run and/or open at any time)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)

    Finally, you can contact us by mentioning @dependabot.

    dependencies 
    opened by dependabot-preview[bot] 6
  • RCTL/RACCT statistics

    RCTL/RACCT statistics

    Import the rctl(8) code from phyber/jail_exporter. I guess the API could be something along the lines of:

    fn RunningJail::resource_usage(&self) -> Result<HashMap<String,i64>,JailError>

    If RCTL/RACCT are unavailable or disabled, an appropriate JailError should be returned.

    enhancement 
    opened by fabianfreyer 5
  • chore(deps): update nix requirement from ^0.17.0 to ^0.20.0

    chore(deps): update nix requirement from ^0.17.0 to ^0.20.0

    Updates the requirements on nix to permit the latest version.

    Changelog

    Sourced from nix's changelog.

    [0.20.0] - 20 February 2021

    Added

    • Added a passwd field to Group (#1338)
    • Added mremap (#1306)
    • Added personality (#1331)
    • Added limited Fuchsia support (#1285)
    • Added getpeereid (#1342)
    • Implemented IntoIterator for Dir (#1333).

    Changed

    • Minimum supported Rust version is now 1.40.0. (#1356)
    • i686-apple-darwin has been demoted to Tier 2 support, because it's deprecated by Xcode. (#1350)
    • Fixed calling recvfrom on an AddrFamily::Packet socket (#1344)

    Fixed

    • TimerFd now closes the underlying fd on drop. (#1381)
    • Define *_MAGIC filesystem constants on Linux s390x (#1372)
    • mqueue, sysinfo, timespec, statfs, test_ptrace_syscall() on x32 (#1366)

    Removed

    • Dir, SignalFd, and PtyMaster are no longer Clone. (#1382)
    • Removed SockLevel, which hasn't been used for a few years (#1362)
    • Removed both Copy and Clone from TimerFd. (#1381)

    [0.19.1] - 28 November 2020

    Fixed

    • Fixed bugs in recvmmsg. (#1341)

    [0.19.0] - 6 October 2020

    Added

    • Added Netlink protocol families to the SockProtocol enum (#1289)
    • Added clock_gettime, clock_settime, clock_getres, clock_getcpuclockid functions and ClockId struct. (#1281)

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 4
  • Consider Cirrus-ci.com instead of buildbot

    Consider Cirrus-ci.com instead of buildbot

    Like you, I setup a Buildbot server for my Rust projects to test on FreeBSD. But that takes $$$ and ongoing maintenance effort. Recently, https://cirrus-ci.com added a free FreeBSD build option. libc, nix, xattr, mio-aio, and tokio-file are already using it. It runs in a full VM, which is handy when testing jail-related code. You should check it out.

    opened by asomers 4
  • chore(deps): update strum requirement from 0.20.0 to 0.21.0

    chore(deps): update strum requirement from 0.20.0 to 0.21.0

    Updates the requirements on strum to permit the latest version.

    Changelog

    Sourced from strum's changelog.

    Changelog

    0.20.0

    • Refactors to do better error handling. Thanks @​jplatte for these changes

    • Adding vis(scope) to EnumDiscriminants. #137

      • This feature works best with versions of rust >= 1.34 due to a rustc parsing error in earlier versions.
      • Earlier versions can still use vis(r#pub)

    • These changes should not be breaking, but the amount of code modified was significant.

    • FYI about #122. The macro renames feature will be removed in early 2021. This feature was only necessary in rust 2015 because macros didn't support qualified imports so macro names could collide between crates.

    0.19.4 / 0.19.5

    • Updated docs

    0.19.3

    • Properly error on malformed strum attributes. #119
      • These types of inputs have historically been ignore silently. This may break code that is already incorrect.
    • Move docs back to rust docs. #121
    • Updated the docs a second time to improve discoverability.

    0.19.2

    0.19.1

    • Breaking Change: EnumVariantNames now properly adjusts to the to_string and serialize attributes.
    • There's a regression in this release that may make strum imcompatible with other plugins if those plugins use non-rust syntax in their attributes. #104

    0.19.0

    • Fixed a regression using nth_back. #85
    • Added repository to Cargo.toml. #90
    • Correctly handle fill align in Display impls. #95
    • Breaking Change: Use Associated Constant for EnumCount instead of const fn and free constant. #99 This behavior is consistent with the other derives.
    • Breaking Change. default and disabled should now be written as markers instead of key value pairs.

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 3
  • chore(deps): update strum requirement from 0.18.0 to 0.20.0

    chore(deps): update strum requirement from 0.18.0 to 0.20.0

    Updates the requirements on strum to permit the latest version.

    Changelog

    Sourced from strum's changelog.

    0.20.0

    • Refactors to do better error handling. Thanks @jplatte for these changes

    • Adding vis(scope) to EnumDiscriminants. #137

      • This feature works best with versions of rust >= 1.34 due to a rustc parsing error in earlier versions.
      • Earlier versions can still use vis(r#pub)

    • These changes should not be breaking, but the amount of code modified was significant.

    • FYI about #122. The macro renames feature will be removed in early 2021. This feature was only necessary in rust 2015 because macros didn't support qualified imports so macro names could collide between crates.

    0.19.4 / 0.19.5

    • Updated docs

    0.19.3

    • Properly error on malformed strum attributes. #119
      • These types of inputs have historically been ignore silently. This may break code that is already incorrect.
    • Move docs back to rust docs. #121
    • Updated the docs a second time to improve discoverability.

    0.19.2

    0.19.1

    • Breaking Change: EnumVariantNames now properly adjusts to the to_string and serialize attributes.
    • There's a regression in this release that may make strum imcompatible with other plugins if those plugins use non-rust syntax in their attributes. #104

    0.19.0

    • Fixed a regression using nth_back. #85
    • Added repository to Cargo.toml. #90
    • Correctly handle fill align in Display impls. #95
    • Breaking Change: Use Associated Constant for EnumCount instead of const fn and free constant. #99 This behavior is consistent with the other derives.
    • Breaking Change. default and disabled should now be written as markers instead of key value pairs. Here is the old way of adding these attributes to a variant.
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 3
  • chore(deps): update strum_macros requirement from 0.18.0 to 0.20.1

    chore(deps): update strum_macros requirement from 0.18.0 to 0.20.1

    Updates the requirements on strum_macros to permit the latest version.

    Changelog

    Sourced from strum_macros's changelog.

    Changelog

    0.20.0

    • Refactors to do better error handling. Thanks @jplatte for these changes

    • Adding vis(scope) to EnumDiscriminants. #137

      • This feature works best with versions of rust >= 1.34 due to a rustc parsing error in earlier versions.
      • Earlier versions can still use vis(r#pub)

    • These changes should not be breaking, but the amount of code modified was significant.

    • FYI about #122. The macro renames feature will be removed in early 2021. This feature was only necessary in rust 2015 because macros didn't support qualified imports so macro names could collide between crates.

    0.19.4 / 0.19.5

    • Updated docs

    0.19.3

    • Properly error on malformed strum attributes. #119
      • These types of inputs have historically been ignore silently. This may break code that is already incorrect.
    • Move docs back to rust docs. #121
    • Updated the docs a second time to improve discoverability.

    0.19.2

    0.19.1

    • Breaking Change: EnumVariantNames now properly adjusts to the to_string and serialize attributes.
    • There's a regression in this release that may make strum imcompatible with other plugins if those plugins use non-rust syntax in their attributes. #104

    0.19.0

    • Fixed a regression using nth_back. #85
    • Added repository to Cargo.toml. #90
    • Correctly handle fill align in Display impls. #95
    • Breaking Change: Use Associated Constant for EnumCount instead of const fn and free constant. #99 This behavior is consistent with the other derives.
    • Breaking Change. default and disabled should now be written as markers instead of key value pairs.
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 3
  • [vnet] Do not pass empty ip4.addr & ip6.addr params

    [vnet] Do not pass empty ip4.addr & ip6.addr params

    For vnet jails, passing either ip4.addr or ip6.addr params whether empty or not results in following error: vnet jails cannot have IP address restrictions.

    This change works the aforementioned problem around by checking whether the corresponding vectors are empty and if they are, not passing the parameters at all.

    opened by akhramov 3
  • mount.fstab fails

    mount.fstab fails

    Hi - Thanks for the library kind of cool that so many freebsd primatives are coming to Rust. I was testing out building a readonly jail using an fstab definition on my system.

    .param("mount.fstab", param::Value::String("/etc/fstab.rojail".to_string()))

    I got

    thread 'main' panicked at 'could not start jail: JailSetError("unknown parameter: mount.fstab")', src/libcore/result.rs:1009:5

    Looking at jail(8) I see it's a pseudo-parameter so I wasn't too surprised but thought I would raise this if you start to prioritize them.

    docs 
    opened by No9 3
  • chore(deps): update sysctl requirement from ~0.4.0 to ~0.5.4

    chore(deps): update sysctl requirement from ~0.4.0 to ~0.5.4

    Updates the requirements on sysctl to permit the latest version.

    Changelog

    Sourced from sysctl's changelog.

    [0.5.4] - 2022-12-09

    Changed

    • Bumped byteorder crate to 1.4.3 due to failing tests.

    [0.5.3] - 2022-12-09

    Added

    • Added accessor methods to destructure CtlValue.

    [0.5.2] - 2022-08-16

    Changed

    • CI minimum version test failing. Adjust versions to fix.

    [0.5.1] - 2022-08-16

    Changed

    • Remove crate version from example in readme.

    [0.5.0] - 2022-08-16

    Changed

    • Improve iOS support with new Ctl variant.
    • Increase minimum version of dependencies.

    [0.4.6] - 2022-08-07

    Changed

    • Can't have more than 5 keywords in Cargo.toml. Remove the added iOS keyword.

    [0.4.5] - 2022-08-07

    Changed

    • Enable use on iOS

    [0.4.4] - 2022-03-01

    Changed

    • Use fmt to determine the exact type for CtlType::Int on MacOS

    [0.4.3] - 2021-11-01

    Changed

    • Remove a leftover debug println.

    [0.4.2] - 2021-08-03

    Changed

    • Add Cirrus CI for FreeBSD, macOS and Linux.
    • Bump thiserror crate.
    • Use sysctlnametomib(3) where available.
    • Use sysctlbyname(3) on FreeBSD.
    • Tell docs.rs to build docs for FreeBSD too.
    • Don't include docs in package to reduce size.

    [0.4.1] - 2021-04-23

    Changed

    • Replace deprecated failure crate with thiserror.
    • Fix clippy lints.

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps): update nix requirement from ^0.22.0 to ^0.26.1

    chore(deps): update nix requirement from ^0.22.0 to ^0.26.1

    Updates the requirements on nix to permit the latest version.

    Changelog

    Sourced from nix's changelog.

    [0.26.1] - 2022-11-29

    Fixed

    • Fix UB with sys::socket::sockopt::SockType using SOCK_PACKET. (#1821)

    [0.26.0] - 2022-11-29

    Added

    • Added SockaddrStorage::{as_unix_addr, as_unix_addr_mut} (#1871)
    • Added MntFlags and unmount on all of the BSDs.
    • Added any() and all() to poll::PollFd. (#1877)
    • Add MntFlags and unmount on all of the BSDs. (#1849)
    • Added a Statfs::flags method. (#1849)
    • Added NSFS_MAGIC FsType on Linux and Android. (#1829)
    • Added sched_getcpu on platforms that support it. (#1825)
    • Added sched_getaffinity and sched_setaffinity on FreeBSD. (#1804)
    • Added line_discipline field to Termios on Linux, Android and Haiku (#1805)
    • Expose the memfd module on FreeBSD (memfd was added in FreeBSD 13) (#1808)
    • Added domainname field of UtsName on Android and Linux (#1817)
    • Re-export RLIM_INFINITY from libc (#1831)
    • Added syncfs(2) on Linux (#1833)
    • Added faccessat(2) on illumos (#1841)
    • Added eaccess() on FreeBSD, DragonFly and Linux (glibc and musl). (#1842)
    • Added IP_TOS SO_PRIORITY and IPV6_TCLASS sockopts for Linux (#1853)
    • Added new_unnamed and is_unnamed for UnixAddr on Linux and Android. (#1857)
    • Added SockProtocol::Raw for raw sockets (#1848)
    • added IP_MTU (IpMtu) IPPROTO_IP sockopt on Linux and Android. (#1865)

    Changed

    • The MSRV is now 1.56.1 (#1792)

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps): update strum_macros requirement from 0.21.1 to 0.24.3

    chore(deps): update strum_macros requirement from 0.21.1 to 0.24.3

    Updates the requirements on strum_macros to permit the latest version.

    Changelog

    Sourced from strum_macros's changelog.

    0.24.3 (strum_macros)

    • #231 Add ignore lints for EnumIter not implementing Copy or Debug on the generated iter struct. Copy should generally not be implemented on Iterators. Its an oversight that Debug isn't implemented, but it will be a breaking change to add that so it'll be added in a future version.

    0.24.2 (strum_macros)

    • #220. Add support for PHF in EnumString (opt-in runtime performance improvements for large enums as #[strum(use_phf)], requires phf feature and increases MSRV to 1.46)

      • #224 tweaked the algorithm.

    • Reverted #217 because it was disruptive and non-trivial to work around if you hit it.

    0.24.1 (Yanked becase #217 was more "breaking" than I wanted)

    • #220. Add support for PHF in EnumString (opt-in runtime performance improvements for large enums as #[strum(use_phf)], requires phf feature and increases MSRV to 1.46)
      • #224 tweaked the algorithm.
    • #217: Automatically implement TryFrom in FromRepr. This is technically a breaking change, but the fix is to just remove the manual implementation of TryFrom so it shouldn't be more than a minor inconvenience.

    0.24.0

    • #212. Fix some clippy lints

    • #209. Use core instead of std in a few places.

    • #206. Add get_documentation() to EnumMessage. This provides the ability to get the doc comment for a variant. Currently, very little formatting is done. That is subject to change. Please do not abuse this feature. Rust docs are meant for developer documentation, not long messages for users. However, this may be useful in some situations so we've added support for it.

    • #202. Add a missing doc comment

    • #201. Upgrade Heck version

    0.23.1

    • #193 Fixes an ambiguity introduced by #186 when your enum has a variant called Error.

    • #192 The work done in #189 was lost in other PR's. This re-added the functionality to support no-std.

    0.23.0

    • #185 Adds the FromRepr derive that adds a from_repr(x: usize) -> Option<Self> method to your enum. This lets you convert integer values to your enum. If you specify a #[repr(..)] attribute on your enum, or use an explicit discriminant, this will be incorporated into the derive.

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • chore(deps): update strum requirement from 0.21.0 to 0.24.1

    chore(deps): update strum requirement from 0.21.0 to 0.24.1

    Updates the requirements on strum to permit the latest version.

    Changelog

    Sourced from strum's changelog.

    0.24.1

    • #220. Add support for PHF in EnumString (opt-in runtime performance improvements for large enums as #[strum(use_phf)], requires phf feature and increases MSRV to 1.46)
      • #224 tweaked the algorithm.
    • #217: Automatically implement TryFrom in FromRepr. This is technically a breaking change, but the fix is to just remove the manual implementation of TryFrom so it shouldn't be more than a minor inconvenience.

    0.24.0

    • #212. Fix some clippy lints

    • #209. Use core instead of std in a few places.

    • #206. Add get_documentation() to EnumMessage. This provides the ability to get the doc comment for a variant. Currently, very little formatting is done. That is subject to change. Please do not abuse this feature. Rust docs are meant for developer documentation, not long messages for users. However, this may be useful in some situations so we've added support for it.

    • #202. Add a missing doc comment

    • #201. Upgrade Heck version

    0.23.1

    • #193 Fixes an ambiguity introduced by #186 when your enum has a variant called Error.

    • #192 The work done in #189 was lost in other PR's. This re-added the functionality to support no-std.

    0.23.0

    • #185 Adds the FromRepr derive that adds a from_repr(x: usize) -> Option<Self> method to your enum. This lets you convert integer values to your enum. If you specify a #[repr(..)] attribute on your enum, or use an explicit discriminant, this will be incorporated into the derive.

      • from_repr will be const if you use a recent rust version.
      • This cannot be a trait method currently because only inherent methods support const.

    • #186 Automatically implement TryFrom<str> for enums that implement EnumString. This is only enabled for rustc >= 1.34 which is when `TryFrom was stabilized.

      • This is a small breaking change. If you had manually implemented TryFrom<str> for your enum, this will cause a conflict. You can probably remove your manual implementation.

    • #189 Use core::result::Result instead of std::result::Result. This should be more portable in no-std environments.

    0.22.0

    • #180: Deprecates ToString derive. You should use Display instead.

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Unable to set jailed process uid

    Unable to set jailed process uid

    Describe the bug

    Inability to set uid of a jailed process.

    To Reproduce Consider the following use-case: I'm trying to change uid of a process running inside the jail. For that purpose I use std::os::unix::process::CommandExt.uid.

    In code:

    let stopped_jail = StoppedJail::new(&path)
    .name("container 42")
    .param("vnet", Value::Int(1))
    .param("enforce_statfs", Value::Int(1))
    .unwrap();

Command::new(command)
    .jail(&jail)
    .uid(uid)
    .gid(gid)
    .spawn()
    .unwrap();

    The spawn call returns EPERM error.

    Expected behavior The spawn call succeeds

    Additional context Underlying issue is jail_attach call. Per man page

    The jail_attach() and jail_remove() system calls will fail if:

    [EPERM] A user other than the super-user attempted to attach to or remove a jail.

    stdlib calls setuid here, before calling pre-exec hooks here. Since the process uid set to a non-priveleged user, alas, we fail.

    Possible workarounds

    Either

    • Attempt to change stdlib (unrealistically)
    • exec.jail_user. Well, not quite. It's not uid, not sure if it works for jail_attach.
    • just create another hook to call setuid there!

    WDYT?

    bug 
    opened by akhramov 2
Releases(v0.1.0)

  • v0.1.0(Oct 15, 2019)

    Changes

    Known Issues

    • Due to an issue with type_length_limit increasing exponentially, consumers of libjail-rs may have to set an increased type_length_limit on their crate. (#59)

    Added

    • implementations for TryFrom to start / stop jails.
    • example showing how to query RCTL usage.
    • code coverage with codecov.io. Unfortunately, this doesn't yet take docstests into account, so coverage is actually a bit better in reality.
    • serialization support for stopped jails with serde (#53)

    Changed

    • Published RunningJails as RunningJailIter
    • RunningJail::from_jid(...) now returns an Option<RunningJail> depending on whether a Jail exists with that JID. The old behaviour of RunningJail::from_jid(...) can be found in RunningJail::from_jid_unchecked(...)
    • Added debug logging using the log crate.

    Bugfixes

    • Increased type_length_limit to 17825821 to fix a build failure on Rust 1.35.0 (See #59, #60, https://github.com/rust-lang/rust/issues/58952).
    • RunningJails::params() now correctly fails when an error occurs while reading parameters.
    Source code(tar.gz)
    Source code(zip)

  • v0.0.6(Dec 25, 2018)

    Changes

    Added

    • support for setting tunable jail parameters
    • support for non-persistent jails

    Changed

    • examples/jls: fixed nix version mismatch with rctl crate
    • fixed jail teardown and save if RCTL not enabled
    • RunningJail now derives Copy.
    • RunningJail::jail_attach is now public.
    • RunningJail::save now no longer saves the vnet parameter if it is set to inherit (2). See #34.
    • updated rctl to 0.0.5
    • updated prettytable-rs to 0.8.0
    Source code(tar.gz)
    Source code(zip)
Owner
fubarnetes
fubarnetes
GitHub https://crates.io/crates/jail
Rust library for filesystems in userspace (FUSE)

Rust FUSE - Filesystem in Userspace About fuse-rs is a Rust library crate for easy implementation of FUSE filesystems in userspace. fuse-rs does not j

Andreas Neuhaus 916 Jan 9, 2023
Rust bindings to Linux Control Groups (cgroups)

cgroups-fs Native Rust library for managing Linux Control Groups (cgroups). This crate, curently, only supports the original, V1 hierarchy. You are we

Vlad Frolov 28 Nov 21, 2022
Idiomatic inotify wrapper for the Rust programming language

inotify-rs Idiomatic inotify wrapper for the Rust programming language. extern crate inotify; use std::env; use inotify::{ EventMask, Watch

Hanno Braun 220 Dec 26, 2022
nginx bindings for Rust

nginx-rs This crate provides nginx bindings for Rust. Currently, only Linux is supported. How to Use Add nginx crate to Cargo.toml [dependencies] ngin

ArvanCloud 104 Jan 2, 2023
Rust bindings for iptables

Rust iptables This crate provides bindings for iptables application in Linux (inspired by go-iptables). This crate uses iptables binary to manipulate

Navid 63 Nov 17, 2022
Rust friendly bindings to *nix APIs

Rust bindings to *nix APIs Documentation (Releases) Nix seeks to provide friendly bindings to various *nix platform APIs (Linux, Darwin, ...). The goa

null 2k Jan 4, 2023
Rust bindings to Windows API

winapi-rs Documentation Official communication channel: #windows-dev on the Rust Community Discord This crate provides raw FFI bindings to all of Wind

Peter Atashian 1.6k Jan 1, 2023
Freebsd-embedded-hal - Like linux-embedded-hal but FreeBSD

freebsd-embedded-hal Implementation of embedded-hal traits for FreeBSD devices: gpio: using libgpio, with stateful and toggleable support, with suppor

null 2 Oct 1, 2022
Rust bindings for the FreeBSD capsicum framework

capsicum Contain the awesome! Rust bindings for the FreeBSD capsicum framework for OS capability and sandboxing Prerequisites Rust, Cargo, and FreeBSD

Dan Robertson 52 Dec 5, 2022
An implementation of regular expressions for Rust. This implementation uses finite automata and guarantees linear time matching on all inputs.

regex A Rust library for parsing, compiling, and executing regular expressions. Its syntax is similar to Perl-style regular expressions, but lacks a f

The Rust Programming Language 2.6k Jan 8, 2023
rinflux is Rust based influx client implementation that have been inspired from influx other language implementation, developed with 💖

Unofficial InfluxDB Driver for Rust This library is a work in progress. This means a feature you might need is not implemented yet or could be handled

Workfoxes 1 Apr 7, 2022
A SIMD implementation of Keccak256 for aarch64, forked from Remco Bloeman's Goldilocks K12 implementation.

keccak256-aarch64 Warning This crate was forked from real cryptographers (Goldilocks by Remco Bloeman), by not a real cryptographer. Do not use this k

null 6 Oct 24, 2023
Rust implementation of the termbox library

Rustbox Rustbox is a Rust implementation of termbox. Currently, this is just a wrapper of the C library by nsf, though my plan is to convert it to be

Greg Chapple 462 Dec 19, 2022
Backroll is a pure Rust implementation of GGPO rollback networking library.

backroll-rs Backroll is a pure Rust implementation of GGPO rollback networking library. Development Status This is still in an untested alpha stage. A

Hourai Teahouse 273 Dec 28, 2022
Gostd is the golang standard library implementation in rust-lang.

Gostd Gostd is the golang standard library implementation in rust-lang.

wander 30 Oct 25, 2022
An implementation of the paper "Honey Badger of BFT Protocols" in Rust. This is a modular library of consensus.

Honey Badger Byzantine Fault Tolerant (BFT) consensus algorithm Welcome to a Rust library of the Honey Badger Byzantine Fault Tolerant (BFT) consensus

null 335 Dec 25, 2022
This repository features a simple Kalman filter and RTS smoother (KFS) implementation in Rust by using the ndarray library.

Kalman filter and RTS smoother in Rust (ndarray) This repository features a simple Kalman filter and RTS smoother (KFS) implementation in Rust by usin

SPDEs 3 Dec 1, 2022
In addition to encryption library, pure RUST implementation of SSH-2.0 client protocol

In addition to encryption library, pure RUST implementation of SSH-2.0 client protocol

陈年旧事。 73 Jan 1, 2023
Generic framebuffer implementation in Rust for use with embedded-graphics library

Fraramebuffer implementation for Rust's Embedded-graphics Framebuffer approach helps to deal with display flickering when you update multiple parts of

Bernard Kobos 9 Nov 29, 2022
A lightweight Rust library for BitVector Rank&Select operations, coupled with a generic Sparse Array implementation

A lightweight Rust library for BitVector Rank&Select operations, coupled with a generic Sparse Array implementation

Alperen Keleş 5 Jun 20, 2022