Hi HN, I just released a new version of extrasafe, a library I've been working on that makes it easy to use seccomp, in a way similar to OpenBSD's pledge. Seccomp lets you deny the use of syscalls you don't need.

This version adds support for Landlock (https://landlock.io), which lets you restrict access to the filesystem in a more fine-grained manner than seccomp allows.

Here's an example:

  fn main() {
      let tmp_dir = tempfile::tempdir().unwrap().into_path();
  
      extrasafe::SafetyContext::new()
           .enable(
              extrasafe::builtins::SystemIO::nothing()
                  .allow_create_in_dir(&tmp_dir)
                  .allow_write_file(&tmp_dir)
           ).unwrap()
      .apply_to_current_thread().unwrap();
  
      // Opening arbitrary files now fails!
      assert!(File::open("/etc/passwd")
          .is_err());
  
      // But the directory we allowed works
      assert!(File::create(tmp_dir.join("my_output.txt"))
          .is_ok());
  
      // And other syscalls are still disallowed
      assert!(std::net::UdpSocket::bind("127.0.0.1:0")
          .is_err());
   }