Struct greenhook::Supervisor

pub struct Supervisor { /* private fields */ }

The main component of greenhook.

Implementations

impl Supervisor

pub fn new(thread_num: usize) -> Result<Self, Error>

Create a new Supervisor object. You can specify the number of threads in the thread pool. This function will also check your kernel version and show warning or return error if necessary.

Examples

use greenhook::Supervisor;
let supervisor = Supervisor::new(4).unwrap();

pub fn insert_handler( &mut self, syscall: ScmpSyscall, handler: impl Fn(&UNotifyEventRequest) -> ScmpNotifResp + Send + Sync + 'static )

Insert a user-defined handler function for a syscall.

Examples

use greenhook::{Supervisor, UNotifyEventRequest};
use libseccomp::ScmpSyscall;

fn close_handler(req: &UNotifyEventRequest) -> libseccomp::ScmpNotifResp {
    println!("close");
    unsafe { req.continue_syscall() }
}

let mut supervisor = Supervisor::new(4).unwrap();
supervisor.insert_handler(ScmpSyscall::new("open"), |req| {
    println!("open: {}", req.get_request().data.args[0]);
    unsafe { req.continue_syscall() }
});
supervisor.insert_handler(ScmpSyscall::new("close"), close_handler);

pub fn exec( self, cmd: &mut Command ) -> Result<(Child, JoinHandle<()>, ThreadPool), Error>

Run a command with seccomp filter. This method will fork a child process, do some preparations and run the command in it. It returns a Child, a JoinHandle of supervising thread, and a ThreadPool handle of syscall user functions. It’s recommended to use Supervisor::wait() to wait for the child process.

Examples

let (mut child, handle, pool) = supervisor.exec(&mut cmd).unwrap();

pub fn wait( child: &mut Child, thread_handle: JoinHandle<()>, pool_handle: ThreadPool ) -> Result<ExitStatus, Error>

Wait for the child process to exit and cleanup the supervisor thread and thread pool. It returns WaitStatus of the child process.

Examples

let status = Supervisor::wait(&mut child, thread_handle, pool).unwrap();