README.md (1682B)
1 # `priv_sep` 2 3 `priv_sep` is a library for privilege separation. 4 It is currently designed around [`pledge(2)`](https://man.openbsd.org/amd64/pledge.2) and 5 [`unveil(2)`](https://man.openbsd.org/amd64/unveil.2) for OpenBSD, but 6 in the future may contain functionality for Linux's 7 [`seccomp(2)`](https://man7.org/linux/man-pages/man2/seccomp.2.html). 8 9 ## Pledge 10 11 Calls to `pledge(2)` are done via `Promises::pledge` and `pledge_none`. 12 13 Note that since the use of `execpromises` is quite rare, `NULL` is always used for it. 14 15 ## Unveil 16 17 Calls to `unveil(2)` are done via `Permissions::unveil` and `unveil_no_more`. 18 19 ## Errors 20 21 Any error returned from the underlying system call is propagated via `Error`. 22 23 ## License 24 25 Licensed under either of 26 27 * Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0). 28 * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT). 29 30 at your option. 31 32 ## Contribution 33 34 Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, 35 as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions. 36 37 ### Status 38 39 This package will be actively maintained to stay in-sync with the latest version of OpenBSD; as a result, 40 the crate is only tested on the `x86_64-unknown-openbsd` target. While OpenBSD supports both the most recent 41 -release/-stable release as well as the previous version, only the most recent version will be supported by this 42 library. If using -stable, it may be necessary to build the 43 [`rust` port](https://github.com/openbsd/ports/tree/master/lang/rust) from -current.