priv_sep

Privilege separation library.
git clone https://git.philomathiclife.com/repos/priv_sep
Log | Files | Refs | README

README.md (2871B)

      1 # `priv_sep`
      2 
      3 [<img alt="git" src="https://git.philomathiclife.com/badges/priv_sep.svg" height="20">](https://git.philomathiclife.com/priv_sep/log.html)
      4 [<img alt="crates.io" src="https://img.shields.io/crates/v/priv_sep.svg?style=for-the-badge&color=fc8d62&logo=rust" height="20">](https://crates.io/crates/priv_sep)
      5 [<img alt="docs.rs" src="https://img.shields.io/badge/docs.rs-priv_sep-66c2a5?style=for-the-badge&labelColor=555555&logo=docs.rs" height="20">](https://docs.rs/priv_sep/latest/priv_sep/)
      6 
      7 `priv_sep` is a library for privilege separation.
      8 It is currently designed around [`pledge(2)`](https://man.openbsd.org/amd64/pledge.2) and
      9 [`unveil(2)`](https://man.openbsd.org/amd64/unveil.2) for OpenBSD, but
     10 in the future may contain functionality for Linux's
     11 [`seccomp(2)`](https://man7.org/linux/man-pages/man2/seccomp.2.html).
     12 
     13 ## Pledge
     14 
     15 Calls to `pledge(2)` are done via `Promises::pledge` and `pledge_none`.
     16 
     17 Note that since the use of `execpromises` is quite rare, `NULL` is always used for it.
     18 
     19 ## Unveil
     20 
     21 Calls to `unveil(2)` are done via `Permissions::unveil` and `unveil_no_more`.
     22 
     23 ## Errors
     24 
     25 Any error returned from the underlying system call is propagated via `Error`.
     26 
     27 ## Minimum Supported Rust Version (MSRV)
     28 
     29 This will frequently be updated to be the same as stable. Specifically, any time stable is updated and that
     30 update has "useful" features or compilation no longer succeeds (e.g., due to new compiler lints), then MSRV
     31 will be updated.
     32 
     33 MSRV changes will correspond to a SemVer minor version bump.
     34 
     35 ## SemVer Policy
     36 
     37 * All on-by-default features of this library are covered by SemVer
     38 * MSRV is considered exempt from SemVer as noted above
     39 
     40 ## License
     41 
     42 Licensed under either of
     43 
     44 * Apache License, Version 2.0 ([LICENSE-APACHE](https://www.apache.org/licenses/LICENSE-2.0))
     45 * MIT license ([LICENSE-MIT](https://opensource.org/licenses/MIT))
     46 
     47 at your option.
     48 
     49 ## Contribution
     50 
     51 Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you,
     52 as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
     53 
     54 Before any PR is sent, `cargo clippy` and `cargo t` should be run for both `--no-default-features` and
     55 `--all-features`. Additionally `RUSTDOCFLAGS="--cfg docsrs" cargo +nightly doc --all-features` should be run to
     56 ensure documentation can be built.
     57 
     58 ### Status
     59 
     60 This package will be actively maintained to stay in-sync with the latest version of OpenBSD; as a result,
     61 the crate is only tested on the `x86_64-unknown-openbsd` target. While OpenBSD supports both the most recent
     62 -release/-stable release as well as the previous version, only the most recent version will be supported by this
     63 library. If using -stable, it may be necessary to build the
     64 [`rust` port](https://github.com/openbsd/ports/tree/master/lang/rust) from -current.