syd
1#!/usr/bin/env python3 2# coding: utf-8 3# 4# Syd: rock-solid application kernel 5# lib/src/syd.py: Python ctypes bindings of libsyd, the syd API C Library 6# Copyright (c) 2023, 2024, 2025 Ali Polatel <alip@chesswob.org> 7# 8# SPDX-License-Identifier: LGPL-3.0 9 10import os, sys, time 11import enum, errno, ctypes 12import json, tempfile, unittest 13 14from typing import List, Union 15 16""" 17pysyd - Python Bindings for the syd API Rust Library 18 19`pysyd` provides Python bindings for `libsyd`, a C library written in 20Rust that implements the syd stat API. This package facilitates 21interaction with the `/dev/syd` interface of syd, allowing for 22runtime configuration and interaction within the syd sandboxing 23environment. 24 25Overview 26-------- 27The `pysyd` library is designed to interact with the syd sandboxing 28environment through Python. It offers functionalities to check and 29modify the state of the sandbox lock, perform system calls to 30`/dev/syd`, and execute commands within the sandbox. This makes it 31easier for Python applications to integrate with syd's features. 32 33Requirement 34----------- 35To use `pysyd`, the shared library `libsyd.so` must be available in the 36system's library search path. Ensure that this shared library is 37properly installed and its location is included in the environment path 38where system libraries are searched for. 39 40Attention 41--------- 42This library is currently a work in progress. The API is subject to 43change and may not be stable. Users are advised to use it with caution 44and to stay updated with the latest changes. 45 46Further Information 47-------------------- 48For more detailed information about `libsyd` and usage instructions, 49refer to the syd manual: https://git.sr.ht/~alip/syd 50 51Author 52------ 53Ali Polatel (alip@chesswob.org) 54 55This Python wrapper is designed to provide a seamless and idiomatic 56Python interface for interacting with the functionalities offered by 57`libsyd`. 58""" 59 60__all__ = ( 61 "Action", 62 "LockState", 63 "info", 64 "check", 65 "api", 66 "panic", 67 "reset", 68 "load", 69 "lock", 70 "exec", 71 "enable_stat", 72 "disable_stat", 73 "enabled_stat", 74 "enable_read", 75 "disable_read", 76 "enabled_read", 77 "enable_write", 78 "disable_write", 79 "enabled_write", 80 "enable_exec", 81 "disable_exec", 82 "enabled_exec", 83 "enable_ioctl", 84 "disable_ioctl", 85 "enabled_ioctl", 86 "enable_create", 87 "disable_create", 88 "enabled_create", 89 "enable_delete", 90 "disable_delete", 91 "enabled_delete", 92 "enable_rename", 93 "disable_rename", 94 "enabled_rename", 95 "enable_symlink", 96 "disable_symlink", 97 "enabled_symlink", 98 "enable_truncate", 99 "disable_truncate", 100 "enabled_truncate", 101 "enable_chdir", 102 "disable_chdir", 103 "enabled_chdir", 104 "enable_readdir", 105 "disable_readdir", 106 "enabled_readdir", 107 "enable_mkdir", 108 "disable_mkdir", 109 "enabled_mkdir", 110 "enable_rmdir", 111 "disable_rmdir", 112 "enabled_rmdir", 113 "enable_chown", 114 "disable_chown", 115 "enabled_chown", 116 "enable_chgrp", 117 "disable_chgrp", 118 "enabled_chgrp", 119 "enable_chattr", 120 "disable_chattr", 121 "enabled_chattr", 122 "enable_chroot", 123 "disable_chroot", 124 "enabled_chroot", 125 "enable_utime", 126 "disable_utime", 127 "enabled_utime", 128 "enable_mkdev", 129 "disable_mkdev", 130 "enabled_mkdev", 131 "enable_mkfifo", 132 "disable_mkfifo", 133 "enabled_mkfifo", 134 "enable_mktemp", 135 "disable_mktemp", 136 "enabled_mktemp", 137 "enable_net", 138 "disable_net", 139 "enabled_net", 140 "enabled_lock", 141 "enabled_crypt", 142 "enabled_proxy", 143 "enable_mem", 144 "disable_mem", 145 "enabled_mem", 146 "enable_pid", 147 "disable_pid", 148 "enabled_pid", 149 "enable_force", 150 "disable_force", 151 "enabled_force", 152 "enable_tpe", 153 "disable_tpe", 154 "enabled_tpe", 155 "default_stat", 156 "default_read", 157 "default_write", 158 "default_exec", 159 "default_ioctl", 160 "default_create", 161 "default_delete", 162 "default_rename", 163 "default_symlink", 164 "default_truncate", 165 "default_chdir", 166 "default_readdir", 167 "default_mkdir", 168 "default_rmdir", 169 "default_chown", 170 "default_chgrp", 171 "default_chmod", 172 "default_chattr", 173 "default_chroot", 174 "default_utime", 175 "default_mkdev", 176 "default_mkfifo", 177 "default_mktemp", 178 "default_net", 179 "default_block", 180 "default_mem", 181 "default_pid", 182 "default_force", 183 "default_segvguard", 184 "default_tpe", 185 "ioctl_deny", 186 "stat_add", 187 "stat_del", 188 "stat_rem", 189 "read_add", 190 "read_del", 191 "read_rem", 192 "write_add", 193 "write_del", 194 "write_rem", 195 "exec_add", 196 "exec_del", 197 "exec_rem", 198 "ioctl_add", 199 "ioctl_del", 200 "ioctl_rem", 201 "create_add", 202 "create_del", 203 "create_rem", 204 "delete_add", 205 "delete_del", 206 "delete_rem", 207 "rename_add", 208 "rename_del", 209 "rename_rem", 210 "symlink_add", 211 "symlink_del", 212 "symlink_rem", 213 "truncate_add", 214 "truncate_del", 215 "truncate_rem", 216 "chdir_add", 217 "chdir_del", 218 "chdir_rem", 219 "readdir_add", 220 "readdir_del", 221 "readdir_rem", 222 "mkdir_add", 223 "mkdir_del", 224 "mkdir_rem", 225 "rmdir_add", 226 "rmdir_del", 227 "rmdir_rem", 228 "chown_add", 229 "chown_del", 230 "chown_rem", 231 "chgrp_add", 232 "chgrp_del", 233 "chgrp_rem", 234 "chmod_add", 235 "chmod_del", 236 "chmod_rem", 237 "chattr_add", 238 "chattr_del", 239 "chattr_rem", 240 "chroot_add", 241 "chroot_del", 242 "chroot_rem", 243 "utime_add", 244 "utime_del", 245 "utime_rem", 246 "mkdev_add", 247 "mkdev_del", 248 "mkdev_rem", 249 "mkfifo_add", 250 "mkfifo_del", 251 "mkfifo_rem", 252 "mktemp_add", 253 "mktemp_del", 254 "mktemp_rem", 255 "net_bind_add", 256 "net_bind_del", 257 "net_bind_rem", 258 "net_connect_add", 259 "net_connect_del", 260 "net_connect_rem", 261 "net_sendfd_add", 262 "net_sendfd_del", 263 "net_sendfd_rem", 264 "net_link_add", 265 "net_link_del", 266 "net_link_rem", 267 "force_add", 268 "force_del", 269 "force_clr", 270 "mem_max", 271 "mem_vm_max", 272 "pid_max", 273 "segvguard_expiry", 274 "segvguard_suspension", 275 "segvguard_maxcrashes", 276) 277 278try: 279 libsyd = ctypes.CDLL("libsyd.so") 280except OSError as error: 281 if error.errno == errno.ENOENT or "such file" in str(error): 282 raise ImportError(f"install libsyd.so: {error}") 283 raise ImportError(f"fix libsyd.so: {error}") 284except error: 285 raise ImportError(f"fix libsyd.so: {error}") 286 287 288@enum.unique 289class Action(enum.Enum): 290 """ 291 Enum for representing actions for sandboxing: 292 293 - ALLOW: Allow system call. 294 - WARN: Allow system call and warn. 295 - FILTER: Deny system call silently. 296 - DENY: Deny system call and warn. 297 - PANIC: Deny system call, warn and panic the current Syd thread. 298 - STOP: Deny system call, warn and stop offending process. 299 - ABORT: Deny system call, warn and abort offending process. 300 - KILL: Deny system call, warn and kill offending process. 301 - EXIT: Warn, and exit Syd immediately with deny errno as exit value. 302 """ 303 304 ACTION_ALLOW = 0 305 ACTION_WARN = 1 306 ACTION_FILTER = 2 307 ACTION_DENY = 3 308 ACTION_PANIC = 4 309 ACTION_STOP = 5 310 ACTION_ABORT = 6 311 ACTION_KILL = 7 312 ACTION_EXIT = 8 313 314 315@enum.unique 316class LockState(enum.Enum): 317 """ 318 Enum for representing the sandbox lock states: 319 320 - LOCK_OFF: The sandbox lock is off, allowing all sandbox commands. 321 - LOCK_EXEC: The sandbox lock is set to on for all processes except 322 the initial process (syd exec child). This is the default state. 323 - LOCK_ON: The sandbox lock is on, disallowing all sandbox commands. 324 """ 325 326 LOCK_OFF = 0 327 LOCK_EXEC = 1 328 LOCK_ON = 2 329 330 331def check_return(negated_errno: int) -> bool: 332 """ 333 Checks the returned negated errno from syd_kill and raises an OSError if it's an error code. 334 335 # Parameters 336 negated_errno (int): The negated errno returned by the syd_kill function. 337 338 # Raises 339 OSError: If the negated_errno is a non-zero error code. 340 """ 341 if negated_errno != 0: 342 # Convert the negated errno back to the original errno 343 errno = -negated_errno 344 raise OSError(errno, os.strerror(errno)) 345 return True 346 347 348def info() -> dict: 349 """ 350 Reads the state of the syd sandbox from /dev/syd and returns it 351 as a JSON object. 352 353 This function opens the special file /dev/syd, which contains the 354 current state of the syd sandbox in JSON format, and then parses 355 and returns this state as a Python dictionary. 356 357 # Returns 358 dict: The current state of the syd sandbox. 359 360 # Raises 361 - OSError: If the file /dev/syd cannot be opened. 362 - JSONDecodeError: If the content of /dev/syd is not valid JSON. 363 """ 364 with open("/dev/syd") as f: 365 return json.load(f) 366 367 368def api() -> int: 369 """ 370 Performs a syd API check 371 The caller is advised to perform this check before 372 calling any other syd API calls. 373 374 # Returns 375 int: API number on successful operation, or raises an OSError on failure. 376 """ 377 api = libsyd.syd_api() 378 if api < 0: 379 raise OSError(-api, os.strerror(-api)) 380 return api 381 382 383def check() -> bool: 384 """ 385 Performs an lstat system call on the file "/dev/syd". 386 387 # Returns 388 bool: True on successful operation, or raises an OSError on failure. 389 """ 390 return check_return(libsyd.syd_check()) 391 392 393def panic() -> bool: 394 """ 395 Causes syd to exit immediately with code 127. 396 397 # Returns 398 bool: True on successful operation, or raises an OSError on failure. 399 """ 400 return check_return(libsyd.syd_panic()) 401 402 403def reset() -> bool: 404 """ 405 Causes syd to reset sandboxing to the default state. 406 Allowlists, denylists and filters are going to be cleared. 407 408 # Returns 409 bool: True on successful operation, or raises an OSError on failure. 410 """ 411 return check_return(libsyd.syd_reset()) 412 413 414def load(fd: int) -> bool: 415 """ 416 Causes syd to read configuration from the given file descriptor. 417 418 # Returns 419 bool: True on successful operation, or raises an OSError on failure. 420 """ 421 return check_return(libsyd.syd_load(fd)) 422 423 424def lock(state: LockState) -> bool: 425 """ 426 Sets the state of the sandbox lock. 427 428 # Parameters 429 - state (LockState): The desired state of the sandbox lock, as 430 defined by the `LockState` enum. 431 432 # Returns 433 - bool: True on successful operation, or raises an OSError on failure. 434 """ 435 return check_return(libsyd.syd_lock(state.value)) 436 437 438def exec(file: bytes, argv: List[bytes]) -> bool: 439 """ 440 Execute a command outside the sandbox without sandboxing 441 442 # Parameters 443 - file (bytes): The file path of the command to be executed, as bytes. 444 - argv (List[bytes]): The arguments to the command, as a list of bytes. 445 446 # Returns 447 bool: True on successful operation, or raises an OSError on failure. 448 """ 449 argv_array = ( 450 ctypes.c_char_p * (len(argv) + 1) 451 )() # Array of strings, null-terminated 452 argv_array[:-1] = [arg for arg in argv] 453 argv_array[-1] = None # Null-terminate the array 454 455 return check_return(libsyd.syd_exec(file, argv_array)) 456 457 458def enable_stat() -> bool: 459 """ 460 Enables stat sandboxing. 461 462 # Returns 463 bool: True on successful operation, or raises OSError on failure. 464 """ 465 return check_return(libsyd.syd_enable_stat()) 466 467 468def disable_stat() -> bool: 469 """ 470 Disables stat sandboxing. 471 472 # Returns 473 bool: True on successful operation, or raises OSError on failure. 474 """ 475 return check_return(libsyd.syd_disable_stat()) 476 477 478def enabled_stat() -> bool: 479 """ 480 Checks if stat sandboxing is enabled. 481 482 # Returns 483 bool: True if stat sandboxing is enabled, False otherwise. 484 """ 485 return libsyd.syd_enabled_stat() 486 487 488def enable_read() -> bool: 489 """ 490 Enables read sandboxing. 491 492 # Returns 493 bool: True on successful operation, or raises OSError on failure. 494 """ 495 return check_return(libsyd.syd_enable_read()) 496 497 498def disable_read() -> bool: 499 """ 500 Disables read sandboxing. 501 502 # Returns 503 bool: True on successful operation, or raises OSError on failure. 504 """ 505 return check_return(libsyd.syd_disable_read()) 506 507 508def enabled_read() -> bool: 509 """ 510 Checks if read sandboxing is enabled. 511 512 # Returns 513 bool: True if read sandboxing is enabled, False otherwise. 514 """ 515 return libsyd.syd_enabled_read() 516 517 518def enable_write() -> bool: 519 """ 520 Enables write sandboxing. 521 522 # Returns 523 bool: True on successful operation, or raises OSError on failure. 524 """ 525 return check_return(libsyd.syd_enable_write()) 526 527 528def disable_write() -> bool: 529 """ 530 Disables write sandboxing. 531 532 # Returns 533 bool: True on successful operation, or raises OSError on failure. 534 """ 535 return check_return(libsyd.syd_disable_write()) 536 537 538def enabled_write() -> bool: 539 """ 540 Checks if write sandboxing is enabled. 541 542 # Returns 543 bool: True if write sandboxing is enabled, False otherwise. 544 """ 545 return libsyd.syd_enabled_write() 546 547 548def enable_exec() -> bool: 549 """ 550 Enables exec sandboxing. 551 552 # Returns 553 bool: True on successful operation, or raises OSError on failure. 554 """ 555 return check_return(libsyd.syd_enable_exec()) 556 557 558def disable_exec() -> bool: 559 """ 560 Disables exec sandboxing. 561 562 # Returns 563 bool: True on successful operation, or raises OSError on failure. 564 """ 565 return check_return(libsyd.syd_disable_exec()) 566 567 568def enabled_exec() -> bool: 569 """ 570 Checks if exec sandboxing is enabled. 571 572 # Returns 573 bool: True if exec sandboxing is enabled, False otherwise. 574 """ 575 return libsyd.syd_enabled_exec() 576 577 578def enable_ioctl() -> bool: 579 """ 580 Enables ioctl sandboxing. 581 582 # Returns 583 bool: True on successful operation, or raises OSError on failure. 584 """ 585 return check_return(libsyd.syd_enable_ioctl()) 586 587 588def disable_ioctl() -> bool: 589 """ 590 Disables ioctl sandboxing. 591 592 # Returns 593 bool: True on successful operation, or raises OSError on failure. 594 """ 595 return check_return(libsyd.syd_disable_ioctl()) 596 597 598def enabled_ioctl() -> bool: 599 """ 600 Checks if ioctl sandboxing is enabled. 601 602 # Returns 603 bool: True if ioctl sandboxing is enabled, False otherwise. 604 """ 605 return libsyd.syd_enabled_ioctl() 606 607 608def enable_create() -> bool: 609 """ 610 Enables create sandboxing. 611 612 # Returns 613 bool: True on successful operation, or raises OSError on failure. 614 """ 615 return check_return(libsyd.syd_enable_create()) 616 617 618def disable_create() -> bool: 619 """ 620 Disables create sandboxing. 621 622 # Returns 623 bool: True on successful operation, or raises OSError on failure. 624 """ 625 return check_return(libsyd.syd_disable_create()) 626 627 628def enabled_create() -> bool: 629 """ 630 Checks if create sandboxing is enabled. 631 632 # Returns 633 bool: True if create sandboxing is enabled, False otherwise. 634 """ 635 return libsyd.syd_enabled_create() 636 637 638def enable_delete() -> bool: 639 """ 640 Enables delete sandboxing. 641 642 # Returns 643 bool: True on successful operation, or raises OSError on failure. 644 """ 645 return check_return(libsyd.syd_enable_delete()) 646 647 648def disable_delete() -> bool: 649 """ 650 Disables delete sandboxing. 651 652 # Returns 653 bool: True on successful operation, or raises OSError on failure. 654 """ 655 return check_return(libsyd.syd_disable_delete()) 656 657 658def enabled_delete() -> bool: 659 """ 660 Checks if delete sandboxing is enabled. 661 662 # Returns 663 bool: True if delete sandboxing is enabled, False otherwise. 664 """ 665 return libsyd.syd_enabled_delete() 666 667 668def enable_rename() -> bool: 669 """ 670 Enables rename sandboxing. 671 672 # Returns 673 bool: True on successful operation, or raises OSError on failure. 674 """ 675 return check_return(libsyd.syd_enable_rename()) 676 677 678def disable_rename() -> bool: 679 """ 680 Disables rename sandboxing. 681 682 # Returns 683 bool: True on successful operation, or raises OSError on failure. 684 """ 685 return check_return(libsyd.syd_disable_rename()) 686 687 688def enabled_rename() -> bool: 689 """ 690 Checks if rename sandboxing is enabled. 691 692 # Returns 693 bool: True if rename sandboxing is enabled, False otherwise. 694 """ 695 return libsyd.syd_enabled_rename() 696 697 698def enable_symlink() -> bool: 699 """ 700 Enables symlink sandboxing. 701 702 # Returns 703 bool: True on successful operation, or raises OSError on failure. 704 """ 705 return check_return(libsyd.syd_enable_symlink()) 706 707 708def disable_symlink() -> bool: 709 """ 710 Disables symlink sandboxing. 711 712 # Returns 713 bool: True on successful operation, or raises OSError on failure. 714 """ 715 return check_return(libsyd.syd_disable_symlink()) 716 717 718def enabled_symlink() -> bool: 719 """ 720 Checks if symlink sandboxing is enabled. 721 722 # Returns 723 bool: True if symlink sandboxing is enabled, False otherwise. 724 """ 725 return libsyd.syd_enabled_symlink() 726 727 728def enable_truncate() -> bool: 729 """ 730 Enables truncate sandboxing. 731 732 # Returns 733 bool: True on successful operation, or raises OSError on failure. 734 """ 735 return check_return(libsyd.syd_enable_truncate()) 736 737 738def disable_truncate() -> bool: 739 """ 740 Disables truncate sandboxing. 741 742 # Returns 743 bool: True on successful operation, or raises OSError on failure. 744 """ 745 return check_return(libsyd.syd_disable_truncate()) 746 747 748def enabled_truncate() -> bool: 749 """ 750 Checks if truncate sandboxing is enabled. 751 752 # Returns 753 bool: True if truncate sandboxing is enabled, False otherwise. 754 """ 755 return libsyd.syd_enabled_truncate() 756 757 758def enable_chdir() -> bool: 759 """ 760 Enables chdir sandboxing. 761 762 # Returns 763 bool: True on successful operation, or raises OSError on failure. 764 """ 765 return check_return(libsyd.syd_enable_chdir()) 766 767 768def disable_chdir() -> bool: 769 """ 770 Disables chdir sandboxing. 771 772 # Returns 773 bool: True on successful operation, or raises OSError on failure. 774 """ 775 return check_return(libsyd.syd_disable_chdir()) 776 777 778def enabled_chdir() -> bool: 779 """ 780 Checks if chdir sandboxing is enabled. 781 782 # Returns 783 bool: True if chdir sandboxing is enabled, False otherwise. 784 """ 785 return libsyd.syd_enabled_chdir() 786 787 788def enable_readdir() -> bool: 789 """ 790 Enables readdir sandboxing. 791 792 # Returns 793 bool: True on successful operation, or raises OSError on failure. 794 """ 795 return check_return(libsyd.syd_enable_readdir()) 796 797 798def disable_readdir() -> bool: 799 """ 800 Disables readdir sandboxing. 801 802 # Returns 803 bool: True on successful operation, or raises OSError on failure. 804 """ 805 return check_return(libsyd.syd_disable_readdir()) 806 807 808def enabled_readdir() -> bool: 809 """ 810 Checks if readdir sandboxing is enabled. 811 812 # Returns 813 bool: True if readdir sandboxing is enabled, False otherwise. 814 """ 815 return libsyd.syd_enabled_readdir() 816 817 818def enable_mkdir() -> bool: 819 """ 820 Enables mkdir sandboxing. 821 822 # Returns 823 bool: True on successful operation, or raises OSError on failure. 824 """ 825 return check_return(libsyd.syd_enable_mkdir()) 826 827 828def disable_mkdir() -> bool: 829 """ 830 Disables mkdir sandboxing. 831 832 # Returns 833 bool: True on successful operation, or raises OSError on failure. 834 """ 835 return check_return(libsyd.syd_disable_mkdir()) 836 837 838def enabled_mkdir() -> bool: 839 """ 840 Checks if mkdir sandboxing is enabled. 841 842 # Returns 843 bool: True if mkdir sandboxing is enabled, False otherwise. 844 """ 845 return libsyd.syd_enabled_mkdir() 846 847 848def enable_rmdir() -> bool: 849 """ 850 Enables rmdir sandboxing. 851 852 # Returns 853 bool: True on successful operation, or raises OSError on failure. 854 """ 855 return check_return(libsyd.syd_enable_rmdir()) 856 857 858def disable_rmdir() -> bool: 859 """ 860 Disables rmdir sandboxing. 861 862 # Returns 863 bool: True on successful operation, or raises OSError on failure. 864 """ 865 return check_return(libsyd.syd_disable_rmdir()) 866 867 868def enabled_rmdir() -> bool: 869 """ 870 Checks if rmdir sandboxing is enabled. 871 872 # Returns 873 bool: True if rmdir sandboxing is enabled, False otherwise. 874 """ 875 return libsyd.syd_enabled_rmdir() 876 877 878def enable_chown() -> bool: 879 """ 880 Enables chown sandboxing. 881 882 # Returns 883 bool: True on successful operation, or raises OSError on failure. 884 """ 885 return check_return(libsyd.syd_enable_chown()) 886 887 888def disable_chown() -> bool: 889 """ 890 Disables chown sandboxing. 891 892 # Returns 893 bool: True on successful operation, or raises OSError on failure. 894 """ 895 return check_return(libsyd.syd_disable_chown()) 896 897 898def enabled_chown() -> bool: 899 """ 900 Checks if chown sandboxing is enabled. 901 902 # Returns 903 bool: True if chown sandboxing is enabled, False otherwise. 904 """ 905 return libsyd.syd_enabled_chown() 906 907 908def enable_chgrp() -> bool: 909 """ 910 Enables chgrp sandboxing. 911 912 # Returns 913 bool: True on successful operation, or raises OSError on failure. 914 """ 915 return check_return(libsyd.syd_enable_chgrp()) 916 917 918def disable_chgrp() -> bool: 919 """ 920 Disables chgrp sandboxing. 921 922 # Returns 923 bool: True on successful operation, or raises OSError on failure. 924 """ 925 return check_return(libsyd.syd_disable_chgrp()) 926 927 928def enabled_chgrp() -> bool: 929 """ 930 Checks if chgrp sandboxing is enabled. 931 932 # Returns 933 bool: True if chgrp sandboxing is enabled, False otherwise. 934 """ 935 return libsyd.syd_enabled_chgrp() 936 937 938def enable_chmod() -> bool: 939 """ 940 Enables chmod sandboxing. 941 942 # Returns 943 bool: True on successful operation, or raises OSError on failure. 944 """ 945 return check_return(libsyd.syd_enable_chmod()) 946 947 948def disable_chmod() -> bool: 949 """ 950 Disables chmod sandboxing. 951 952 # Returns 953 bool: True on successful operation, or raises OSError on failure. 954 """ 955 return check_return(libsyd.syd_disable_chmod()) 956 957 958def enabled_chmod() -> bool: 959 """ 960 Checks if chmod sandboxing is enabled. 961 962 # Returns 963 bool: True if chmod sandboxing is enabled, False otherwise. 964 """ 965 return libsyd.syd_enabled_chmod() 966 967 968def enable_chattr() -> bool: 969 """ 970 Enables chattr sandboxing. 971 972 # Returns 973 bool: True on successful operation, or raises OSError on failure. 974 """ 975 return check_return(libsyd.syd_enable_chattr()) 976 977 978def disable_chattr() -> bool: 979 """ 980 Disables chattr sandboxing. 981 982 # Returns 983 bool: True on successful operation, or raises OSError on failure. 984 """ 985 return check_return(libsyd.syd_disable_chattr()) 986 987 988def enabled_chattr() -> bool: 989 """ 990 Checks if chattr sandboxing is enabled. 991 992 # Returns 993 bool: True if chattr sandboxing is enabled, False otherwise. 994 """ 995 return libsyd.syd_enabled_chattr() 996 997 998def enable_chroot() -> bool: 999 """ 1000 Enables chroot sandboxing. 1001 1002 # Returns 1003 bool: True on successful operation, or raises OSError on failure. 1004 """ 1005 return check_return(libsyd.syd_enable_chroot()) 1006 1007 1008def disable_chroot() -> bool: 1009 """ 1010 Disables chroot sandboxing. 1011 1012 # Returns 1013 bool: True on successful operation, or raises OSError on failure. 1014 """ 1015 return check_return(libsyd.syd_disable_chroot()) 1016 1017 1018def enabled_chroot() -> bool: 1019 """ 1020 Checks if chroot sandboxing is enabled. 1021 1022 # Returns 1023 bool: True if chroot sandboxing is enabled, False otherwise. 1024 """ 1025 return libsyd.syd_enabled_chroot() 1026 1027 1028def enable_utime() -> bool: 1029 """ 1030 Enables utime sandboxing. 1031 1032 # Returns 1033 bool: True on successful operation, or raises OSError on failure. 1034 """ 1035 return check_return(libsyd.syd_enable_utime()) 1036 1037 1038def disable_utime() -> bool: 1039 """ 1040 Disables utime sandboxing. 1041 1042 # Returns 1043 bool: True on successful operation, or raises OSError on failure. 1044 """ 1045 return check_return(libsyd.syd_disable_utime()) 1046 1047 1048def enabled_utime() -> bool: 1049 """ 1050 Checks if utime sandboxing is enabled. 1051 1052 # Returns 1053 bool: True if utime sandboxing is enabled, False otherwise. 1054 """ 1055 return libsyd.syd_enabled_utime() 1056 1057 1058def enable_mkdev() -> bool: 1059 """ 1060 Enables mkdev sandboxing. 1061 1062 # Returns 1063 bool: True on successful operation, or raises OSError on failure. 1064 """ 1065 return check_return(libsyd.syd_enable_mkdev()) 1066 1067 1068def disable_mkdev() -> bool: 1069 """ 1070 Disables mkdev sandboxing. 1071 1072 # Returns 1073 bool: True on successful operation, or raises OSError on failure. 1074 """ 1075 return check_return(libsyd.syd_disable_mkdev()) 1076 1077 1078def enabled_mkdev() -> bool: 1079 """ 1080 Checks if mkdev sandboxing is enabled. 1081 1082 # Returns 1083 bool: True if mkdev sandboxing is enabled, False otherwise. 1084 """ 1085 return libsyd.syd_enabled_mkdev() 1086 1087 1088def enable_mkfifo() -> bool: 1089 """ 1090 Enables mkfifo sandboxing. 1091 1092 # Returns 1093 bool: True on successful operation, or raises OSError on failure. 1094 """ 1095 return check_return(libsyd.syd_enable_mkfifo()) 1096 1097 1098def disable_mkfifo() -> bool: 1099 """ 1100 Disables mkfifo sandboxing. 1101 1102 # Returns 1103 bool: True on successful operation, or raises OSError on failure. 1104 """ 1105 return check_return(libsyd.syd_disable_mkfifo()) 1106 1107 1108def enabled_mkfifo() -> bool: 1109 """ 1110 Checks if mkfifo sandboxing is enabled. 1111 1112 # Returns 1113 bool: True if mkfifo sandboxing is enabled, False otherwise. 1114 """ 1115 return libsyd.syd_enabled_mkfifo() 1116 1117 1118def enable_mktemp() -> bool: 1119 """ 1120 Enables mktemp sandboxing. 1121 1122 # Returns 1123 bool: True on successful operation, or raises OSError on failure. 1124 """ 1125 return check_return(libsyd.syd_enable_mktemp()) 1126 1127 1128def disable_mktemp() -> bool: 1129 """ 1130 Disables mktemp sandboxing. 1131 1132 # Returns 1133 bool: True on successful operation, or raises OSError on failure. 1134 """ 1135 return check_return(libsyd.syd_disable_mktemp()) 1136 1137 1138def enabled_mktemp() -> bool: 1139 """ 1140 Checks if mktemp sandboxing is enabled. 1141 1142 # Returns 1143 bool: True if mktemp sandboxing is enabled, False otherwise. 1144 """ 1145 return libsyd.syd_enabled_mktemp() 1146 1147 1148def enable_net() -> bool: 1149 """ 1150 Enables net sandboxing. 1151 1152 # Returns 1153 bool: True on successful operation, or raises OSError on failure. 1154 """ 1155 return check_return(libsyd.syd_enable_net()) 1156 1157 1158def disable_net() -> bool: 1159 """ 1160 Disables net sandboxing. 1161 1162 # Returns 1163 bool: True on successful operation, or raises OSError on failure. 1164 """ 1165 return check_return(libsyd.syd_disable_net()) 1166 1167 1168def enabled_net() -> bool: 1169 """ 1170 Checks if net sandboxing is enabled. 1171 1172 # Returns 1173 bool: True if net sandboxing is enabled, False otherwise. 1174 """ 1175 return libsyd.syd_enabled_net() 1176 1177 1178def enabled_lock() -> bool: 1179 """ 1180 Checks if lock sandboxing is enabled. 1181 1182 # Returns 1183 bool: True if lock sandboxing is enabled, False otherwise. 1184 """ 1185 return libsyd.syd_enabled_lock() 1186 1187 1188def enabled_crypt() -> bool: 1189 """ 1190 Checks if crypt sandboxing is enabled. 1191 1192 # Returns 1193 bool: True if crypt sandboxing is enabled, False otherwise. 1194 """ 1195 return libsyd.syd_enabled_crypt() 1196 1197 1198def enabled_proxy() -> bool: 1199 """ 1200 Checks if Proxy sandboxing is enabled. 1201 1202 # Returns 1203 bool: True if Proxy andboxing is enabled, False otherwise. 1204 """ 1205 return libsyd.syd_enabled_proxy() 1206 1207 1208def enable_mem() -> bool: 1209 """ 1210 Enables memory sandboxing. 1211 1212 # Returns 1213 bool: True on successful operation, or raises OSError on failure. 1214 """ 1215 return check_return(libsyd.syd_enable_mem()) 1216 1217 1218def disable_mem() -> bool: 1219 """ 1220 Disables memory sandboxing. 1221 1222 # Returns 1223 bool: True on successful operation, or raises OSError on failure. 1224 """ 1225 return check_return(libsyd.syd_disable_mem()) 1226 1227 1228def enabled_mem() -> bool: 1229 """ 1230 Checks if memory sandboxing is enabled. 1231 1232 # Returns 1233 bool: True if memory sandboxing is enabled, False otherwise. 1234 """ 1235 return libsyd.syd_enabled_mem() 1236 1237 1238def enable_pid() -> bool: 1239 """ 1240 Enables PID sandboxing. 1241 1242 # Returns 1243 bool: True on successful operation, or raises OSError on failure. 1244 """ 1245 return check_return(libsyd.syd_enable_pid()) 1246 1247 1248def disable_pid() -> bool: 1249 """ 1250 Disables PID sandboxing. 1251 1252 # Returns 1253 bool: True on successful operation, or raises OSError on failure. 1254 """ 1255 return check_return(libsyd.syd_disable_pid()) 1256 1257 1258def enabled_pid() -> bool: 1259 """ 1260 Checks if PID sandboxing is enabled. 1261 1262 # Returns 1263 bool: True if PID sandboxing is enabled, False otherwise. 1264 """ 1265 return libsyd.syd_enabled_pid() 1266 1267 1268def enable_force() -> bool: 1269 """ 1270 Enables force sandboxing. 1271 1272 # Returns 1273 bool: True on successful operation, or raises OSError on failure. 1274 """ 1275 return check_return(libsyd.syd_enable_force()) 1276 1277 1278def disable_force() -> bool: 1279 """ 1280 Disables force sandboxing. 1281 1282 # Returns 1283 bool: True on successful operation, or raises OSError on failure. 1284 """ 1285 return check_return(libsyd.syd_disable_force()) 1286 1287 1288def enabled_force() -> bool: 1289 """ 1290 Checks if force sandboxing is enabled. 1291 1292 # Returns 1293 bool: True if force sandboxing is enabled, False otherwise. 1294 """ 1295 return libsyd.syd_enabled_force() 1296 1297 1298def enable_tpe() -> bool: 1299 """ 1300 Enables TPE sandboxing. 1301 1302 # Returns 1303 bool: True on successful operation, or raises OSError on failure. 1304 """ 1305 return check_return(libsyd.syd_enable_tpe()) 1306 1307 1308def disable_tpe() -> bool: 1309 """ 1310 Disables TPE sandboxing. 1311 1312 # Returns 1313 bool: True on successful operation, or raises OSError on failure. 1314 """ 1315 return check_return(libsyd.syd_disable_tpe()) 1316 1317 1318def enabled_tpe() -> bool: 1319 """ 1320 Checks if TPE sandboxing is enabled. 1321 1322 # Returns 1323 bool: True if TPE sandboxing is enabled, False otherwise. 1324 """ 1325 return libsyd.syd_enabled_tpe() 1326 1327 1328def default_stat(action: Action) -> bool: 1329 """ 1330 Set default action for Stat sandboxing. 1331 1332 # Returns 1333 bool: True on successful operation, or raises OSError on failure. 1334 """ 1335 return check_return(libsyd.syd_default_stat(action.value)) 1336 1337 1338def default_read(action: Action) -> bool: 1339 """ 1340 Set default action for Read sandboxing. 1341 1342 # Returns 1343 bool: True on successful operation, or raises OSError on failure. 1344 """ 1345 return check_return(libsyd.syd_default_read(action.value)) 1346 1347 1348def default_write(action: Action) -> bool: 1349 """ 1350 Set default action for Write sandboxing. 1351 1352 # Returns 1353 bool: True on successful operation, or raises OSError on failure. 1354 """ 1355 return check_return(libsyd.syd_default_write(action.value)) 1356 1357 1358def default_exec(action: Action) -> bool: 1359 """ 1360 Set default action for Exec sandboxing. 1361 1362 # Returns 1363 bool: True on successful operation, or raises OSError on failure. 1364 """ 1365 return check_return(libsyd.syd_default_exec(action.value)) 1366 1367 1368def default_ioctl(action: Action) -> bool: 1369 """ 1370 Set default action for Ioctl sandboxing. 1371 1372 # Returns 1373 bool: True on successful operation, or raises OSError on failure. 1374 """ 1375 return check_return(libsyd.syd_default_ioctl(action.value)) 1376 1377 1378def default_create(action: Action) -> bool: 1379 """ 1380 Set default action for create sandboxing. 1381 1382 # Returns 1383 bool: True on successful operation, or raises OSError on failure. 1384 """ 1385 return check_return(libsyd.syd_default_create(action.value)) 1386 1387 1388def default_delete(action: Action) -> bool: 1389 """ 1390 Set default action for delete sandboxing. 1391 1392 # Returns 1393 bool: True on successful operation, or raises OSError on failure. 1394 """ 1395 return check_return(libsyd.syd_default_delete(action.value)) 1396 1397 1398def default_rename(action: Action) -> bool: 1399 """ 1400 Set default action for rename sandboxing. 1401 1402 # Returns 1403 bool: True on successful operation, or raises OSError on failure. 1404 """ 1405 return check_return(libsyd.syd_default_rename(action.value)) 1406 1407 1408def default_symlink(action: Action) -> bool: 1409 """ 1410 Set default action for symlink sandboxing. 1411 1412 # Returns 1413 bool: True on successful operation, or raises OSError on failure. 1414 """ 1415 return check_return(libsyd.syd_default_symlink(action.value)) 1416 1417 1418def default_truncate(action: Action) -> bool: 1419 """ 1420 Set default action for truncate sandboxing. 1421 1422 # Returns 1423 bool: True on successful operation, or raises OSError on failure. 1424 """ 1425 return check_return(libsyd.syd_default_truncate(action.value)) 1426 1427 1428def default_chdir(action: Action) -> bool: 1429 """ 1430 Set default action for chdir sandboxing. 1431 1432 # Returns 1433 bool: True on successful operation, or raises OSError on failure. 1434 """ 1435 return check_return(libsyd.syd_default_chdir(action.value)) 1436 1437 1438def default_readdir(action: Action) -> bool: 1439 """ 1440 Set default action for readdir sandboxing. 1441 1442 # Returns 1443 bool: True on successful operation, or raises OSError on failure. 1444 """ 1445 return check_return(libsyd.syd_default_readdir(action.value)) 1446 1447 1448def default_mkdir(action: Action) -> bool: 1449 """ 1450 Set default action for mkdir sandboxing. 1451 1452 # Returns 1453 bool: True on successful operation, or raises OSError on failure. 1454 """ 1455 return check_return(libsyd.syd_default_mkdir(action.value)) 1456 1457 1458def default_rmdir(action: Action) -> bool: 1459 """ 1460 Set default action for rmdir sandboxing. 1461 1462 # Returns 1463 bool: True on successful operation, or raises OSError on failure. 1464 """ 1465 return check_return(libsyd.syd_default_rmdir(action.value)) 1466 1467 1468def default_chown(action: Action) -> bool: 1469 """ 1470 Set default action for chown sandboxing. 1471 1472 # Returns 1473 bool: True on successful operation, or raises OSError on failure. 1474 """ 1475 return check_return(libsyd.syd_default_chown(action.value)) 1476 1477 1478def default_chgrp(action: Action) -> bool: 1479 """ 1480 Set default action for chgrp sandboxing. 1481 1482 # Returns 1483 bool: True on successful operation, or raises OSError on failure. 1484 """ 1485 return check_return(libsyd.syd_default_chgrp(action.value)) 1486 1487 1488def default_chmod(action: Action) -> bool: 1489 """ 1490 Set default action for chmod sandboxing. 1491 1492 # Returns 1493 bool: True on successful operation, or raises OSError on failure. 1494 """ 1495 return check_return(libsyd.syd_default_chmod(action.value)) 1496 1497 1498def default_chattr(action: Action) -> bool: 1499 """ 1500 Set default action for chattr sandboxing. 1501 1502 # Returns 1503 bool: True on successful operation, or raises OSError on failure. 1504 """ 1505 return check_return(libsyd.syd_default_chattr(action.value)) 1506 1507 1508def default_chroot(action: Action) -> bool: 1509 """ 1510 Set default action for chroot sandboxing. 1511 1512 # Returns 1513 bool: True on successful operation, or raises OSError on failure. 1514 """ 1515 return check_return(libsyd.syd_default_chroot(action.value)) 1516 1517 1518def default_utime(action: Action) -> bool: 1519 """ 1520 Set default action for utime sandboxing. 1521 1522 # Returns 1523 bool: True on successful operation, or raises OSError on failure. 1524 """ 1525 return check_return(libsyd.syd_default_utime(action.value)) 1526 1527 1528def default_mkdev(action: Action) -> bool: 1529 """ 1530 Set default action for mkdev sandboxing. 1531 1532 # Returns 1533 bool: True on successful operation, or raises OSError on failure. 1534 """ 1535 return check_return(libsyd.syd_default_mkdev(action.value)) 1536 1537 1538def default_mkfifo(action: Action) -> bool: 1539 """ 1540 Set default action for mkfifo sandboxing. 1541 1542 # Returns 1543 bool: True on successful operation, or raises OSError on failure. 1544 """ 1545 return check_return(libsyd.syd_default_mkfifo(action.value)) 1546 1547 1548def default_mktemp(action: Action) -> bool: 1549 """ 1550 Set default action for mktemp sandboxing. 1551 1552 # Returns 1553 bool: True on successful operation, or raises OSError on failure. 1554 """ 1555 return check_return(libsyd.syd_default_mktemp(action.value)) 1556 1557 1558def default_net(action: Action) -> bool: 1559 """ 1560 Set default action for Network sandboxing. 1561 1562 # Returns 1563 bool: True on successful operation, or raises OSError on failure. 1564 """ 1565 return check_return(libsyd.syd_default_net(action.value)) 1566 1567 1568def default_block(action: Action) -> bool: 1569 """ 1570 Set default action for block sandboxing. 1571 1572 # Returns 1573 bool: True on successful operation, or raises OSError on failure. 1574 """ 1575 return check_return(libsyd.syd_default_block(action.value)) 1576 1577 1578def default_mem(action: Action) -> bool: 1579 """ 1580 Set default action for Memory sandboxing. 1581 1582 # Returns 1583 bool: True on successful operation, or raises OSError on failure. 1584 """ 1585 return check_return(libsyd.syd_default_mem(action.value)) 1586 1587 1588def default_pid(action: Action) -> bool: 1589 """ 1590 Set default action for PID sandboxing. 1591 1592 # Returns 1593 bool: True on successful operation, or raises OSError on failure. 1594 """ 1595 return check_return(libsyd.syd_default_pid(action.value)) 1596 1597 1598def default_force(action: Action) -> bool: 1599 """ 1600 Set default action for Force sandboxing. 1601 1602 # Returns 1603 bool: True on successful operation, or raises OSError on failure. 1604 """ 1605 return check_return(libsyd.syd_default_force(action.value)) 1606 1607 1608def default_segvguard(action: Action) -> bool: 1609 """ 1610 Set default action for SegvGuard. 1611 1612 # Returns 1613 bool: True on successful operation, or raises OSError on failure. 1614 """ 1615 return check_return(libsyd.syd_default_segvguard(action.value)) 1616 1617 1618def default_tpe(action: Action) -> bool: 1619 """ 1620 Set default action for TPE sandboxing. 1621 1622 # Returns 1623 bool: True on successful operation, or raises OSError on failure. 1624 """ 1625 return check_return(libsyd.syd_default_tpe(action.value)) 1626 1627 1628def ioctl_deny(request: int) -> bool: 1629 """ 1630 Adds a request to the _ioctl_(2) denylist. 1631 1632 # Parameters 1633 - request (int): _ioctl_(2) request 1634 1635 # Returns 1636 bool: True on successful operation, or raises an OSError on failure. 1637 """ 1638 return check_return(libsyd.syd_ioctl_deny(request)) 1639 1640 1641def stat_add(action: Action, glob: bytes) -> bool: 1642 """ 1643 Adds to the given actionlist of stat sandboxing. 1644 1645 # Parameters 1646 - action (Action): Sandbox action 1647 - glob (bytes): Glob pattern 1648 1649 # Returns 1650 bool: True on successful operation, or raises an OSError on failure. 1651 """ 1652 return check_return(libsyd.syd_stat_add(action.value, glob)) 1653 1654 1655def stat_del(action: Action, glob: bytes) -> bool: 1656 """ 1657 Removes the first instance from the end of the given actionlist of 1658 stat sandboxing. 1659 1660 # Parameters 1661 - action (Action): Sandbox action 1662 - glob (bytes): Glob pattern 1663 1664 # Returns 1665 bool: True on successful operation, or raises an OSError on failure. 1666 """ 1667 return check_return(libsyd.syd_stat_del(action.value, glob)) 1668 1669 1670def stat_rem(action: Action, glob: bytes) -> bool: 1671 """ 1672 Removes all matching patterns from the given actionlist of stat sandboxing. 1673 1674 # Parameters 1675 - action (Action): Sandbox action 1676 - glob (bytes): Glob pattern 1677 1678 # Returns 1679 bool: True on successful operation, or raises an OSError on failure. 1680 """ 1681 return check_return(libsyd.syd_stat_rem(action.value, glob)) 1682 1683 1684def read_add(action: Action, glob: bytes) -> bool: 1685 """ 1686 Adds to the given actionlist of read sandboxing. 1687 1688 # Parameters 1689 - action (Action): Sandbox action 1690 - glob (bytes): Glob pattern 1691 1692 # Returns 1693 bool: True on successful operation, or raises an OSError on failure. 1694 """ 1695 return check_return(libsyd.syd_read_add(action.value, glob)) 1696 1697 1698def read_del(action: Action, glob: bytes) -> bool: 1699 """ 1700 Removes the first instance from the end of the given actionlist of 1701 read sandboxing. 1702 1703 # Parameters 1704 - action (Action): Sandbox action 1705 - glob (bytes): Glob pattern 1706 1707 # Returns 1708 bool: True on successful operation, or raises an OSError on failure. 1709 """ 1710 return check_return(libsyd.syd_read_del(action.value, glob)) 1711 1712 1713def read_rem(action: Action, glob: bytes) -> bool: 1714 """ 1715 Removes all matching patterns from the given actionlist of read sandboxing. 1716 1717 # Parameters 1718 - action (Action): Sandbox action 1719 - glob (bytes): Glob pattern 1720 1721 # Returns 1722 bool: True on successful operation, or raises an OSError on failure. 1723 """ 1724 return check_return(libsyd.syd_read_rem(action.value, glob)) 1725 1726 1727def write_add(action: Action, glob: bytes) -> bool: 1728 """ 1729 Adds to the given actionlist of write sandboxing. 1730 1731 # Parameters 1732 - action (Action): Sandbox action 1733 - glob (bytes): Glob pattern 1734 1735 # Returns 1736 bool: True on successful operation, or raises an OSError on failure. 1737 """ 1738 return check_return(libsyd.syd_write_add(action.value, glob)) 1739 1740 1741def write_del(action: Action, glob: bytes) -> bool: 1742 """ 1743 Removes the first instance from the end of the given actionlist of 1744 write sandboxing. 1745 1746 # Parameters 1747 - action (Action): Sandbox action 1748 - glob (bytes): Glob pattern 1749 1750 # Returns 1751 bool: True on successful operation, or raises an OSError on failure. 1752 """ 1753 return check_return(libsyd.syd_write_del(action.value, glob)) 1754 1755 1756def write_rem(action: Action, glob: bytes) -> bool: 1757 """ 1758 Removes all matching patterns from the given actionlist of write sandboxing. 1759 1760 # Parameters 1761 - action (Action): Sandbox action 1762 - glob (bytes): Glob pattern 1763 1764 # Returns 1765 bool: True on successful operation, or raises an OSError on failure. 1766 """ 1767 return check_return(libsyd.syd_write_rem(action.value, glob)) 1768 1769 1770def exec_add(action: Action, glob: bytes) -> bool: 1771 """ 1772 Adds to the given actionlist of exec sandboxing. 1773 1774 # Parameters 1775 - action (Action): Sandbox action 1776 - glob (bytes): Glob pattern 1777 1778 # Returns 1779 bool: True on successful operation, or raises an OSError on failure. 1780 """ 1781 return check_return(libsyd.syd_exec_add(action.value, glob)) 1782 1783 1784def exec_del(action: Action, glob: bytes) -> bool: 1785 """ 1786 Removes the first instance from the end of the given actionlist of 1787 exec sandboxing. 1788 1789 # Parameters 1790 - action (Action): Sandbox action 1791 - glob (bytes): Glob pattern 1792 1793 # Returns 1794 bool: True on successful operation, or raises an OSError on failure. 1795 """ 1796 return check_return(libsyd.syd_exec_del(action.value, glob)) 1797 1798 1799def exec_rem(action: Action, glob: bytes) -> bool: 1800 """ 1801 Removes all matching patterns from the given actionlist of exec sandboxing. 1802 1803 # Parameters 1804 - action (Action): Sandbox action 1805 - glob (bytes): Glob pattern 1806 1807 # Returns 1808 bool: True on successful operation, or raises an OSError on failure. 1809 """ 1810 return check_return(libsyd.syd_exec_rem(action.value, glob)) 1811 1812 1813def ioctl_add(action: Action, glob: bytes) -> bool: 1814 """ 1815 Adds to the given actionlist of ioctl sandboxing. 1816 1817 # Parameters 1818 - action (Action): Sandbox action 1819 - glob (bytes): Glob pattern 1820 1821 # Returns 1822 bool: True on successful operation, or raises an OSError on failure. 1823 """ 1824 return check_return(libsyd.syd_ioctl_add(action.value, glob)) 1825 1826 1827def ioctl_del(action: Action, glob: bytes) -> bool: 1828 """ 1829 Removes the first instance from the end of the given actionlist of 1830 ioctl sandboxing. 1831 1832 # Parameters 1833 - action (Action): Sandbox action 1834 - glob (bytes): Glob pattern 1835 1836 # Returns 1837 bool: True on successful operation, or raises an OSError on failure. 1838 """ 1839 return check_return(libsyd.syd_ioctl_del(action.value, glob)) 1840 1841 1842def ioctl_rem(action: Action, glob: bytes) -> bool: 1843 """ 1844 Removes all matching patterns from the given actionlist of ioctl sandboxing. 1845 1846 # Parameters 1847 - action (Action): Sandbox action 1848 - glob (bytes): Glob pattern 1849 1850 # Returns 1851 bool: True on successful operation, or raises an OSError on failure. 1852 """ 1853 return check_return(libsyd.syd_ioctl_rem(action.value, glob)) 1854 1855 1856def create_add(action: Action, glob: bytes) -> bool: 1857 """ 1858 Adds to the given actionlist of create sandboxing. 1859 1860 # Parameters 1861 - action (Action): Sandbox action 1862 - glob (bytes): Glob pattern 1863 1864 # Returns 1865 bool: True on successful operation, or raises an OSError on failure. 1866 """ 1867 return check_return(libsyd.syd_create_add(action.value, glob)) 1868 1869 1870def create_del(action: Action, glob: bytes) -> bool: 1871 """ 1872 Removes the first instance from the end of the given actionlist of 1873 create sandboxing. 1874 1875 # Parameters 1876 - action (Action): Sandbox action 1877 - glob (bytes): Glob pattern 1878 1879 # Returns 1880 bool: True on successful operation, or raises an OSError on failure. 1881 """ 1882 return check_return(libsyd.syd_create_del(action.value, glob)) 1883 1884 1885def create_rem(action: Action, glob: bytes) -> bool: 1886 """ 1887 Removes all matching patterns from the given actionlist of create sandboxing. 1888 1889 # Parameters 1890 - action (Action): Sandbox action 1891 - glob (bytes): Glob pattern 1892 1893 # Returns 1894 bool: True on successful operation, or raises an OSError on failure. 1895 """ 1896 return check_return(libsyd.syd_create_rem(action.value, glob)) 1897 1898 1899def delete_add(action: Action, glob: bytes) -> bool: 1900 """ 1901 Adds to the given actionlist of delete sandboxing. 1902 1903 # Parameters 1904 - action (Action): Sandbox action 1905 - glob (bytes): Glob pattern 1906 1907 # Returns 1908 bool: True on successful operation, or raises an OSError on failure. 1909 """ 1910 return check_return(libsyd.syd_delete_add(action.value, glob)) 1911 1912 1913def delete_del(action: Action, glob: bytes) -> bool: 1914 """ 1915 Removes the first instance from the end of the given actionlist of 1916 delete sandboxing. 1917 1918 # Parameters 1919 - action (Action): Sandbox action 1920 - glob (bytes): Glob pattern 1921 1922 # Returns 1923 bool: True on successful operation, or raises an OSError on failure. 1924 """ 1925 return check_return(libsyd.syd_delete_del(action.value, glob)) 1926 1927 1928def delete_rem(action: Action, glob: bytes) -> bool: 1929 """ 1930 Removes all matching patterns from the given actionlist of delete sandboxing. 1931 1932 # Parameters 1933 - action (Action): Sandbox action 1934 - glob (bytes): Glob pattern 1935 1936 # Returns 1937 bool: True on successful operation, or raises an OSError on failure. 1938 """ 1939 return check_return(libsyd.syd_delete_rem(action.value, glob)) 1940 1941 1942def rename_add(action: Action, glob: bytes) -> bool: 1943 """ 1944 Adds to the given actionlist of rename sandboxing. 1945 1946 # Parameters 1947 - action (Action): Sandbox action 1948 - glob (bytes): Glob pattern 1949 1950 # Returns 1951 bool: True on successful operation, or raises an OSError on failure. 1952 """ 1953 return check_return(libsyd.syd_rename_add(action.value, glob)) 1954 1955 1956def rename_del(action: Action, glob: bytes) -> bool: 1957 """ 1958 Removes the first instance from the end of the given actionlist of 1959 rename sandboxing. 1960 1961 # Parameters 1962 - action (Action): Sandbox action 1963 - glob (bytes): Glob pattern 1964 1965 # Returns 1966 bool: True on successful operation, or raises an OSError on failure. 1967 """ 1968 return check_return(libsyd.syd_rename_del(action.value, glob)) 1969 1970 1971def rename_rem(action: Action, glob: bytes) -> bool: 1972 """ 1973 Removes all matching patterns from the given actionlist of rename sandboxing. 1974 1975 # Parameters 1976 - action (Action): Sandbox action 1977 - glob (bytes): Glob pattern 1978 1979 # Returns 1980 bool: True on successful operation, or raises an OSError on failure. 1981 """ 1982 return check_return(libsyd.syd_rename_rem(action.value, glob)) 1983 1984 1985def symlink_add(action: Action, glob: bytes) -> bool: 1986 """ 1987 Adds to the given actionlist of symlink sandboxing. 1988 1989 # Parameters 1990 - action (Action): Sandbox action 1991 - glob (bytes): Glob pattern 1992 1993 # Returns 1994 bool: True on successful operation, or raises an OSError on failure. 1995 """ 1996 return check_return(libsyd.syd_symlink_add(action.value, glob)) 1997 1998 1999def symlink_del(action: Action, glob: bytes) -> bool: 2000 """ 2001 Removes the first instance from the end of the given actionlist of 2002 symlink sandboxing. 2003 2004 # Parameters 2005 - action (Action): Sandbox action 2006 - glob (bytes): Glob pattern 2007 2008 # Returns 2009 bool: True on successful operation, or raises an OSError on failure. 2010 """ 2011 return check_return(libsyd.syd_symlink_del(action.value, glob)) 2012 2013 2014def symlink_rem(action: Action, glob: bytes) -> bool: 2015 """ 2016 Removes all matching patterns from the given actionlist of symlink sandboxing. 2017 2018 # Parameters 2019 - action (Action): Sandbox action 2020 - glob (bytes): Glob pattern 2021 2022 # Returns 2023 bool: True on successful operation, or raises an OSError on failure. 2024 """ 2025 return check_return(libsyd.syd_symlink_rem(action.value, glob)) 2026 2027 2028def truncate_add(action: Action, glob: bytes) -> bool: 2029 """ 2030 Adds to the given actionlist of truncate sandboxing. 2031 2032 # Parameters 2033 - action (Action): Sandbox action 2034 - glob (bytes): Glob pattern 2035 2036 # Returns 2037 bool: True on successful operation, or raises an OSError on failure. 2038 """ 2039 return check_return(libsyd.syd_truncate_add(action.value, glob)) 2040 2041 2042def truncate_del(action: Action, glob: bytes) -> bool: 2043 """ 2044 Removes the first instance from the end of the given actionlist of 2045 truncate sandboxing. 2046 2047 # Parameters 2048 - action (Action): Sandbox action 2049 - glob (bytes): Glob pattern 2050 2051 # Returns 2052 bool: True on successful operation, or raises an OSError on failure. 2053 """ 2054 return check_return(libsyd.syd_truncate_del(action.value, glob)) 2055 2056 2057def truncate_rem(action: Action, glob: bytes) -> bool: 2058 """ 2059 Removes all matching patterns from the given actionlist of truncate sandboxing. 2060 2061 # Parameters 2062 - action (Action): Sandbox action 2063 - glob (bytes): Glob pattern 2064 2065 # Returns 2066 bool: True on successful operation, or raises an OSError on failure. 2067 """ 2068 return check_return(libsyd.syd_truncate_rem(action.value, glob)) 2069 2070 2071def chdir_add(action: Action, glob: bytes) -> bool: 2072 """ 2073 Adds to the given actionlist of chdir sandboxing. 2074 2075 # Parameters 2076 - action (Action): Sandbox action 2077 - glob (bytes): Glob pattern 2078 2079 # Returns 2080 bool: True on successful operation, or raises an OSError on failure. 2081 """ 2082 return check_return(libsyd.syd_chdir_add(action.value, glob)) 2083 2084 2085def chdir_del(action: Action, glob: bytes) -> bool: 2086 """ 2087 Removes the first instance from the end of the given actionlist of 2088 chdir sandboxing. 2089 2090 # Parameters 2091 - action (Action): Sandbox action 2092 - glob (bytes): Glob pattern 2093 2094 # Returns 2095 bool: True on successful operation, or raises an OSError on failure. 2096 """ 2097 return check_return(libsyd.syd_chdir_del(action.value, glob)) 2098 2099 2100def chdir_rem(action: Action, glob: bytes) -> bool: 2101 """ 2102 Removes all matching patterns from the given actionlist of chdir sandboxing. 2103 2104 # Parameters 2105 - action (Action): Sandbox action 2106 - glob (bytes): Glob pattern 2107 2108 # Returns 2109 bool: True on successful operation, or raises an OSError on failure. 2110 """ 2111 return check_return(libsyd.syd_chdir_rem(action.value, glob)) 2112 2113 2114def readdir_add(action: Action, glob: bytes) -> bool: 2115 """ 2116 Adds to the given actionlist of readdir sandboxing. 2117 2118 # Parameters 2119 - action (Action): Sandbox action 2120 - glob (bytes): Glob pattern 2121 2122 # Returns 2123 bool: True on successful operation, or raises an OSError on failure. 2124 """ 2125 return check_return(libsyd.syd_readdir_add(action.value, glob)) 2126 2127 2128def readdir_del(action: Action, glob: bytes) -> bool: 2129 """ 2130 Removes the first instance from the end of the given actionlist of 2131 readdir sandboxing. 2132 2133 # Parameters 2134 - action (Action): Sandbox action 2135 - glob (bytes): Glob pattern 2136 2137 # Returns 2138 bool: True on successful operation, or raises an OSError on failure. 2139 """ 2140 return check_return(libsyd.syd_readdir_del(action.value, glob)) 2141 2142 2143def readdir_rem(action: Action, glob: bytes) -> bool: 2144 """ 2145 Removes all matching patterns from the given actionlist of readdir sandboxing. 2146 2147 # Parameters 2148 - action (Action): Sandbox action 2149 - glob (bytes): Glob pattern 2150 2151 # Returns 2152 bool: True on successful operation, or raises an OSError on failure. 2153 """ 2154 return check_return(libsyd.syd_readdir_rem(action.value, glob)) 2155 2156 2157def mkdir_add(action: Action, glob: bytes) -> bool: 2158 """ 2159 Adds to the given actionlist of mkdir sandboxing. 2160 2161 # Parameters 2162 - action (Action): Sandbox action 2163 - glob (bytes): Glob pattern 2164 2165 # Returns 2166 bool: True on successful operation, or raises an OSError on failure. 2167 """ 2168 return check_return(libsyd.syd_mkdir_add(action.value, glob)) 2169 2170 2171def mkdir_del(action: Action, glob: bytes) -> bool: 2172 """ 2173 Removes the first instance from the end of the given actionlist of 2174 mkdir sandboxing. 2175 2176 # Parameters 2177 - action (Action): Sandbox action 2178 - glob (bytes): Glob pattern 2179 2180 # Returns 2181 bool: True on successful operation, or raises an OSError on failure. 2182 """ 2183 return check_return(libsyd.syd_mkdir_del(action.value, glob)) 2184 2185 2186def mkdir_rem(action: Action, glob: bytes) -> bool: 2187 """ 2188 Removes all matching patterns from the given actionlist of mkdir sandboxing. 2189 2190 # Parameters 2191 - action (Action): Sandbox action 2192 - glob (bytes): Glob pattern 2193 2194 # Returns 2195 bool: True on successful operation, or raises an OSError on failure. 2196 """ 2197 return check_return(libsyd.syd_mkdir_rem(action.value, glob)) 2198 2199 2200def rmdir_add(action: Action, glob: bytes) -> bool: 2201 """ 2202 Adds to the given actionlist of rmdir sandboxing. 2203 2204 # Parameters 2205 - action (Action): Sandbox action 2206 - glob (bytes): Glob pattern 2207 2208 # Returns 2209 bool: True on successful operation, or raises an OSError on failure. 2210 """ 2211 return check_return(libsyd.syd_rmdir_add(action.value, glob)) 2212 2213 2214def rmdir_del(action: Action, glob: bytes) -> bool: 2215 """ 2216 Removes the first instance from the end of the given actionlist of 2217 rmdir sandboxing. 2218 2219 # Parameters 2220 - action (Action): Sandbox action 2221 - glob (bytes): Glob pattern 2222 2223 # Returns 2224 bool: True on successful operation, or raises an OSError on failure. 2225 """ 2226 return check_return(libsyd.syd_rmdir_del(action.value, glob)) 2227 2228 2229def rmdir_rem(action: Action, glob: bytes) -> bool: 2230 """ 2231 Removes all matching patterns from the given actionlist of rmdir sandboxing. 2232 2233 # Parameters 2234 - action (Action): Sandbox action 2235 - glob (bytes): Glob pattern 2236 2237 # Returns 2238 bool: True on successful operation, or raises an OSError on failure. 2239 """ 2240 return check_return(libsyd.syd_rmdir_rem(action.value, glob)) 2241 2242 2243def chown_add(action: Action, glob: bytes) -> bool: 2244 """ 2245 Adds to the given actionlist of chown sandboxing. 2246 2247 # Parameters 2248 - action (Action): Sandbox action 2249 - glob (bytes): Glob pattern 2250 2251 # Returns 2252 bool: True on successful operation, or raises an OSError on failure. 2253 """ 2254 return check_return(libsyd.syd_chown_add(action.value, glob)) 2255 2256 2257def chown_del(action: Action, glob: bytes) -> bool: 2258 """ 2259 Removes the first instance from the end of the given actionlist of 2260 chown sandboxing. 2261 2262 # Parameters 2263 - action (Action): Sandbox action 2264 - glob (bytes): Glob pattern 2265 2266 # Returns 2267 bool: True on successful operation, or raises an OSError on failure. 2268 """ 2269 return check_return(libsyd.syd_chown_del(action.value, glob)) 2270 2271 2272def chown_rem(action: Action, glob: bytes) -> bool: 2273 """ 2274 Removes all matching patterns from the given actionlist of chown sandboxing. 2275 2276 # Parameters 2277 - action (Action): Sandbox action 2278 - glob (bytes): Glob pattern 2279 2280 # Returns 2281 bool: True on successful operation, or raises an OSError on failure. 2282 """ 2283 return check_return(libsyd.syd_chown_rem(action.value, glob)) 2284 2285 2286def chgrp_add(action: Action, glob: bytes) -> bool: 2287 """ 2288 Adds to the given actionlist of chgrp sandboxing. 2289 2290 # Parameters 2291 - action (Action): Sandbox action 2292 - glob (bytes): Glob pattern 2293 2294 # Returns 2295 bool: True on successful operation, or raises an OSError on failure. 2296 """ 2297 return check_return(libsyd.syd_chgrp_add(action.value, glob)) 2298 2299 2300def chgrp_del(action: Action, glob: bytes) -> bool: 2301 """ 2302 Removes the first instance from the end of the given actionlist of 2303 chgrp sandboxing. 2304 2305 # Parameters 2306 - action (Action): Sandbox action 2307 - glob (bytes): Glob pattern 2308 2309 # Returns 2310 bool: True on successful operation, or raises an OSError on failure. 2311 """ 2312 return check_return(libsyd.syd_chgrp_del(action.value, glob)) 2313 2314 2315def chgrp_rem(action: Action, glob: bytes) -> bool: 2316 """ 2317 Removes all matching patterns from the given actionlist of chgrp sandboxing. 2318 2319 # Parameters 2320 - action (Action): Sandbox action 2321 - glob (bytes): Glob pattern 2322 2323 # Returns 2324 bool: True on successful operation, or raises an OSError on failure. 2325 """ 2326 return check_return(libsyd.syd_chgrp_rem(action.value, glob)) 2327 2328 2329def chmod_add(action: Action, glob: bytes) -> bool: 2330 """ 2331 Adds to the given actionlist of chmod sandboxing. 2332 2333 # Parameters 2334 - action (Action): Sandbox action 2335 - glob (bytes): Glob pattern 2336 2337 # Returns 2338 bool: True on successful operation, or raises an OSError on failure. 2339 """ 2340 return check_return(libsyd.syd_chmod_add(action.value, glob)) 2341 2342 2343def chmod_del(action: Action, glob: bytes) -> bool: 2344 """ 2345 Removes the first instance from the end of the given actionlist of 2346 chmod sandboxing. 2347 2348 # Parameters 2349 - action (Action): Sandbox action 2350 - glob (bytes): Glob pattern 2351 2352 # Returns 2353 bool: True on successful operation, or raises an OSError on failure. 2354 """ 2355 return check_return(libsyd.syd_chmod_del(action.value, glob)) 2356 2357 2358def chmod_rem(action: Action, glob: bytes) -> bool: 2359 """ 2360 Removes all matching patterns from the given actionlist of chmod sandboxing. 2361 2362 # Parameters 2363 - action (Action): Sandbox action 2364 - glob (bytes): Glob pattern 2365 2366 # Returns 2367 bool: True on successful operation, or raises an OSError on failure. 2368 """ 2369 return check_return(libsyd.syd_chmod_rem(action.value, glob)) 2370 2371 2372def chattr_add(action: Action, glob: bytes) -> bool: 2373 """ 2374 Adds to the given actionlist of chattr sandboxing. 2375 2376 # Parameters 2377 - action (Action): Sandbox action 2378 - glob (bytes): Glob pattern 2379 2380 # Returns 2381 bool: True on successful operation, or raises an OSError on failure. 2382 """ 2383 return check_return(libsyd.syd_chattr_add(action.value, glob)) 2384 2385 2386def chattr_del(action: Action, glob: bytes) -> bool: 2387 """ 2388 Removes the first instance from the end of the given actionlist of 2389 chattr sandboxing. 2390 2391 # Parameters 2392 - action (Action): Sandbox action 2393 - glob (bytes): Glob pattern 2394 2395 # Returns 2396 bool: True on successful operation, or raises an OSError on failure. 2397 """ 2398 return check_return(libsyd.syd_chattr_del(action.value, glob)) 2399 2400 2401def chattr_rem(action: Action, glob: bytes) -> bool: 2402 """ 2403 Removes all matching patterns from the given actionlist of chattr sandboxing. 2404 2405 # Parameters 2406 - action (Action): Sandbox action 2407 - glob (bytes): Glob pattern 2408 2409 # Returns 2410 bool: True on successful operation, or raises an OSError on failure. 2411 """ 2412 return check_return(libsyd.syd_chattr_rem(action.value, glob)) 2413 2414 2415def chroot_add(action: Action, glob: bytes) -> bool: 2416 """ 2417 Adds to the given actionlist of chroot sandboxing. 2418 2419 # Parameters 2420 - action (Action): Sandbox action 2421 - glob (bytes): Glob pattern 2422 2423 # Returns 2424 bool: True on successful operation, or raises an OSError on failure. 2425 """ 2426 return check_return(libsyd.syd_chroot_add(action.value, glob)) 2427 2428 2429def chroot_del(action: Action, glob: bytes) -> bool: 2430 """ 2431 Removes the first instance from the end of the given actionlist of 2432 chroot sandboxing. 2433 2434 # Parameters 2435 - action (Action): Sandbox action 2436 - glob (bytes): Glob pattern 2437 2438 # Returns 2439 bool: True on successful operation, or raises an OSError on failure. 2440 """ 2441 return check_return(libsyd.syd_chroot_del(action.value, glob)) 2442 2443 2444def chroot_rem(action: Action, glob: bytes) -> bool: 2445 """ 2446 Removes all matching patterns from the given actionlist of chroot sandboxing. 2447 2448 # Parameters 2449 - action (Action): Sandbox action 2450 - glob (bytes): Glob pattern 2451 2452 # Returns 2453 bool: True on successful operation, or raises an OSError on failure. 2454 """ 2455 return check_return(libsyd.syd_chroot_rem(action.value, glob)) 2456 2457 2458def utime_add(action: Action, glob: bytes) -> bool: 2459 """ 2460 Adds to the given actionlist of utime sandboxing. 2461 2462 # Parameters 2463 - action (Action): Sandbox action 2464 - glob (bytes): Glob pattern 2465 2466 # Returns 2467 bool: True on successful operation, or raises an OSError on failure. 2468 """ 2469 return check_return(libsyd.syd_utime_add(action.value, glob)) 2470 2471 2472def utime_del(action: Action, glob: bytes) -> bool: 2473 """ 2474 Removes the first instance from the end of the given actionlist of 2475 utime sandboxing. 2476 2477 # Parameters 2478 - action (Action): Sandbox action 2479 - glob (bytes): Glob pattern 2480 2481 # Returns 2482 bool: True on successful operation, or raises an OSError on failure. 2483 """ 2484 return check_return(libsyd.syd_utime_del(action.value, glob)) 2485 2486 2487def utime_rem(action: Action, glob: bytes) -> bool: 2488 """ 2489 Removes all matching patterns from the given actionlist of utime sandboxing. 2490 2491 # Parameters 2492 - action (Action): Sandbox action 2493 - glob (bytes): Glob pattern 2494 2495 # Returns 2496 bool: True on successful operation, or raises an OSError on failure. 2497 """ 2498 return check_return(libsyd.syd_utime_rem(action.value, glob)) 2499 2500 2501def mkdev_add(action: Action, glob: bytes) -> bool: 2502 """ 2503 Adds to the given actionlist of mkdev sandboxing. 2504 2505 # Parameters 2506 - action (Action): Sandbox action 2507 - glob (bytes): Glob pattern 2508 2509 # Returns 2510 bool: True on successful operation, or raises an OSError on failure. 2511 """ 2512 return check_return(libsyd.syd_mkdev_add(action.value, glob)) 2513 2514 2515def mkdev_del(action: Action, glob: bytes) -> bool: 2516 """ 2517 Removes the first instance from the end of the given actionlist of 2518 mkdev sandboxing. 2519 2520 # Parameters 2521 - action (Action): Sandbox action 2522 - glob (bytes): Glob pattern 2523 2524 # Returns 2525 bool: True on successful operation, or raises an OSError on failure. 2526 """ 2527 return check_return(libsyd.syd_mkdev_del(action.value, glob)) 2528 2529 2530def mkdev_rem(action: Action, glob: bytes) -> bool: 2531 """ 2532 Removes all matching patterns from the given actionlist of mkdev sandboxing. 2533 2534 # Parameters 2535 - action (Action): Sandbox action 2536 - glob (bytes): Glob pattern 2537 2538 # Returns 2539 bool: True on successful operation, or raises an OSError on failure. 2540 """ 2541 return check_return(libsyd.syd_mkdev_rem(action.value, glob)) 2542 2543 2544def mkfifo_add(action: Action, glob: bytes) -> bool: 2545 """ 2546 Adds to the given actionlist of mkfifo sandboxing. 2547 2548 # Parameters 2549 - action (Action): Sandbox action 2550 - glob (bytes): Glob pattern 2551 2552 # Returns 2553 bool: True on successful operation, or raises an OSError on failure. 2554 """ 2555 return check_return(libsyd.syd_mkfifo_add(action.value, glob)) 2556 2557 2558def mkfifo_del(action: Action, glob: bytes) -> bool: 2559 """ 2560 Removes the first instance from the end of the given actionlist of 2561 mkfifo sandboxing. 2562 2563 # Parameters 2564 - action (Action): Sandbox action 2565 - glob (bytes): Glob pattern 2566 2567 # Returns 2568 bool: True on successful operation, or raises an OSError on failure. 2569 """ 2570 return check_return(libsyd.syd_mkfifo_del(action.value, glob)) 2571 2572 2573def mkfifo_rem(action: Action, glob: bytes) -> bool: 2574 """ 2575 Removes all matching patterns from the given actionlist of mkfifo sandboxing. 2576 2577 # Parameters 2578 - action (Action): Sandbox action 2579 - glob (bytes): Glob pattern 2580 2581 # Returns 2582 bool: True on successful operation, or raises an OSError on failure. 2583 """ 2584 return check_return(libsyd.syd_mkfifo_rem(action.value, glob)) 2585 2586 2587def mktemp_add(action: Action, glob: bytes) -> bool: 2588 """ 2589 Adds to the given actionlist of mktemp sandboxing. 2590 2591 # Parameters 2592 - action (Action): Sandbox action 2593 - glob (bytes): Glob pattern 2594 2595 # Returns 2596 bool: True on successful operation, or raises an OSError on failure. 2597 """ 2598 return check_return(libsyd.syd_mktemp_add(action.value, glob)) 2599 2600 2601def mktemp_del(action: Action, glob: bytes) -> bool: 2602 """ 2603 Removes the first instance from the end of the given actionlist of 2604 mktemp sandboxing. 2605 2606 # Parameters 2607 - action (Action): Sandbox action 2608 - glob (bytes): Glob pattern 2609 2610 # Returns 2611 bool: True on successful operation, or raises an OSError on failure. 2612 """ 2613 return check_return(libsyd.syd_mktemp_del(action.value, glob)) 2614 2615 2616def mktemp_rem(action: Action, glob: bytes) -> bool: 2617 """ 2618 Removes all matching patterns from the given actionlist of mktemp sandboxing. 2619 2620 # Parameters 2621 - action (Action): Sandbox action 2622 - glob (bytes): Glob pattern 2623 2624 # Returns 2625 bool: True on successful operation, or raises an OSError on failure. 2626 """ 2627 return check_return(libsyd.syd_mktemp_rem(action.value, glob)) 2628 2629 2630def net_bind_add(action: Action, addr: bytes) -> bool: 2631 """ 2632 Adds to the given actionlist of net_bind sandboxing. 2633 2634 # Parameters 2635 - action (Action): Sandbox action 2636 - addr (bytes): Address pattern 2637 2638 # Returns 2639 bool: True on successful operation, or raises an OSError on failure. 2640 """ 2641 return check_return(libsyd.syd_net_bind_add(action.value, addr)) 2642 2643 2644def net_bind_del(action: Action, addr: bytes) -> bool: 2645 """ 2646 Removes the first instance from the end of the given actionlist of 2647 net/bind sandboxing. 2648 2649 # Parameters 2650 - addr (bytes): Address pattern 2651 2652 # Returns 2653 bool: True on successful operation, or raises an OSError on failure. 2654 """ 2655 return check_return(libsyd.syd_net_bind_del(action.value, addr)) 2656 2657 2658def net_bind_rem(action: Action, addr: bytes) -> bool: 2659 """ 2660 Removes all matching patterns from the given actionlist of net/bind 2661 sandboxing. 2662 2663 # Parameters 2664 - addr (bytes): Address pattern 2665 2666 # Returns 2667 bool: True on successful operation, or raises an OSError on failure. 2668 """ 2669 return check_return(libsyd.syd_net_bind_rem(action.value, addr)) 2670 2671 2672def net_connect_add(action: Action, addr: bytes) -> bool: 2673 """ 2674 Adds to the given actionlist of net_connect sandboxing. 2675 2676 # Parameters 2677 - action (Action): Sandbox action 2678 - addr (bytes): Address pattern 2679 2680 # Returns 2681 bool: True on successful operation, or raises an OSError on failure. 2682 """ 2683 return check_return(libsyd.syd_net_connect_add(action.value, addr)) 2684 2685 2686def net_connect_del(action: Action, addr: bytes) -> bool: 2687 """ 2688 Removes the first instance from the end of the given actionlist of 2689 net/connect sandboxing. 2690 2691 # Parameters 2692 - addr (bytes): Address pattern 2693 2694 # Returns 2695 bool: True on successful operation, or raises an OSError on failure. 2696 """ 2697 return check_return(libsyd.syd_net_connect_del(action.value, addr)) 2698 2699 2700def net_connect_rem(action: Action, addr: bytes) -> bool: 2701 """ 2702 Removes all matching patterns from the given actionlist of net/connect 2703 sandboxing. 2704 2705 # Parameters 2706 - addr (bytes): Address pattern 2707 2708 # Returns 2709 bool: True on successful operation, or raises an OSError on failure. 2710 """ 2711 return check_return(libsyd.syd_net_connect_rem(action.value, addr)) 2712 2713 2714def net_sendfd_add(action: Action, addr: bytes) -> bool: 2715 """ 2716 Adds to the given actionlist of net_sendfd sandboxing. 2717 2718 # Parameters 2719 - action (Action): Sandbox action 2720 - addr (bytes): Address pattern 2721 2722 # Returns 2723 bool: True on successful operation, or raises an OSError on failure. 2724 """ 2725 return check_return(libsyd.syd_net_sendfd_add(action.value, addr)) 2726 2727 2728def net_sendfd_del(action: Action, addr: bytes) -> bool: 2729 """ 2730 Removes the first instance from the end of the given actionlist of 2731 net/sendfd sandboxing. 2732 2733 # Parameters 2734 - addr (bytes): Address pattern 2735 2736 # Returns 2737 bool: True on successful operation, or raises an OSError on failure. 2738 """ 2739 return check_return(libsyd.syd_net_sendfd_del(action.value, addr)) 2740 2741 2742def net_sendfd_rem(action: Action, addr: bytes) -> bool: 2743 """ 2744 Removes all matching patterns from the given actionlist of net/sendfd 2745 sandboxing. 2746 2747 # Parameters 2748 - addr (bytes): Address pattern 2749 2750 # Returns 2751 bool: True on successful operation, or raises an OSError on failure. 2752 """ 2753 return check_return(libsyd.syd_net_sendfd_rem(action.value, addr)) 2754 2755 2756def net_link_add(action: Action, addr: bytes) -> bool: 2757 """ 2758 Adds to the given actionlist of net_link sandboxing. 2759 2760 # Parameters 2761 - action (Action): Sandbox action 2762 - addr (bytes): Address pattern 2763 2764 # Returns 2765 bool: True on successful operation, or raises an OSError on failure. 2766 """ 2767 return check_return(libsyd.syd_net_link_add(action.value, addr)) 2768 2769 2770def net_link_del(action: Action, addr: bytes) -> bool: 2771 """ 2772 Removes the first instance from the end of the given actionlist of 2773 net/link sandboxing. 2774 2775 # Parameters 2776 - addr (bytes): Address pattern 2777 2778 # Returns 2779 bool: True on successful operation, or raises an OSError on failure. 2780 """ 2781 return check_return(libsyd.syd_net_link_del(action.value, addr)) 2782 2783 2784def net_link_rem(action: Action, addr: bytes) -> bool: 2785 """ 2786 Removes all matching patterns from the given actionlist of net/link 2787 sandboxing. 2788 2789 # Parameters 2790 - addr (bytes): Address pattern 2791 2792 # Returns 2793 bool: True on successful operation, or raises an OSError on failure. 2794 """ 2795 return check_return(libsyd.syd_net_link_rem(action.value, addr)) 2796 2797 2798def force_add(path: bytes, hash: str, action: Action) -> bool: 2799 """ 2800 Adds an entry to the Integrity Force map for Force Sandboxing. 2801 2802 # Parameters 2803 - path (bytes): Fully-qualified file name. 2804 - hash (str): Hexadecimal encoded checksum: 2805 - 32-characters: MD5 2806 - 40-characters: SHA1 2807 - 64-characters: SHA3-256 2808 - 96-characters: SHA3-384 2809 - 128-characters: SHA3-512 2810 - action (Action): The action to take on checksum mismatch. 2811 2812 # Returns 2813 bool: True on successful operation, or raises an OSError on failure. 2814 """ 2815 return check_return(libsyd.syd_force_add(path, hash.encode("utf-8"), action.value)) 2816 2817 2818def force_del(path: bytes) -> bool: 2819 """ 2820 Removes an entry from the Integrity Force map for Force Sandboxing. 2821 2822 # Parameters 2823 - path (bytes): Fully-qualified file name. 2824 2825 # Returns 2826 bool: True on successful operation, or raises an OSError on failure. 2827 """ 2828 return check_return(libsyd.syd_force_del(path)) 2829 2830 2831def force_clr() -> bool: 2832 """ 2833 Clears the Integrity Force map for Force Sandboxing. 2834 2835 # Returns 2836 bool: True on successful operation, or raises an OSError on failure. 2837 """ 2838 return check_return(libsyd.syd_force_clr()) 2839 2840 2841def mem_max(size: Union[int, str, bytes]) -> bool: 2842 """ 2843 Set syd maximum per-process memory usage limit for memory sandboxing, 2844 parse-size crate is used to parse the value so formatted strings are OK. 2845 2846 # Parameters 2847 - size (int|str|bytes): Limit size. 2848 2849 # Returns 2850 bool: True on successful operation, or raises an OSError on failure. 2851 """ 2852 if isinstance(size, int): 2853 size = str(size) 2854 if isinstance(size, str): 2855 size = size.encode("utf-8") 2856 return check_return(libsyd.syd_mem_max(size)) 2857 2858 2859def mem_vm_max(size: Union[int, str, bytes]) -> bool: 2860 """ 2861 Set syd maximum per-process virtual memory usage limit for memory sandboxing, 2862 parse-size crate is used to parse the value so formatted strings are OK. 2863 2864 # Parameters 2865 - size (int|str|bytes): Limit size. 2866 2867 # Returns 2868 bool: True on successful operation, or raises an OSError on failure. 2869 """ 2870 if isinstance(size, int): 2871 size = str(size) 2872 if isinstance(size, str): 2873 size = size.encode("utf-8") 2874 return check_return(libsyd.syd_mem_vm_max(size)) 2875 2876 2877def pid_max(size: int) -> bool: 2878 """ 2879 Set syd maximum process id limit for PID sandboxing 2880 2881 # Parameters 2882 - size (int): Limit size, must be greater than or equal to zero. 2883 2884 # Returns 2885 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2886 """ 2887 if size < 0: 2888 raise ValueError("Invalid limit size") 2889 return check_return(libsyd.syd_pid_max(size)) 2890 2891 2892def segvguard_expiry(timeout: int) -> bool: 2893 """ 2894 Specify SegvGuard expiry timeout in seconds, must be greater than or equal to zero. 2895 Setting this timeout to 0 effectively disables SegvGuard. 2896 2897 # Parameters 2898 - timeout (int): Expiry timeout in seconds, must be greater than or equal to zero. 2899 2900 # Returns 2901 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2902 """ 2903 if timeout < 0: 2904 raise ValueError("Invalid timeout") 2905 return check_return(libsyd.syd_segvguard_expiry(timeout)) 2906 2907 2908def segvguard_suspension(timeout: int) -> bool: 2909 """ 2910 Specify SegvGuard entry suspension timeout in seconds. 2911 2912 # Parameters 2913 - timeout (int): Suspension timeout in seconds, must be greater than or equal to zero. 2914 2915 # Returns 2916 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2917 """ 2918 if timeout < 0: 2919 raise ValueError("Invalid timeout") 2920 return check_return(libsyd.syd_segvguard_suspension(timeout)) 2921 2922 2923def segvguard_maxcrashes(limit: int) -> bool: 2924 """ 2925 Specify SegvGuard max number of crashes before suspension. 2926 2927 # Parameters 2928 - limit (int): Limit, must be greater than or equal to zero. 2929 2930 # Returns 2931 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2932 """ 2933 if limit < 0: 2934 raise ValueError("Invalid maxcrashes limit") 2935 return check_return(libsyd.syd_segvguard_maxcrashes(limit)) 2936 2937 2938### 2939# Ctypes Function Definitions 2940### 2941libsyd.syd_api.restype = ctypes.c_int 2942libsyd.syd_check.restype = ctypes.c_int 2943libsyd.syd_panic.restype = ctypes.c_int 2944libsyd.syd_reset.restype = ctypes.c_int 2945 2946libsyd.syd_load.restype = ctypes.c_int 2947libsyd.syd_load.argtypes = [ctypes.c_int] 2948 2949libsyd.syd_lock.restype = ctypes.c_int 2950libsyd.syd_lock.argtypes = [ctypes.c_uint] 2951 2952libsyd.syd_exec.argtypes = [ctypes.c_char_p, ctypes.POINTER(ctypes.c_char_p)] 2953libsyd.syd_exec.restype = ctypes.c_int 2954 2955libsyd.syd_enable_stat.restype = ctypes.c_int 2956libsyd.syd_disable_stat.restype = ctypes.c_int 2957libsyd.syd_enabled_stat.restype = ctypes.c_bool 2958 2959libsyd.syd_enable_read.restype = ctypes.c_int 2960libsyd.syd_disable_read.restype = ctypes.c_int 2961libsyd.syd_enabled_read.restype = ctypes.c_bool 2962 2963libsyd.syd_enable_write.restype = ctypes.c_int 2964libsyd.syd_disable_write.restype = ctypes.c_int 2965libsyd.syd_enabled_write.restype = ctypes.c_bool 2966 2967libsyd.syd_enable_exec.restype = ctypes.c_int 2968libsyd.syd_disable_exec.restype = ctypes.c_int 2969libsyd.syd_enabled_exec.restype = ctypes.c_bool 2970 2971libsyd.syd_enable_ioctl.restype = ctypes.c_int 2972libsyd.syd_disable_ioctl.restype = ctypes.c_int 2973libsyd.syd_enabled_ioctl.restype = ctypes.c_bool 2974 2975libsyd.syd_enable_create.restype = ctypes.c_int 2976libsyd.syd_disable_create.restype = ctypes.c_int 2977libsyd.syd_enabled_create.restype = ctypes.c_bool 2978 2979libsyd.syd_enable_delete.restype = ctypes.c_int 2980libsyd.syd_disable_delete.restype = ctypes.c_int 2981libsyd.syd_enabled_delete.restype = ctypes.c_bool 2982 2983libsyd.syd_enable_rename.restype = ctypes.c_int 2984libsyd.syd_disable_rename.restype = ctypes.c_int 2985libsyd.syd_enabled_rename.restype = ctypes.c_bool 2986 2987libsyd.syd_enable_symlink.restype = ctypes.c_int 2988libsyd.syd_disable_symlink.restype = ctypes.c_int 2989libsyd.syd_enabled_symlink.restype = ctypes.c_bool 2990 2991libsyd.syd_enable_truncate.restype = ctypes.c_int 2992libsyd.syd_disable_truncate.restype = ctypes.c_int 2993libsyd.syd_enabled_truncate.restype = ctypes.c_bool 2994 2995libsyd.syd_enable_chdir.restype = ctypes.c_int 2996libsyd.syd_disable_chdir.restype = ctypes.c_int 2997libsyd.syd_enabled_chdir.restype = ctypes.c_bool 2998 2999libsyd.syd_enable_readdir.restype = ctypes.c_int 3000libsyd.syd_disable_readdir.restype = ctypes.c_int 3001libsyd.syd_enabled_readdir.restype = ctypes.c_bool 3002 3003libsyd.syd_enable_mkdir.restype = ctypes.c_int 3004libsyd.syd_disable_mkdir.restype = ctypes.c_int 3005libsyd.syd_enabled_mkdir.restype = ctypes.c_bool 3006 3007libsyd.syd_enable_rmdir.restype = ctypes.c_int 3008libsyd.syd_disable_rmdir.restype = ctypes.c_int 3009libsyd.syd_enabled_rmdir.restype = ctypes.c_bool 3010 3011libsyd.syd_enable_chown.restype = ctypes.c_int 3012libsyd.syd_disable_chown.restype = ctypes.c_int 3013libsyd.syd_enabled_chown.restype = ctypes.c_bool 3014 3015libsyd.syd_enable_chgrp.restype = ctypes.c_int 3016libsyd.syd_disable_chgrp.restype = ctypes.c_int 3017libsyd.syd_enabled_chgrp.restype = ctypes.c_bool 3018 3019libsyd.syd_enable_chmod.restype = ctypes.c_int 3020libsyd.syd_disable_chmod.restype = ctypes.c_int 3021libsyd.syd_enabled_chmod.restype = ctypes.c_bool 3022 3023libsyd.syd_enable_chattr.restype = ctypes.c_int 3024libsyd.syd_disable_chattr.restype = ctypes.c_int 3025libsyd.syd_enabled_chattr.restype = ctypes.c_bool 3026 3027libsyd.syd_enable_chroot.restype = ctypes.c_int 3028libsyd.syd_disable_chroot.restype = ctypes.c_int 3029libsyd.syd_enabled_chroot.restype = ctypes.c_bool 3030 3031libsyd.syd_enable_utime.restype = ctypes.c_int 3032libsyd.syd_disable_utime.restype = ctypes.c_int 3033libsyd.syd_enabled_utime.restype = ctypes.c_bool 3034 3035libsyd.syd_enable_mkdev.restype = ctypes.c_int 3036libsyd.syd_disable_mkdev.restype = ctypes.c_int 3037libsyd.syd_enabled_mkdev.restype = ctypes.c_bool 3038 3039libsyd.syd_enable_mkfifo.restype = ctypes.c_int 3040libsyd.syd_disable_mkfifo.restype = ctypes.c_int 3041libsyd.syd_enabled_mkfifo.restype = ctypes.c_bool 3042 3043libsyd.syd_enable_mktemp.restype = ctypes.c_int 3044libsyd.syd_disable_mktemp.restype = ctypes.c_int 3045libsyd.syd_enabled_mktemp.restype = ctypes.c_bool 3046 3047libsyd.syd_enable_net.restype = ctypes.c_int 3048libsyd.syd_disable_net.restype = ctypes.c_int 3049libsyd.syd_enabled_net.restype = ctypes.c_bool 3050 3051libsyd.syd_enabled_lock.restype = ctypes.c_bool 3052libsyd.syd_enabled_crypt.restype = ctypes.c_bool 3053libsyd.syd_enabled_proxy.restype = ctypes.c_bool 3054 3055libsyd.syd_enable_mem.restype = ctypes.c_int 3056libsyd.syd_disable_mem.restype = ctypes.c_int 3057libsyd.syd_enabled_mem.restype = ctypes.c_bool 3058 3059libsyd.syd_enable_pid.restype = ctypes.c_int 3060libsyd.syd_disable_pid.restype = ctypes.c_int 3061libsyd.syd_enabled_pid.restype = ctypes.c_bool 3062 3063libsyd.syd_enable_force.restype = ctypes.c_int 3064libsyd.syd_disable_force.restype = ctypes.c_int 3065libsyd.syd_enabled_force.restype = ctypes.c_bool 3066 3067libsyd.syd_enable_tpe.restype = ctypes.c_int 3068libsyd.syd_disable_tpe.restype = ctypes.c_int 3069libsyd.syd_enabled_tpe.restype = ctypes.c_bool 3070 3071libsyd.syd_default_stat.argtypes = [ctypes.c_uint] 3072libsyd.syd_default_stat.restype = ctypes.c_int 3073 3074libsyd.syd_default_read.argtypes = [ctypes.c_uint] 3075libsyd.syd_default_read.restype = ctypes.c_int 3076 3077libsyd.syd_default_write.argtypes = [ctypes.c_uint] 3078libsyd.syd_default_write.restype = ctypes.c_int 3079 3080libsyd.syd_default_exec.argtypes = [ctypes.c_uint] 3081libsyd.syd_default_exec.restype = ctypes.c_int 3082 3083libsyd.syd_default_ioctl.argtypes = [ctypes.c_uint] 3084libsyd.syd_default_ioctl.restype = ctypes.c_int 3085 3086libsyd.syd_default_create.argtypes = [ctypes.c_uint] 3087libsyd.syd_default_create.restype = ctypes.c_int 3088 3089libsyd.syd_default_delete.argtypes = [ctypes.c_uint] 3090libsyd.syd_default_delete.restype = ctypes.c_int 3091 3092libsyd.syd_default_rename.argtypes = [ctypes.c_uint] 3093libsyd.syd_default_rename.restype = ctypes.c_int 3094 3095libsyd.syd_default_symlink.argtypes = [ctypes.c_uint] 3096libsyd.syd_default_symlink.restype = ctypes.c_int 3097 3098libsyd.syd_default_truncate.argtypes = [ctypes.c_uint] 3099libsyd.syd_default_truncate.restype = ctypes.c_int 3100 3101libsyd.syd_default_chdir.argtypes = [ctypes.c_uint] 3102libsyd.syd_default_chdir.restype = ctypes.c_int 3103 3104libsyd.syd_default_readdir.argtypes = [ctypes.c_uint] 3105libsyd.syd_default_readdir.restype = ctypes.c_int 3106 3107libsyd.syd_default_mkdir.argtypes = [ctypes.c_uint] 3108libsyd.syd_default_mkdir.restype = ctypes.c_int 3109 3110libsyd.syd_default_rmdir.argtypes = [ctypes.c_uint] 3111libsyd.syd_default_rmdir.restype = ctypes.c_int 3112 3113libsyd.syd_default_chown.argtypes = [ctypes.c_uint] 3114libsyd.syd_default_chown.restype = ctypes.c_int 3115 3116libsyd.syd_default_chgrp.argtypes = [ctypes.c_uint] 3117libsyd.syd_default_chgrp.restype = ctypes.c_int 3118 3119libsyd.syd_default_chmod.argtypes = [ctypes.c_uint] 3120libsyd.syd_default_chmod.restype = ctypes.c_int 3121 3122libsyd.syd_default_chattr.argtypes = [ctypes.c_uint] 3123libsyd.syd_default_chattr.restype = ctypes.c_int 3124 3125libsyd.syd_default_chroot.argtypes = [ctypes.c_uint] 3126libsyd.syd_default_chroot.restype = ctypes.c_int 3127 3128libsyd.syd_default_utime.argtypes = [ctypes.c_uint] 3129libsyd.syd_default_utime.restype = ctypes.c_int 3130 3131libsyd.syd_default_mkdev.argtypes = [ctypes.c_uint] 3132libsyd.syd_default_mkdev.restype = ctypes.c_int 3133 3134libsyd.syd_default_mkfifo.argtypes = [ctypes.c_uint] 3135libsyd.syd_default_mkfifo.restype = ctypes.c_int 3136 3137libsyd.syd_default_mktemp.argtypes = [ctypes.c_uint] 3138libsyd.syd_default_mktemp.restype = ctypes.c_int 3139 3140libsyd.syd_default_net.argtypes = [ctypes.c_uint] 3141libsyd.syd_default_net.restype = ctypes.c_int 3142 3143libsyd.syd_default_block.argtypes = [ctypes.c_uint] 3144libsyd.syd_default_block.restype = ctypes.c_int 3145 3146libsyd.syd_default_mem.argtypes = [ctypes.c_uint] 3147libsyd.syd_default_mem.restype = ctypes.c_int 3148 3149libsyd.syd_default_pid.argtypes = [ctypes.c_uint] 3150libsyd.syd_default_pid.restype = ctypes.c_int 3151 3152libsyd.syd_default_force.argtypes = [ctypes.c_uint] 3153libsyd.syd_default_force.restype = ctypes.c_int 3154 3155libsyd.syd_default_segvguard.argtypes = [ctypes.c_uint] 3156libsyd.syd_default_segvguard.restype = ctypes.c_int 3157 3158libsyd.syd_default_tpe.argtypes = [ctypes.c_uint] 3159libsyd.syd_default_tpe.restype = ctypes.c_int 3160 3161libsyd.syd_ioctl_deny.argtypes = [ctypes.c_uint64] 3162libsyd.syd_ioctl_deny.restype = ctypes.c_int 3163 3164libsyd.syd_stat_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3165libsyd.syd_stat_add.restype = ctypes.c_int 3166libsyd.syd_stat_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3167libsyd.syd_stat_del.restype = ctypes.c_int 3168libsyd.syd_stat_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3169libsyd.syd_stat_rem.restype = ctypes.c_int 3170 3171libsyd.syd_read_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3172libsyd.syd_read_add.restype = ctypes.c_int 3173libsyd.syd_read_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3174libsyd.syd_read_del.restype = ctypes.c_int 3175libsyd.syd_read_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3176libsyd.syd_read_rem.restype = ctypes.c_int 3177 3178libsyd.syd_write_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3179libsyd.syd_write_add.restype = ctypes.c_int 3180libsyd.syd_write_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3181libsyd.syd_write_del.restype = ctypes.c_int 3182libsyd.syd_write_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3183libsyd.syd_write_rem.restype = ctypes.c_int 3184 3185libsyd.syd_exec_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3186libsyd.syd_exec_add.restype = ctypes.c_int 3187libsyd.syd_exec_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3188libsyd.syd_exec_del.restype = ctypes.c_int 3189libsyd.syd_exec_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3190libsyd.syd_exec_rem.restype = ctypes.c_int 3191 3192libsyd.syd_ioctl_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3193libsyd.syd_ioctl_add.restype = ctypes.c_int 3194libsyd.syd_ioctl_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3195libsyd.syd_ioctl_del.restype = ctypes.c_int 3196libsyd.syd_ioctl_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3197libsyd.syd_ioctl_rem.restype = ctypes.c_int 3198 3199libsyd.syd_create_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3200libsyd.syd_create_add.restype = ctypes.c_int 3201libsyd.syd_create_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3202libsyd.syd_create_del.restype = ctypes.c_int 3203libsyd.syd_create_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3204libsyd.syd_create_rem.restype = ctypes.c_int 3205 3206libsyd.syd_delete_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3207libsyd.syd_delete_add.restype = ctypes.c_int 3208libsyd.syd_delete_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3209libsyd.syd_delete_del.restype = ctypes.c_int 3210libsyd.syd_delete_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3211libsyd.syd_delete_rem.restype = ctypes.c_int 3212 3213libsyd.syd_rename_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3214libsyd.syd_rename_add.restype = ctypes.c_int 3215libsyd.syd_rename_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3216libsyd.syd_rename_del.restype = ctypes.c_int 3217libsyd.syd_rename_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3218libsyd.syd_rename_rem.restype = ctypes.c_int 3219 3220libsyd.syd_symlink_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3221libsyd.syd_symlink_add.restype = ctypes.c_int 3222libsyd.syd_symlink_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3223libsyd.syd_symlink_del.restype = ctypes.c_int 3224libsyd.syd_symlink_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3225libsyd.syd_symlink_rem.restype = ctypes.c_int 3226 3227libsyd.syd_truncate_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3228libsyd.syd_truncate_add.restype = ctypes.c_int 3229libsyd.syd_truncate_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3230libsyd.syd_truncate_del.restype = ctypes.c_int 3231libsyd.syd_truncate_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3232libsyd.syd_truncate_rem.restype = ctypes.c_int 3233 3234libsyd.syd_chdir_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3235libsyd.syd_chdir_add.restype = ctypes.c_int 3236libsyd.syd_chdir_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3237libsyd.syd_chdir_del.restype = ctypes.c_int 3238libsyd.syd_chdir_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3239libsyd.syd_chdir_rem.restype = ctypes.c_int 3240 3241libsyd.syd_readdir_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3242libsyd.syd_readdir_add.restype = ctypes.c_int 3243libsyd.syd_readdir_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3244libsyd.syd_readdir_del.restype = ctypes.c_int 3245libsyd.syd_readdir_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3246libsyd.syd_readdir_rem.restype = ctypes.c_int 3247 3248libsyd.syd_mkdir_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3249libsyd.syd_mkdir_add.restype = ctypes.c_int 3250libsyd.syd_mkdir_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3251libsyd.syd_mkdir_del.restype = ctypes.c_int 3252libsyd.syd_mkdir_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3253libsyd.syd_mkdir_rem.restype = ctypes.c_int 3254 3255libsyd.syd_rmdir_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3256libsyd.syd_rmdir_add.restype = ctypes.c_int 3257libsyd.syd_rmdir_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3258libsyd.syd_rmdir_del.restype = ctypes.c_int 3259libsyd.syd_rmdir_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3260libsyd.syd_rmdir_rem.restype = ctypes.c_int 3261 3262libsyd.syd_chown_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3263libsyd.syd_chown_add.restype = ctypes.c_int 3264libsyd.syd_chown_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3265libsyd.syd_chown_del.restype = ctypes.c_int 3266libsyd.syd_chown_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3267libsyd.syd_chown_rem.restype = ctypes.c_int 3268 3269libsyd.syd_chgrp_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3270libsyd.syd_chgrp_add.restype = ctypes.c_int 3271libsyd.syd_chgrp_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3272libsyd.syd_chgrp_del.restype = ctypes.c_int 3273libsyd.syd_chgrp_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3274libsyd.syd_chgrp_rem.restype = ctypes.c_int 3275 3276libsyd.syd_chmod_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3277libsyd.syd_chmod_add.restype = ctypes.c_int 3278libsyd.syd_chmod_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3279libsyd.syd_chmod_del.restype = ctypes.c_int 3280libsyd.syd_chmod_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3281libsyd.syd_chmod_rem.restype = ctypes.c_int 3282 3283libsyd.syd_chattr_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3284libsyd.syd_chattr_add.restype = ctypes.c_int 3285libsyd.syd_chattr_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3286libsyd.syd_chattr_del.restype = ctypes.c_int 3287libsyd.syd_chattr_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3288libsyd.syd_chattr_rem.restype = ctypes.c_int 3289 3290libsyd.syd_chroot_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3291libsyd.syd_chroot_add.restype = ctypes.c_int 3292libsyd.syd_chroot_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3293libsyd.syd_chroot_del.restype = ctypes.c_int 3294libsyd.syd_chroot_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3295libsyd.syd_chroot_rem.restype = ctypes.c_int 3296 3297libsyd.syd_utime_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3298libsyd.syd_utime_add.restype = ctypes.c_int 3299libsyd.syd_utime_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3300libsyd.syd_utime_del.restype = ctypes.c_int 3301libsyd.syd_utime_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3302libsyd.syd_utime_rem.restype = ctypes.c_int 3303 3304libsyd.syd_mkdev_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3305libsyd.syd_mkdev_add.restype = ctypes.c_int 3306libsyd.syd_mkdev_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3307libsyd.syd_mkdev_del.restype = ctypes.c_int 3308libsyd.syd_mkdev_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3309libsyd.syd_mkdev_rem.restype = ctypes.c_int 3310 3311libsyd.syd_mkfifo_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3312libsyd.syd_mkfifo_add.restype = ctypes.c_int 3313libsyd.syd_mkfifo_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3314libsyd.syd_mkfifo_del.restype = ctypes.c_int 3315libsyd.syd_mkfifo_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3316libsyd.syd_mkfifo_rem.restype = ctypes.c_int 3317 3318libsyd.syd_mktemp_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3319libsyd.syd_mktemp_add.restype = ctypes.c_int 3320libsyd.syd_mktemp_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3321libsyd.syd_mktemp_del.restype = ctypes.c_int 3322libsyd.syd_mktemp_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3323libsyd.syd_mktemp_rem.restype = ctypes.c_int 3324 3325libsyd.syd_net_bind_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3326libsyd.syd_net_bind_add.restype = ctypes.c_int 3327libsyd.syd_net_bind_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3328libsyd.syd_net_bind_del.restype = ctypes.c_int 3329libsyd.syd_net_bind_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3330libsyd.syd_net_bind_rem.restype = ctypes.c_int 3331 3332libsyd.syd_net_connect_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3333libsyd.syd_net_connect_add.restype = ctypes.c_int 3334libsyd.syd_net_connect_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3335libsyd.syd_net_connect_del.restype = ctypes.c_int 3336libsyd.syd_net_connect_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3337libsyd.syd_net_connect_rem.restype = ctypes.c_int 3338 3339libsyd.syd_net_sendfd_add.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3340libsyd.syd_net_sendfd_add.restype = ctypes.c_int 3341libsyd.syd_net_sendfd_del.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3342libsyd.syd_net_sendfd_del.restype = ctypes.c_int 3343libsyd.syd_net_sendfd_rem.argtypes = [ctypes.c_uint8, ctypes.c_char_p] 3344libsyd.syd_net_sendfd_rem.restype = ctypes.c_int 3345 3346# TODO net_link_add... 3347 3348libsyd.syd_force_add.argtypes = [ctypes.c_char_p, ctypes.c_char_p, ctypes.c_uint] 3349libsyd.syd_force_add.restype = ctypes.c_int 3350libsyd.syd_force_del.argtypes = [ctypes.c_char_p] 3351libsyd.syd_force_del.restype = ctypes.c_int 3352libsyd.syd_force_clr.argtypes = [] 3353libsyd.syd_force_clr.restype = ctypes.c_int 3354 3355libsyd.syd_mem_max.argtypes = [ctypes.c_char_p] 3356libsyd.syd_mem_max.restype = ctypes.c_int 3357libsyd.syd_mem_vm_max.argtypes = [ctypes.c_char_p] 3358libsyd.syd_mem_vm_max.restype = ctypes.c_int 3359libsyd.syd_pid_max.argtypes = [ctypes.c_size_t] 3360libsyd.syd_pid_max.restype = ctypes.c_int 3361 3362libsyd.syd_segvguard_expiry.argtypes = [ctypes.c_uint64] 3363libsyd.syd_segvguard_expiry.restype = ctypes.c_int 3364libsyd.syd_segvguard_suspension.argtypes = [ctypes.c_uint64] 3365libsyd.syd_segvguard_suspension.restype = ctypes.c_int 3366libsyd.syd_segvguard_maxcrashes.argtypes = [ctypes.c_uint8] 3367libsyd.syd_segvguard_maxcrashes.restype = ctypes.c_int 3368 3369if __name__ == "__main__": 3370 3371 class test(unittest.TestCase): 3372 @classmethod 3373 def setUpClass(cls): 3374 # Global precheck with syd_check() 3375 try: 3376 check() 3377 except OSError: 3378 raise unittest.SkipTest("check() raised OsError, skipping tests.") 3379 3380 @staticmethod 3381 def find(rules, pattern): 3382 for idx, rule in enumerate(reversed(rules)): 3383 if pattern == rule: 3384 return len(rules) - 1 - idx 3385 return None 3386 3387 # This must be the first test! 3388 def test_01_api(self): 3389 self.assertEqual(api(), 3) 3390 3391 def test_02_stat(self): 3392 state = enabled_force() 3393 self.assertTrue(enable_force()) 3394 self.assertTrue(enabled_force()) 3395 self.assertTrue(disable_force()) 3396 self.assertFalse(enabled_force()) 3397 if state: 3398 enable_force() 3399 else: 3400 disable_force() 3401 3402 state = enabled_stat() 3403 self.assertTrue(enable_stat()) 3404 self.assertTrue(enabled_stat()) 3405 self.assertTrue(disable_stat()) 3406 self.assertFalse(enabled_stat()) 3407 if state: 3408 enable_stat() 3409 else: 3410 disable_stat() 3411 3412 state = enabled_read() 3413 self.assertTrue(enable_read()) 3414 self.assertTrue(enabled_read()) 3415 self.assertTrue(disable_read()) 3416 self.assertFalse(enabled_read()) 3417 if state: 3418 enable_read() 3419 else: 3420 disable_read() 3421 3422 state = enabled_write() 3423 self.assertTrue(enable_write()) 3424 self.assertTrue(enabled_write()) 3425 self.assertTrue(disable_write()) 3426 self.assertFalse(enabled_write()) 3427 if state: 3428 enable_write() 3429 else: 3430 disable_write() 3431 3432 state = enabled_exec() 3433 self.assertTrue(enable_exec()) 3434 self.assertTrue(enabled_exec()) 3435 self.assertTrue(disable_exec()) 3436 self.assertFalse(enabled_exec()) 3437 if state: 3438 enable_exec() 3439 else: 3440 disable_exec() 3441 3442 state = enabled_ioctl() 3443 self.assertTrue(enable_ioctl()) 3444 self.assertTrue(enabled_ioctl()) 3445 self.assertTrue(disable_ioctl()) 3446 self.assertFalse(enabled_ioctl()) 3447 if state: 3448 enable_ioctl() 3449 else: 3450 disable_ioctl() 3451 3452 state = enabled_create() 3453 self.assertTrue(enable_create()) 3454 self.assertTrue(enabled_create()) 3455 self.assertTrue(disable_create()) 3456 self.assertFalse(enabled_create()) 3457 if state: 3458 enable_create() 3459 else: 3460 disable_create() 3461 3462 state = enabled_delete() 3463 self.assertTrue(enable_delete()) 3464 self.assertTrue(enabled_delete()) 3465 self.assertTrue(disable_delete()) 3466 self.assertFalse(enabled_delete()) 3467 if state: 3468 enable_delete() 3469 else: 3470 disable_delete() 3471 3472 state = enabled_rename() 3473 self.assertTrue(enable_rename()) 3474 self.assertTrue(enabled_rename()) 3475 self.assertTrue(disable_rename()) 3476 self.assertFalse(enabled_rename()) 3477 if state: 3478 enable_rename() 3479 else: 3480 disable_rename() 3481 3482 state = enabled_symlink() 3483 self.assertTrue(enable_symlink()) 3484 self.assertTrue(enabled_symlink()) 3485 self.assertTrue(disable_symlink()) 3486 self.assertFalse(enabled_symlink()) 3487 if state: 3488 enable_symlink() 3489 else: 3490 disable_symlink() 3491 3492 state = enabled_truncate() 3493 self.assertTrue(enable_truncate()) 3494 self.assertTrue(enabled_truncate()) 3495 self.assertTrue(disable_truncate()) 3496 self.assertFalse(enabled_truncate()) 3497 if state: 3498 enable_truncate() 3499 else: 3500 disable_truncate() 3501 3502 state = enabled_chdir() 3503 self.assertTrue(enable_chdir()) 3504 self.assertTrue(enabled_chdir()) 3505 self.assertTrue(disable_chdir()) 3506 self.assertFalse(enabled_chdir()) 3507 if state: 3508 enable_chdir() 3509 else: 3510 disable_chdir() 3511 3512 state = enabled_readdir() 3513 self.assertTrue(enable_readdir()) 3514 self.assertTrue(enabled_readdir()) 3515 self.assertTrue(disable_readdir()) 3516 self.assertFalse(enabled_readdir()) 3517 if state: 3518 enable_readdir() 3519 else: 3520 disable_readdir() 3521 3522 state = enabled_mkdir() 3523 self.assertTrue(enable_mkdir()) 3524 self.assertTrue(enabled_mkdir()) 3525 self.assertTrue(disable_mkdir()) 3526 self.assertFalse(enabled_mkdir()) 3527 if state: 3528 enable_mkdir() 3529 else: 3530 disable_mkdir() 3531 3532 state = enabled_rmdir() 3533 self.assertTrue(enable_rmdir()) 3534 self.assertTrue(enabled_rmdir()) 3535 self.assertTrue(disable_rmdir()) 3536 self.assertFalse(enabled_rmdir()) 3537 if state: 3538 enable_rmdir() 3539 else: 3540 disable_rmdir() 3541 3542 state = enabled_chown() 3543 self.assertTrue(enable_chown()) 3544 self.assertTrue(enabled_chown()) 3545 self.assertTrue(disable_chown()) 3546 self.assertFalse(enabled_chown()) 3547 if state: 3548 enable_chown() 3549 else: 3550 disable_chown() 3551 3552 state = enabled_chgrp() 3553 self.assertTrue(enable_chgrp()) 3554 self.assertTrue(enabled_chgrp()) 3555 self.assertTrue(disable_chgrp()) 3556 self.assertFalse(enabled_chgrp()) 3557 if state: 3558 enable_chgrp() 3559 else: 3560 disable_chgrp() 3561 3562 state = enabled_chmod() 3563 self.assertTrue(enable_chmod()) 3564 self.assertTrue(enabled_chmod()) 3565 self.assertTrue(disable_chmod()) 3566 self.assertFalse(enabled_chmod()) 3567 if state: 3568 enable_chmod() 3569 else: 3570 disable_chmod() 3571 3572 state = enabled_chattr() 3573 self.assertTrue(enable_chattr()) 3574 self.assertTrue(enabled_chattr()) 3575 self.assertTrue(disable_chattr()) 3576 self.assertFalse(enabled_chattr()) 3577 if state: 3578 enable_chattr() 3579 else: 3580 disable_chattr() 3581 3582 # Chroot is startup only since 3.32.4 3583 # state = enabled_chroot() 3584 # self.assertTrue(enable_chroot()) 3585 # self.assertTrue(enabled_chroot()) 3586 # self.assertTrue(disable_chroot()) 3587 # self.assertFalse(enabled_chroot()) 3588 # if state: 3589 # enable_chroot() 3590 # else: 3591 # disable_chroot() 3592 3593 state = enabled_utime() 3594 self.assertTrue(enable_utime()) 3595 self.assertTrue(enabled_utime()) 3596 self.assertTrue(disable_utime()) 3597 self.assertFalse(enabled_utime()) 3598 if state: 3599 enable_utime() 3600 else: 3601 disable_utime() 3602 3603 state = enabled_mkdev() 3604 self.assertTrue(enable_mkdev()) 3605 self.assertTrue(enabled_mkdev()) 3606 self.assertTrue(disable_mkdev()) 3607 self.assertFalse(enabled_mkdev()) 3608 if state: 3609 enable_mkdev() 3610 else: 3611 disable_mkdev() 3612 3613 state = enabled_mkfifo() 3614 self.assertTrue(enable_mkfifo()) 3615 self.assertTrue(enabled_mkfifo()) 3616 self.assertTrue(disable_mkfifo()) 3617 self.assertFalse(enabled_mkfifo()) 3618 if state: 3619 enable_mkfifo() 3620 else: 3621 disable_mkfifo() 3622 3623 state = enabled_mktemp() 3624 self.assertTrue(enable_mktemp()) 3625 self.assertTrue(enabled_mktemp()) 3626 self.assertTrue(disable_mktemp()) 3627 self.assertFalse(enabled_mktemp()) 3628 if state: 3629 enable_mktemp() 3630 else: 3631 disable_mktemp() 3632 3633 state = enabled_net() 3634 self.assertTrue(enable_net()) 3635 self.assertTrue(enabled_net()) 3636 self.assertTrue(disable_net()) 3637 self.assertFalse(enabled_net()) 3638 if state: 3639 enable_net() 3640 else: 3641 disable_net() 3642 3643 state = enabled_mem() 3644 self.assertTrue(enable_mem()) 3645 self.assertTrue(enabled_mem()) 3646 self.assertTrue(disable_mem()) 3647 self.assertFalse(enabled_mem()) 3648 if state: 3649 enable_mem() 3650 else: 3651 disable_mem() 3652 3653 state = enabled_pid() 3654 self.assertTrue(enable_pid()) 3655 self.assertTrue(enabled_pid()) 3656 self.assertTrue(disable_pid()) 3657 self.assertFalse(enabled_pid()) 3658 if state: 3659 enable_pid() 3660 else: 3661 disable_pid() 3662 3663 state = enabled_force() 3664 self.assertTrue(enable_force()) 3665 self.assertTrue(enabled_force()) 3666 self.assertTrue(disable_force()) 3667 self.assertFalse(enabled_force()) 3668 if state: 3669 enable_force() 3670 else: 3671 disable_force() 3672 3673 state = enabled_tpe() 3674 self.assertTrue(enable_tpe()) 3675 self.assertTrue(enabled_tpe()) 3676 self.assertTrue(disable_tpe()) 3677 self.assertFalse(enabled_tpe()) 3678 if state: 3679 enable_tpe() 3680 else: 3681 disable_tpe() 3682 3683 mem_max_orig = str(info()["mem_max"]).encode("utf-8") 3684 mem_vm_max_orig = str(info()["mem_vm_max"]).encode("utf-8") 3685 pid_max_orig = info()["pid_max"] 3686 3687 self.assertTrue(mem_max("1G".encode("utf-8"))) 3688 self.assertEqual(info()["mem_max"], 1024 * 1024 * 1024) 3689 self.assertTrue(mem_max("10G".encode("utf-8"))) 3690 self.assertEqual(info()["mem_max"], 10 * 1024 * 1024 * 1024) 3691 mem_max(mem_max_orig) 3692 3693 self.assertTrue(mem_vm_max("1G".encode("utf-8"))) 3694 self.assertEqual(info()["mem_vm_max"], 1024 * 1024 * 1024) 3695 self.assertTrue(mem_vm_max("10G".encode("utf-8"))) 3696 self.assertEqual(info()["mem_vm_max"], 10 * 1024 * 1024 * 1024) 3697 mem_vm_max(mem_vm_max_orig) 3698 3699 with self.assertRaises(ValueError): 3700 pid_max(-1) 3701 self.assertTrue(pid_max(4096)) 3702 self.assertEqual(info()["pid_max"], 4096) 3703 self.assertTrue(pid_max(8192)) 3704 self.assertEqual(info()["pid_max"], 8192) 3705 pid_max(pid_max_orig) 3706 3707 def test_03_default(self): 3708 stat_default = info()["default_stat"] 3709 self.assertEqual(stat_default, "Deny") 3710 3711 self.assertTrue(default_stat(Action.ACTION_ALLOW)) 3712 stat_default = info()["default_stat"] 3713 self.assertEqual(stat_default, "Allow") 3714 3715 self.assertTrue(default_stat(Action.ACTION_FILTER)) 3716 stat_default = info()["default_stat"] 3717 self.assertEqual(stat_default, "Filter") 3718 3719 self.assertTrue(default_stat(Action.ACTION_STOP)) 3720 stat_default = info()["default_stat"] 3721 self.assertEqual(stat_default, "Stop") 3722 3723 self.assertTrue(default_stat(Action.ACTION_ABORT)) 3724 stat_default = info()["default_stat"] 3725 self.assertEqual(stat_default, "Abort") 3726 3727 self.assertTrue(default_stat(Action.ACTION_KILL)) 3728 stat_default = info()["default_stat"] 3729 self.assertEqual(stat_default, "Kill") 3730 3731 self.assertTrue(default_stat(Action.ACTION_EXIT)) 3732 stat_default = info()["default_stat"] 3733 self.assertEqual(stat_default, "Exit") 3734 3735 # Ensure we reset to Deny last, so other tests are uneffected. 3736 self.assertTrue(default_stat(Action.ACTION_DENY)) 3737 stat_default = info()["default_stat"] 3738 self.assertEqual(stat_default, "Deny") 3739 3740 read_default = info()["default_read"] 3741 self.assertEqual(read_default, "Deny") 3742 3743 self.assertTrue(default_read(Action.ACTION_ALLOW)) 3744 read_default = info()["default_read"] 3745 self.assertEqual(read_default, "Allow") 3746 3747 self.assertTrue(default_read(Action.ACTION_FILTER)) 3748 read_default = info()["default_read"] 3749 self.assertEqual(read_default, "Filter") 3750 3751 self.assertTrue(default_read(Action.ACTION_STOP)) 3752 read_default = info()["default_read"] 3753 self.assertEqual(read_default, "Stop") 3754 3755 self.assertTrue(default_read(Action.ACTION_ABORT)) 3756 read_default = info()["default_read"] 3757 self.assertEqual(read_default, "Abort") 3758 3759 self.assertTrue(default_read(Action.ACTION_KILL)) 3760 read_default = info()["default_read"] 3761 self.assertEqual(read_default, "Kill") 3762 3763 self.assertTrue(default_read(Action.ACTION_EXIT)) 3764 read_default = info()["default_read"] 3765 self.assertEqual(read_default, "Exit") 3766 3767 # Ensure we reset to Deny last, so other tests are uneffected. 3768 self.assertTrue(default_read(Action.ACTION_DENY)) 3769 read_default = info()["default_read"] 3770 self.assertEqual(read_default, "Deny") 3771 3772 write_default = info()["default_write"] 3773 self.assertEqual(write_default, "Deny") 3774 3775 self.assertTrue(default_write(Action.ACTION_ALLOW)) 3776 write_default = info()["default_write"] 3777 self.assertEqual(write_default, "Allow") 3778 3779 self.assertTrue(default_write(Action.ACTION_FILTER)) 3780 write_default = info()["default_write"] 3781 self.assertEqual(write_default, "Filter") 3782 3783 self.assertTrue(default_write(Action.ACTION_STOP)) 3784 write_default = info()["default_write"] 3785 self.assertEqual(write_default, "Stop") 3786 3787 self.assertTrue(default_write(Action.ACTION_ABORT)) 3788 write_default = info()["default_write"] 3789 self.assertEqual(write_default, "Abort") 3790 3791 self.assertTrue(default_write(Action.ACTION_KILL)) 3792 write_default = info()["default_write"] 3793 self.assertEqual(write_default, "Kill") 3794 3795 self.assertTrue(default_write(Action.ACTION_EXIT)) 3796 write_default = info()["default_write"] 3797 self.assertEqual(write_default, "Exit") 3798 3799 # Ensure we reset to Deny last, so other tests are uneffected. 3800 self.assertTrue(default_write(Action.ACTION_DENY)) 3801 write_default = info()["default_write"] 3802 self.assertEqual(write_default, "Deny") 3803 3804 exec_default = info()["default_exec"] 3805 self.assertEqual(exec_default, "Deny") 3806 3807 self.assertTrue(default_exec(Action.ACTION_ALLOW)) 3808 exec_default = info()["default_exec"] 3809 self.assertEqual(exec_default, "Allow") 3810 3811 self.assertTrue(default_exec(Action.ACTION_FILTER)) 3812 exec_default = info()["default_exec"] 3813 self.assertEqual(exec_default, "Filter") 3814 3815 self.assertTrue(default_exec(Action.ACTION_STOP)) 3816 exec_default = info()["default_exec"] 3817 self.assertEqual(exec_default, "Stop") 3818 3819 self.assertTrue(default_exec(Action.ACTION_ABORT)) 3820 exec_default = info()["default_exec"] 3821 self.assertEqual(exec_default, "Abort") 3822 3823 self.assertTrue(default_exec(Action.ACTION_KILL)) 3824 exec_default = info()["default_exec"] 3825 self.assertEqual(exec_default, "Kill") 3826 3827 self.assertTrue(default_exec(Action.ACTION_EXIT)) 3828 exec_default = info()["default_exec"] 3829 self.assertEqual(exec_default, "Exit") 3830 3831 # Ensure we reset to Deny last, so other tests are uneffected. 3832 self.assertTrue(default_exec(Action.ACTION_DENY)) 3833 exec_default = info()["default_exec"] 3834 self.assertEqual(exec_default, "Deny") 3835 3836 ioctl_default = info()["default_ioctl"] 3837 self.assertEqual(ioctl_default, "Deny") 3838 3839 self.assertTrue(default_ioctl(Action.ACTION_ALLOW)) 3840 ioctl_default = info()["default_ioctl"] 3841 self.assertEqual(ioctl_default, "Allow") 3842 3843 self.assertTrue(default_ioctl(Action.ACTION_FILTER)) 3844 ioctl_default = info()["default_ioctl"] 3845 self.assertEqual(ioctl_default, "Filter") 3846 3847 self.assertTrue(default_ioctl(Action.ACTION_STOP)) 3848 ioctl_default = info()["default_ioctl"] 3849 self.assertEqual(ioctl_default, "Stop") 3850 3851 self.assertTrue(default_ioctl(Action.ACTION_ABORT)) 3852 ioctl_default = info()["default_ioctl"] 3853 self.assertEqual(ioctl_default, "Abort") 3854 3855 self.assertTrue(default_ioctl(Action.ACTION_KILL)) 3856 ioctl_default = info()["default_ioctl"] 3857 self.assertEqual(ioctl_default, "Kill") 3858 3859 self.assertTrue(default_ioctl(Action.ACTION_EXIT)) 3860 ioctl_default = info()["default_ioctl"] 3861 self.assertEqual(ioctl_default, "Exit") 3862 3863 # Ensure we reset to Deny last, so other tests are uneffected. 3864 self.assertTrue(default_ioctl(Action.ACTION_DENY)) 3865 ioctl_default = info()["default_ioctl"] 3866 self.assertEqual(ioctl_default, "Deny") 3867 3868 create_default = info()["default_create"] 3869 self.assertEqual(create_default, "Deny") 3870 3871 self.assertTrue(default_create(Action.ACTION_ALLOW)) 3872 create_default = info()["default_create"] 3873 self.assertEqual(create_default, "Allow") 3874 3875 self.assertTrue(default_create(Action.ACTION_FILTER)) 3876 create_default = info()["default_create"] 3877 self.assertEqual(create_default, "Filter") 3878 3879 self.assertTrue(default_create(Action.ACTION_STOP)) 3880 create_default = info()["default_create"] 3881 self.assertEqual(create_default, "Stop") 3882 3883 self.assertTrue(default_create(Action.ACTION_ABORT)) 3884 create_default = info()["default_create"] 3885 self.assertEqual(create_default, "Abort") 3886 3887 self.assertTrue(default_create(Action.ACTION_KILL)) 3888 create_default = info()["default_create"] 3889 self.assertEqual(create_default, "Kill") 3890 3891 self.assertTrue(default_create(Action.ACTION_EXIT)) 3892 create_default = info()["default_create"] 3893 self.assertEqual(create_default, "Exit") 3894 3895 # Ensure we reset to Deny last, so other tests are uneffected. 3896 self.assertTrue(default_create(Action.ACTION_DENY)) 3897 create_default = info()["default_create"] 3898 self.assertEqual(create_default, "Deny") 3899 3900 delete_default = info()["default_delete"] 3901 self.assertEqual(delete_default, "Deny") 3902 3903 self.assertTrue(default_delete(Action.ACTION_ALLOW)) 3904 delete_default = info()["default_delete"] 3905 self.assertEqual(delete_default, "Allow") 3906 3907 self.assertTrue(default_delete(Action.ACTION_FILTER)) 3908 delete_default = info()["default_delete"] 3909 self.assertEqual(delete_default, "Filter") 3910 3911 self.assertTrue(default_delete(Action.ACTION_STOP)) 3912 delete_default = info()["default_delete"] 3913 self.assertEqual(delete_default, "Stop") 3914 3915 self.assertTrue(default_delete(Action.ACTION_ABORT)) 3916 delete_default = info()["default_delete"] 3917 self.assertEqual(delete_default, "Abort") 3918 3919 self.assertTrue(default_delete(Action.ACTION_KILL)) 3920 delete_default = info()["default_delete"] 3921 self.assertEqual(delete_default, "Kill") 3922 3923 self.assertTrue(default_delete(Action.ACTION_EXIT)) 3924 delete_default = info()["default_delete"] 3925 self.assertEqual(delete_default, "Exit") 3926 3927 # Ensure we reset to Deny last, so other tests are uneffected. 3928 self.assertTrue(default_delete(Action.ACTION_DENY)) 3929 delete_default = info()["default_delete"] 3930 self.assertEqual(delete_default, "Deny") 3931 3932 rename_default = info()["default_rename"] 3933 self.assertEqual(rename_default, "Deny") 3934 3935 self.assertTrue(default_rename(Action.ACTION_ALLOW)) 3936 rename_default = info()["default_rename"] 3937 self.assertEqual(rename_default, "Allow") 3938 3939 self.assertTrue(default_rename(Action.ACTION_FILTER)) 3940 rename_default = info()["default_rename"] 3941 self.assertEqual(rename_default, "Filter") 3942 3943 self.assertTrue(default_rename(Action.ACTION_STOP)) 3944 rename_default = info()["default_rename"] 3945 self.assertEqual(rename_default, "Stop") 3946 3947 self.assertTrue(default_rename(Action.ACTION_ABORT)) 3948 rename_default = info()["default_rename"] 3949 self.assertEqual(rename_default, "Abort") 3950 3951 self.assertTrue(default_rename(Action.ACTION_KILL)) 3952 rename_default = info()["default_rename"] 3953 self.assertEqual(rename_default, "Kill") 3954 3955 self.assertTrue(default_rename(Action.ACTION_EXIT)) 3956 rename_default = info()["default_rename"] 3957 self.assertEqual(rename_default, "Exit") 3958 3959 # Ensure we reset to Deny last, so other tests are uneffected. 3960 self.assertTrue(default_rename(Action.ACTION_DENY)) 3961 rename_default = info()["default_rename"] 3962 self.assertEqual(rename_default, "Deny") 3963 3964 symlink_default = info()["default_symlink"] 3965 self.assertEqual(symlink_default, "Deny") 3966 3967 self.assertTrue(default_symlink(Action.ACTION_ALLOW)) 3968 symlink_default = info()["default_symlink"] 3969 self.assertEqual(symlink_default, "Allow") 3970 3971 self.assertTrue(default_symlink(Action.ACTION_FILTER)) 3972 symlink_default = info()["default_symlink"] 3973 self.assertEqual(symlink_default, "Filter") 3974 3975 self.assertTrue(default_symlink(Action.ACTION_STOP)) 3976 symlink_default = info()["default_symlink"] 3977 self.assertEqual(symlink_default, "Stop") 3978 3979 self.assertTrue(default_symlink(Action.ACTION_ABORT)) 3980 symlink_default = info()["default_symlink"] 3981 self.assertEqual(symlink_default, "Abort") 3982 3983 self.assertTrue(default_symlink(Action.ACTION_KILL)) 3984 symlink_default = info()["default_symlink"] 3985 self.assertEqual(symlink_default, "Kill") 3986 3987 self.assertTrue(default_symlink(Action.ACTION_EXIT)) 3988 symlink_default = info()["default_symlink"] 3989 self.assertEqual(symlink_default, "Exit") 3990 3991 # Ensure we reset to Deny last, so other tests are uneffected. 3992 self.assertTrue(default_symlink(Action.ACTION_DENY)) 3993 symlink_default = info()["default_symlink"] 3994 self.assertEqual(symlink_default, "Deny") 3995 3996 truncate_default = info()["default_truncate"] 3997 self.assertEqual(truncate_default, "Deny") 3998 3999 self.assertTrue(default_truncate(Action.ACTION_ALLOW)) 4000 truncate_default = info()["default_truncate"] 4001 self.assertEqual(truncate_default, "Allow") 4002 4003 self.assertTrue(default_truncate(Action.ACTION_FILTER)) 4004 truncate_default = info()["default_truncate"] 4005 self.assertEqual(truncate_default, "Filter") 4006 4007 self.assertTrue(default_truncate(Action.ACTION_STOP)) 4008 truncate_default = info()["default_truncate"] 4009 self.assertEqual(truncate_default, "Stop") 4010 4011 self.assertTrue(default_truncate(Action.ACTION_ABORT)) 4012 truncate_default = info()["default_truncate"] 4013 self.assertEqual(truncate_default, "Abort") 4014 4015 self.assertTrue(default_truncate(Action.ACTION_KILL)) 4016 truncate_default = info()["default_truncate"] 4017 self.assertEqual(truncate_default, "Kill") 4018 4019 self.assertTrue(default_truncate(Action.ACTION_EXIT)) 4020 truncate_default = info()["default_truncate"] 4021 self.assertEqual(truncate_default, "Exit") 4022 4023 # Ensure we reset to Deny last, so other tests are uneffected. 4024 self.assertTrue(default_truncate(Action.ACTION_DENY)) 4025 truncate_default = info()["default_truncate"] 4026 self.assertEqual(truncate_default, "Deny") 4027 4028 chdir_default = info()["default_chdir"] 4029 self.assertEqual(chdir_default, "Deny") 4030 4031 self.assertTrue(default_chdir(Action.ACTION_ALLOW)) 4032 chdir_default = info()["default_chdir"] 4033 self.assertEqual(chdir_default, "Allow") 4034 4035 self.assertTrue(default_chdir(Action.ACTION_FILTER)) 4036 chdir_default = info()["default_chdir"] 4037 self.assertEqual(chdir_default, "Filter") 4038 4039 self.assertTrue(default_chdir(Action.ACTION_STOP)) 4040 chdir_default = info()["default_chdir"] 4041 self.assertEqual(chdir_default, "Stop") 4042 4043 self.assertTrue(default_chdir(Action.ACTION_ABORT)) 4044 chdir_default = info()["default_chdir"] 4045 self.assertEqual(chdir_default, "Abort") 4046 4047 self.assertTrue(default_chdir(Action.ACTION_KILL)) 4048 chdir_default = info()["default_chdir"] 4049 self.assertEqual(chdir_default, "Kill") 4050 4051 self.assertTrue(default_chdir(Action.ACTION_EXIT)) 4052 chdir_default = info()["default_chdir"] 4053 self.assertEqual(chdir_default, "Exit") 4054 4055 # Ensure we reset to Deny last, so other tests are uneffected. 4056 self.assertTrue(default_chdir(Action.ACTION_DENY)) 4057 chdir_default = info()["default_chdir"] 4058 self.assertEqual(chdir_default, "Deny") 4059 4060 readdir_default = info()["default_readdir"] 4061 self.assertEqual(readdir_default, "Deny") 4062 4063 self.assertTrue(default_readdir(Action.ACTION_ALLOW)) 4064 readdir_default = info()["default_readdir"] 4065 self.assertEqual(readdir_default, "Allow") 4066 4067 self.assertTrue(default_readdir(Action.ACTION_FILTER)) 4068 readdir_default = info()["default_readdir"] 4069 self.assertEqual(readdir_default, "Filter") 4070 4071 self.assertTrue(default_readdir(Action.ACTION_STOP)) 4072 readdir_default = info()["default_readdir"] 4073 self.assertEqual(readdir_default, "Stop") 4074 4075 self.assertTrue(default_readdir(Action.ACTION_ABORT)) 4076 readdir_default = info()["default_readdir"] 4077 self.assertEqual(readdir_default, "Abort") 4078 4079 self.assertTrue(default_readdir(Action.ACTION_KILL)) 4080 readdir_default = info()["default_readdir"] 4081 self.assertEqual(readdir_default, "Kill") 4082 4083 self.assertTrue(default_readdir(Action.ACTION_EXIT)) 4084 readdir_default = info()["default_readdir"] 4085 self.assertEqual(readdir_default, "Exit") 4086 4087 # Ensure we reset to Deny last, so other tests are uneffected. 4088 self.assertTrue(default_readdir(Action.ACTION_DENY)) 4089 readdir_default = info()["default_readdir"] 4090 self.assertEqual(readdir_default, "Deny") 4091 4092 mkdir_default = info()["default_mkdir"] 4093 self.assertEqual(mkdir_default, "Deny") 4094 4095 self.assertTrue(default_mkdir(Action.ACTION_ALLOW)) 4096 mkdir_default = info()["default_mkdir"] 4097 self.assertEqual(mkdir_default, "Allow") 4098 4099 self.assertTrue(default_mkdir(Action.ACTION_FILTER)) 4100 mkdir_default = info()["default_mkdir"] 4101 self.assertEqual(mkdir_default, "Filter") 4102 4103 self.assertTrue(default_mkdir(Action.ACTION_STOP)) 4104 mkdir_default = info()["default_mkdir"] 4105 self.assertEqual(mkdir_default, "Stop") 4106 4107 self.assertTrue(default_mkdir(Action.ACTION_ABORT)) 4108 mkdir_default = info()["default_mkdir"] 4109 self.assertEqual(mkdir_default, "Abort") 4110 4111 self.assertTrue(default_mkdir(Action.ACTION_KILL)) 4112 mkdir_default = info()["default_mkdir"] 4113 self.assertEqual(mkdir_default, "Kill") 4114 4115 self.assertTrue(default_mkdir(Action.ACTION_EXIT)) 4116 mkdir_default = info()["default_mkdir"] 4117 self.assertEqual(mkdir_default, "Exit") 4118 4119 # Ensure we reset to Deny last, so other tests are uneffected. 4120 self.assertTrue(default_mkdir(Action.ACTION_DENY)) 4121 mkdir_default = info()["default_mkdir"] 4122 self.assertEqual(mkdir_default, "Deny") 4123 4124 rmdir_default = info()["default_mkdir"] 4125 self.assertEqual(rmdir_default, "Deny") 4126 4127 self.assertTrue(default_rmdir(Action.ACTION_ALLOW)) 4128 rmdir_default = info()["default_rmdir"] 4129 self.assertEqual(rmdir_default, "Allow") 4130 4131 self.assertTrue(default_rmdir(Action.ACTION_FILTER)) 4132 rmdir_default = info()["default_rmdir"] 4133 self.assertEqual(rmdir_default, "Filter") 4134 4135 self.assertTrue(default_rmdir(Action.ACTION_STOP)) 4136 rmdir_default = info()["default_rmdir"] 4137 self.assertEqual(rmdir_default, "Stop") 4138 4139 self.assertTrue(default_rmdir(Action.ACTION_ABORT)) 4140 rmdir_default = info()["default_rmdir"] 4141 self.assertEqual(rmdir_default, "Abort") 4142 4143 self.assertTrue(default_rmdir(Action.ACTION_KILL)) 4144 rmdir_default = info()["default_rmdir"] 4145 self.assertEqual(rmdir_default, "Kill") 4146 4147 self.assertTrue(default_rmdir(Action.ACTION_EXIT)) 4148 rmdir_default = info()["default_rmdir"] 4149 self.assertEqual(rmdir_default, "Exit") 4150 4151 # Ensure we reset to Deny last, so other tests are uneffected. 4152 self.assertTrue(default_rmdir(Action.ACTION_DENY)) 4153 rmdir_default = info()["default_rmdir"] 4154 self.assertEqual(rmdir_default, "Deny") 4155 4156 chown_default = info()["default_chown"] 4157 self.assertEqual(chown_default, "Deny") 4158 4159 self.assertTrue(default_chown(Action.ACTION_ALLOW)) 4160 chown_default = info()["default_chown"] 4161 self.assertEqual(chown_default, "Allow") 4162 4163 self.assertTrue(default_chown(Action.ACTION_FILTER)) 4164 chown_default = info()["default_chown"] 4165 self.assertEqual(chown_default, "Filter") 4166 4167 self.assertTrue(default_chown(Action.ACTION_STOP)) 4168 chown_default = info()["default_chown"] 4169 self.assertEqual(chown_default, "Stop") 4170 4171 self.assertTrue(default_chown(Action.ACTION_ABORT)) 4172 chown_default = info()["default_chown"] 4173 self.assertEqual(chown_default, "Abort") 4174 4175 self.assertTrue(default_chown(Action.ACTION_KILL)) 4176 chown_default = info()["default_chown"] 4177 self.assertEqual(chown_default, "Kill") 4178 4179 self.assertTrue(default_chown(Action.ACTION_EXIT)) 4180 chown_default = info()["default_chown"] 4181 self.assertEqual(chown_default, "Exit") 4182 4183 # Ensure we reset to Deny last, so other tests are uneffected. 4184 self.assertTrue(default_chown(Action.ACTION_DENY)) 4185 chown_default = info()["default_chown"] 4186 self.assertEqual(chown_default, "Deny") 4187 4188 chgrp_default = info()["default_chgrp"] 4189 self.assertEqual(chgrp_default, "Deny") 4190 4191 self.assertTrue(default_chgrp(Action.ACTION_ALLOW)) 4192 chgrp_default = info()["default_chgrp"] 4193 self.assertEqual(chgrp_default, "Allow") 4194 4195 self.assertTrue(default_chgrp(Action.ACTION_FILTER)) 4196 chgrp_default = info()["default_chgrp"] 4197 self.assertEqual(chgrp_default, "Filter") 4198 4199 self.assertTrue(default_chgrp(Action.ACTION_STOP)) 4200 chgrp_default = info()["default_chgrp"] 4201 self.assertEqual(chgrp_default, "Stop") 4202 4203 self.assertTrue(default_chgrp(Action.ACTION_ABORT)) 4204 chgrp_default = info()["default_chgrp"] 4205 self.assertEqual(chgrp_default, "Abort") 4206 4207 self.assertTrue(default_chgrp(Action.ACTION_KILL)) 4208 chgrp_default = info()["default_chgrp"] 4209 self.assertEqual(chgrp_default, "Kill") 4210 4211 self.assertTrue(default_chgrp(Action.ACTION_EXIT)) 4212 chgrp_default = info()["default_chgrp"] 4213 self.assertEqual(chgrp_default, "Exit") 4214 4215 # Ensure we reset to Deny last, so other tests are uneffected. 4216 self.assertTrue(default_chgrp(Action.ACTION_DENY)) 4217 chgrp_default = info()["default_chgrp"] 4218 self.assertEqual(chgrp_default, "Deny") 4219 4220 chmod_default = info()["default_chmod"] 4221 self.assertEqual(chmod_default, "Deny") 4222 4223 self.assertTrue(default_chmod(Action.ACTION_ALLOW)) 4224 chmod_default = info()["default_chmod"] 4225 self.assertEqual(chmod_default, "Allow") 4226 4227 self.assertTrue(default_chmod(Action.ACTION_FILTER)) 4228 chmod_default = info()["default_chmod"] 4229 self.assertEqual(chmod_default, "Filter") 4230 4231 self.assertTrue(default_chmod(Action.ACTION_STOP)) 4232 chmod_default = info()["default_chmod"] 4233 self.assertEqual(chmod_default, "Stop") 4234 4235 self.assertTrue(default_chmod(Action.ACTION_ABORT)) 4236 chmod_default = info()["default_chmod"] 4237 self.assertEqual(chmod_default, "Abort") 4238 4239 self.assertTrue(default_chmod(Action.ACTION_KILL)) 4240 chmod_default = info()["default_chmod"] 4241 self.assertEqual(chmod_default, "Kill") 4242 4243 self.assertTrue(default_chmod(Action.ACTION_EXIT)) 4244 chmod_default = info()["default_chmod"] 4245 self.assertEqual(chmod_default, "Exit") 4246 4247 # Ensure we reset to Deny last, so other tests are uneffected. 4248 self.assertTrue(default_chmod(Action.ACTION_DENY)) 4249 chmod_default = info()["default_chmod"] 4250 self.assertEqual(chmod_default, "Deny") 4251 4252 chattr_default = info()["default_chattr"] 4253 self.assertEqual(chattr_default, "Deny") 4254 4255 self.assertTrue(default_chattr(Action.ACTION_ALLOW)) 4256 chattr_default = info()["default_chattr"] 4257 self.assertEqual(chattr_default, "Allow") 4258 4259 self.assertTrue(default_chattr(Action.ACTION_FILTER)) 4260 chattr_default = info()["default_chattr"] 4261 self.assertEqual(chattr_default, "Filter") 4262 4263 self.assertTrue(default_chattr(Action.ACTION_STOP)) 4264 chattr_default = info()["default_chattr"] 4265 self.assertEqual(chattr_default, "Stop") 4266 4267 self.assertTrue(default_chattr(Action.ACTION_ABORT)) 4268 chattr_default = info()["default_chattr"] 4269 self.assertEqual(chattr_default, "Abort") 4270 4271 self.assertTrue(default_chattr(Action.ACTION_KILL)) 4272 chattr_default = info()["default_chattr"] 4273 self.assertEqual(chattr_default, "Kill") 4274 4275 self.assertTrue(default_chattr(Action.ACTION_EXIT)) 4276 chattr_default = info()["default_chattr"] 4277 self.assertEqual(chattr_default, "Exit") 4278 4279 # Ensure we reset to Deny last, so other tests are uneffected. 4280 self.assertTrue(default_chattr(Action.ACTION_DENY)) 4281 chattr_default = info()["default_chattr"] 4282 self.assertEqual(chattr_default, "Deny") 4283 4284 chroot_default = info()["default_chroot"] 4285 self.assertEqual(chroot_default, "Deny") 4286 4287 self.assertTrue(default_chroot(Action.ACTION_ALLOW)) 4288 chroot_default = info()["default_chroot"] 4289 self.assertEqual(chroot_default, "Allow") 4290 4291 self.assertTrue(default_chroot(Action.ACTION_FILTER)) 4292 chroot_default = info()["default_chroot"] 4293 self.assertEqual(chroot_default, "Filter") 4294 4295 self.assertTrue(default_chroot(Action.ACTION_STOP)) 4296 chroot_default = info()["default_chroot"] 4297 self.assertEqual(chroot_default, "Stop") 4298 4299 self.assertTrue(default_chroot(Action.ACTION_ABORT)) 4300 chroot_default = info()["default_chroot"] 4301 self.assertEqual(chroot_default, "Abort") 4302 4303 self.assertTrue(default_chroot(Action.ACTION_KILL)) 4304 chroot_default = info()["default_chroot"] 4305 self.assertEqual(chroot_default, "Kill") 4306 4307 self.assertTrue(default_chroot(Action.ACTION_EXIT)) 4308 chroot_default = info()["default_chroot"] 4309 self.assertEqual(chroot_default, "Exit") 4310 4311 # Ensure we reset to Deny last, so other tests are uneffected. 4312 self.assertTrue(default_chroot(Action.ACTION_DENY)) 4313 chroot_default = info()["default_chroot"] 4314 self.assertEqual(chroot_default, "Deny") 4315 4316 utime_default = info()["default_utime"] 4317 self.assertEqual(utime_default, "Deny") 4318 4319 self.assertTrue(default_utime(Action.ACTION_ALLOW)) 4320 utime_default = info()["default_utime"] 4321 self.assertEqual(utime_default, "Allow") 4322 4323 self.assertTrue(default_utime(Action.ACTION_FILTER)) 4324 utime_default = info()["default_utime"] 4325 self.assertEqual(utime_default, "Filter") 4326 4327 self.assertTrue(default_utime(Action.ACTION_STOP)) 4328 utime_default = info()["default_utime"] 4329 self.assertEqual(utime_default, "Stop") 4330 4331 self.assertTrue(default_utime(Action.ACTION_ABORT)) 4332 utime_default = info()["default_utime"] 4333 self.assertEqual(utime_default, "Abort") 4334 4335 self.assertTrue(default_utime(Action.ACTION_KILL)) 4336 utime_default = info()["default_utime"] 4337 self.assertEqual(utime_default, "Kill") 4338 4339 self.assertTrue(default_utime(Action.ACTION_EXIT)) 4340 utime_default = info()["default_utime"] 4341 self.assertEqual(utime_default, "Exit") 4342 4343 # Ensure we reset to Deny last, so other tests are uneffected. 4344 self.assertTrue(default_utime(Action.ACTION_DENY)) 4345 utime_default = info()["default_utime"] 4346 self.assertEqual(utime_default, "Deny") 4347 4348 mkdev_default = info()["default_mkdev"] 4349 self.assertEqual(mkdev_default, "Deny") 4350 4351 self.assertTrue(default_mkdev(Action.ACTION_ALLOW)) 4352 mkdev_default = info()["default_mkdev"] 4353 self.assertEqual(mkdev_default, "Allow") 4354 4355 self.assertTrue(default_mkdev(Action.ACTION_FILTER)) 4356 mkdev_default = info()["default_mkdev"] 4357 self.assertEqual(mkdev_default, "Filter") 4358 4359 self.assertTrue(default_mkdev(Action.ACTION_STOP)) 4360 mkdev_default = info()["default_mkdev"] 4361 self.assertEqual(mkdev_default, "Stop") 4362 4363 self.assertTrue(default_mkdev(Action.ACTION_ABORT)) 4364 mkdev_default = info()["default_mkdev"] 4365 self.assertEqual(mkdev_default, "Abort") 4366 4367 self.assertTrue(default_mkdev(Action.ACTION_KILL)) 4368 mkdev_default = info()["default_mkdev"] 4369 self.assertEqual(mkdev_default, "Kill") 4370 4371 self.assertTrue(default_mkdev(Action.ACTION_EXIT)) 4372 mkdev_default = info()["default_mkdev"] 4373 self.assertEqual(mkdev_default, "Exit") 4374 4375 # Ensure we reset to Deny last, so other tests are uneffected. 4376 self.assertTrue(default_mkdev(Action.ACTION_DENY)) 4377 mkdev_default = info()["default_mkdev"] 4378 self.assertEqual(mkdev_default, "Deny") 4379 4380 mkfifo_default = info()["default_mkfifo"] 4381 self.assertEqual(mkfifo_default, "Deny") 4382 4383 self.assertTrue(default_mkfifo(Action.ACTION_ALLOW)) 4384 mkfifo_default = info()["default_mkfifo"] 4385 self.assertEqual(mkfifo_default, "Allow") 4386 4387 self.assertTrue(default_mkfifo(Action.ACTION_FILTER)) 4388 mkfifo_default = info()["default_mkfifo"] 4389 self.assertEqual(mkfifo_default, "Filter") 4390 4391 self.assertTrue(default_mkfifo(Action.ACTION_STOP)) 4392 mkfifo_default = info()["default_mkfifo"] 4393 self.assertEqual(mkfifo_default, "Stop") 4394 4395 self.assertTrue(default_mkfifo(Action.ACTION_ABORT)) 4396 mkfifo_default = info()["default_mkfifo"] 4397 self.assertEqual(mkfifo_default, "Abort") 4398 4399 self.assertTrue(default_mkfifo(Action.ACTION_KILL)) 4400 mkfifo_default = info()["default_mkfifo"] 4401 self.assertEqual(mkfifo_default, "Kill") 4402 4403 self.assertTrue(default_mkfifo(Action.ACTION_EXIT)) 4404 mkfifo_default = info()["default_mkfifo"] 4405 self.assertEqual(mkfifo_default, "Exit") 4406 4407 # Ensure we reset to Deny last, so other tests are uneffected. 4408 self.assertTrue(default_mkfifo(Action.ACTION_DENY)) 4409 mkfifo_default = info()["default_mkfifo"] 4410 self.assertEqual(mkfifo_default, "Deny") 4411 4412 mktemp_default = info()["default_mktemp"] 4413 self.assertEqual(mktemp_default, "Deny") 4414 4415 self.assertTrue(default_mktemp(Action.ACTION_ALLOW)) 4416 mktemp_default = info()["default_mktemp"] 4417 self.assertEqual(mktemp_default, "Allow") 4418 4419 self.assertTrue(default_mktemp(Action.ACTION_FILTER)) 4420 mktemp_default = info()["default_mktemp"] 4421 self.assertEqual(mktemp_default, "Filter") 4422 4423 self.assertTrue(default_mktemp(Action.ACTION_STOP)) 4424 mktemp_default = info()["default_mktemp"] 4425 self.assertEqual(mktemp_default, "Stop") 4426 4427 self.assertTrue(default_mktemp(Action.ACTION_ABORT)) 4428 mktemp_default = info()["default_mktemp"] 4429 self.assertEqual(mktemp_default, "Abort") 4430 4431 self.assertTrue(default_mktemp(Action.ACTION_KILL)) 4432 mktemp_default = info()["default_mktemp"] 4433 self.assertEqual(mktemp_default, "Kill") 4434 4435 self.assertTrue(default_mktemp(Action.ACTION_EXIT)) 4436 mktemp_default = info()["default_mktemp"] 4437 self.assertEqual(mktemp_default, "Exit") 4438 4439 # Ensure we reset to Deny last, so other tests are uneffected. 4440 self.assertTrue(default_mktemp(Action.ACTION_DENY)) 4441 mktemp_default = info()["default_mktemp"] 4442 self.assertEqual(mktemp_default, "Deny") 4443 4444 # TODO: Split net_default into net_bind, net_connect and net_sendfd. 4445 # net_default = info()["default_net"] 4446 # self.assertEqual(net_default, "Deny") 4447 # 4448 # self.assertTrue(default_net(Action.ACTION_ALLOW)) 4449 # net_default = info()["default_net"] 4450 # self.assertEqual(net_default, "Allow") 4451 # 4452 # self.assertTrue(default_net(Action.ACTION_FILTER)) 4453 # net_default = info()["default_net"] 4454 # self.assertEqual(net_default, "Filter") 4455 # 4456 # self.assertTrue(default_net(Action.ACTION_STOP)) 4457 # net_default = info()["default_net"] 4458 # self.assertEqual(net_default, "Stop") 4459 # 4460 # self.assertTrue(default_net(Action.ACTION_KILL)) 4461 # net_default = info()["default_net"] 4462 # self.assertEqual(net_default, "Kill") 4463 # 4464 # # Ensure we reset to Deny last, so other tests are uneffected. 4465 # self.assertTrue(default_net(Action.ACTION_DENY)) 4466 # net_default = info()["default_net"] 4467 # self.assertEqual(net_default, "Deny") 4468 4469 block_default = info()["default_block"] 4470 self.assertEqual(block_default, "Deny") 4471 4472 with self.assertRaises(OSError) as cm: 4473 self.assertTrue(default_block(Action.ACTION_ALLOW)) 4474 self.assertEqual(cm.exception.errno, errno.EINVAL) 4475 4476 self.assertTrue(default_block(Action.ACTION_FILTER)) 4477 block_default = info()["default_block"] 4478 self.assertEqual(block_default, "Filter") 4479 4480 self.assertTrue(default_block(Action.ACTION_STOP)) 4481 block_default = info()["default_block"] 4482 self.assertEqual(block_default, "Stop") 4483 4484 self.assertTrue(default_block(Action.ACTION_ABORT)) 4485 block_default = info()["default_block"] 4486 self.assertEqual(block_default, "Abort") 4487 4488 self.assertTrue(default_block(Action.ACTION_KILL)) 4489 block_default = info()["default_block"] 4490 self.assertEqual(block_default, "Kill") 4491 4492 self.assertTrue(default_block(Action.ACTION_EXIT)) 4493 block_default = info()["default_block"] 4494 self.assertEqual(block_default, "Exit") 4495 4496 # Ensure we reset to Deny last, so other tests are uneffected. 4497 self.assertTrue(default_block(Action.ACTION_DENY)) 4498 block_default = info()["default_block"] 4499 self.assertEqual(block_default, "Deny") 4500 4501 mem_default = info()["default_mem"] 4502 self.assertEqual(mem_default, "Deny") 4503 4504 with self.assertRaises(OSError) as cm: 4505 self.assertTrue(default_mem(Action.ACTION_ALLOW)) 4506 self.assertEqual(cm.exception.errno, errno.EINVAL) 4507 4508 self.assertTrue(default_mem(Action.ACTION_FILTER)) 4509 mem_default = info()["default_mem"] 4510 self.assertEqual(mem_default, "Filter") 4511 4512 self.assertTrue(default_mem(Action.ACTION_STOP)) 4513 mem_default = info()["default_mem"] 4514 self.assertEqual(mem_default, "Stop") 4515 4516 self.assertTrue(default_mem(Action.ACTION_ABORT)) 4517 mem_default = info()["default_mem"] 4518 self.assertEqual(mem_default, "Abort") 4519 4520 self.assertTrue(default_mem(Action.ACTION_KILL)) 4521 mem_default = info()["default_mem"] 4522 self.assertEqual(mem_default, "Kill") 4523 4524 self.assertTrue(default_mem(Action.ACTION_EXIT)) 4525 mem_default = info()["default_mem"] 4526 self.assertEqual(mem_default, "Exit") 4527 4528 # Ensure we reset to Deny last, so other tests are uneffected. 4529 self.assertTrue(default_mem(Action.ACTION_DENY)) 4530 mem_default = info()["default_mem"] 4531 self.assertEqual(mem_default, "Deny") 4532 4533 pid_default = info()["default_pid"] 4534 self.assertEqual(pid_default, "Kill") 4535 4536 with self.assertRaises(OSError) as cm: 4537 self.assertTrue(default_pid(Action.ACTION_ALLOW)) 4538 self.assertEqual(cm.exception.errno, errno.EINVAL) 4539 4540 self.assertTrue(default_pid(Action.ACTION_FILTER)) 4541 pid_default = info()["default_pid"] 4542 self.assertEqual(pid_default, "Filter") 4543 4544 with self.assertRaises(OSError) as cm: 4545 self.assertTrue(default_pid(Action.ACTION_DENY)) 4546 self.assertEqual(cm.exception.errno, errno.EINVAL) 4547 4548 self.assertTrue(default_pid(Action.ACTION_STOP)) 4549 pid_default = info()["default_pid"] 4550 self.assertEqual(pid_default, "Stop") 4551 4552 # Ensure we reset to Kill last, so other tests are uneffected. 4553 self.assertTrue(default_pid(Action.ACTION_KILL)) 4554 pid_default = info()["default_pid"] 4555 self.assertEqual(pid_default, "Kill") 4556 4557 self.assertTrue(default_pid(Action.ACTION_EXIT)) 4558 pid_default = info()["default_pid"] 4559 self.assertEqual(pid_default, "Exit") 4560 4561 force_default = info()["default_force"] 4562 self.assertEqual(force_default, "Deny") 4563 4564 with self.assertRaises(OSError) as cm: 4565 self.assertTrue(default_force(Action.ACTION_ALLOW)) 4566 self.assertEqual(cm.exception.errno, errno.EINVAL) 4567 4568 self.assertTrue(default_force(Action.ACTION_WARN)) 4569 force_default = info()["default_force"] 4570 self.assertEqual(force_default, "Warn") 4571 4572 self.assertTrue(default_force(Action.ACTION_FILTER)) 4573 force_default = info()["default_force"] 4574 self.assertEqual(force_default, "Filter") 4575 4576 self.assertTrue(default_force(Action.ACTION_PANIC)) 4577 force_default = info()["default_force"] 4578 self.assertEqual(force_default, "Panic") 4579 4580 self.assertTrue(default_force(Action.ACTION_STOP)) 4581 force_default = info()["default_force"] 4582 self.assertEqual(force_default, "Stop") 4583 4584 self.assertTrue(default_force(Action.ACTION_ABORT)) 4585 force_default = info()["default_force"] 4586 self.assertEqual(force_default, "Abort") 4587 4588 self.assertTrue(default_force(Action.ACTION_KILL)) 4589 force_default = info()["default_force"] 4590 self.assertEqual(force_default, "Kill") 4591 4592 self.assertTrue(default_force(Action.ACTION_EXIT)) 4593 force_default = info()["default_force"] 4594 self.assertEqual(force_default, "Exit") 4595 4596 self.assertTrue(default_force(Action.ACTION_EXIT)) 4597 force_default = info()["default_force"] 4598 self.assertEqual(force_default, "Exit") 4599 4600 # Ensure we reset to Deny last, so other tests are uneffected. 4601 self.assertTrue(default_force(Action.ACTION_DENY)) 4602 force_default = info()["default_force"] 4603 self.assertEqual(force_default, "Deny") 4604 4605 segvguard_default = info()["default_segvguard"] 4606 self.assertEqual(segvguard_default, "Deny") 4607 4608 with self.assertRaises(OSError) as cm: 4609 self.assertTrue(default_segvguard(Action.ACTION_ALLOW)) 4610 self.assertEqual(cm.exception.errno, errno.EINVAL) 4611 4612 self.assertTrue(default_segvguard(Action.ACTION_FILTER)) 4613 segvguard_default = info()["default_segvguard"] 4614 self.assertEqual(segvguard_default, "Filter") 4615 4616 self.assertTrue(default_segvguard(Action.ACTION_STOP)) 4617 segvguard_default = info()["default_segvguard"] 4618 self.assertEqual(segvguard_default, "Stop") 4619 4620 self.assertTrue(default_segvguard(Action.ACTION_ABORT)) 4621 segvguard_default = info()["default_segvguard"] 4622 self.assertEqual(segvguard_default, "Abort") 4623 4624 self.assertTrue(default_segvguard(Action.ACTION_KILL)) 4625 segvguard_default = info()["default_segvguard"] 4626 self.assertEqual(segvguard_default, "Kill") 4627 4628 self.assertTrue(default_segvguard(Action.ACTION_EXIT)) 4629 segvguard_default = info()["default_segvguard"] 4630 self.assertEqual(segvguard_default, "Exit") 4631 4632 # Ensure we reset to Deny last, so other tests are uneffected. 4633 self.assertTrue(default_segvguard(Action.ACTION_DENY)) 4634 segvguard_default = info()["default_segvguard"] 4635 self.assertEqual(segvguard_default, "Deny") 4636 4637 tpe_default = info()["default_tpe"] 4638 self.assertEqual(tpe_default, "Deny") 4639 4640 with self.assertRaises(OSError) as cm: 4641 self.assertTrue(default_tpe(Action.ACTION_ALLOW)) 4642 self.assertEqual(cm.exception.errno, errno.EINVAL) 4643 4644 self.assertTrue(default_tpe(Action.ACTION_FILTER)) 4645 tpe_default = info()["default_tpe"] 4646 self.assertEqual(tpe_default, "Filter") 4647 4648 self.assertTrue(default_tpe(Action.ACTION_STOP)) 4649 tpe_default = info()["default_tpe"] 4650 self.assertEqual(tpe_default, "Stop") 4651 4652 self.assertTrue(default_tpe(Action.ACTION_ABORT)) 4653 tpe_default = info()["default_tpe"] 4654 self.assertEqual(tpe_default, "Abort") 4655 4656 self.assertTrue(default_tpe(Action.ACTION_KILL)) 4657 tpe_default = info()["default_tpe"] 4658 self.assertEqual(tpe_default, "Kill") 4659 4660 self.assertTrue(default_tpe(Action.ACTION_EXIT)) 4661 tpe_default = info()["default_tpe"] 4662 self.assertEqual(tpe_default, "Exit") 4663 4664 # Ensure we reset to Deny last, so other tests are uneffected. 4665 self.assertTrue(default_tpe(Action.ACTION_DENY)) 4666 tpe_default = info()["default_tpe"] 4667 self.assertEqual(tpe_default, "Deny") 4668 4669 def test_04_glob(self): 4670 path = "/tmp/pysyd" 4671 parg = path.encode("utf-8") 4672 4673 rule = {"act": "Allow", "cap": "stat", "pat": path} 4674 self.assertTrue(stat_add(Action.ACTION_ALLOW, parg)) 4675 rules = info()["glob_rules"] 4676 idx = self.find(rules, rule) 4677 self.assertEqual(idx, len(rules) - 1) 4678 4679 self.assertTrue(stat_del(Action.ACTION_ALLOW, parg)) 4680 rules = info()["glob_rules"] 4681 idx = self.find(rules, rule) 4682 self.assertIsNone(idx) 4683 4684 self.assertTrue(stat_add(Action.ACTION_ALLOW, parg)) 4685 self.assertTrue(stat_add(Action.ACTION_ALLOW, parg)) 4686 self.assertTrue(stat_add(Action.ACTION_ALLOW, parg)) 4687 self.assertTrue(stat_rem(Action.ACTION_ALLOW, parg)) 4688 rules = info()["glob_rules"] 4689 idx = self.find(rules, rule) 4690 self.assertIsNone(idx) 4691 4692 rule = {"act": "Deny", "cap": "stat", "pat": path} 4693 self.assertTrue(stat_add(Action.ACTION_DENY, parg)) 4694 rules = info()["glob_rules"] 4695 idx = self.find(rules, rule) 4696 self.assertEqual(idx, len(rules) - 1) 4697 4698 self.assertTrue(stat_del(Action.ACTION_DENY, parg)) 4699 rules = info()["glob_rules"] 4700 idx = self.find(rules, rule) 4701 self.assertIsNone(idx) 4702 4703 self.assertTrue(stat_add(Action.ACTION_DENY, parg)) 4704 self.assertTrue(stat_add(Action.ACTION_DENY, parg)) 4705 self.assertTrue(stat_add(Action.ACTION_DENY, parg)) 4706 self.assertTrue(stat_rem(Action.ACTION_DENY, parg)) 4707 rules = info()["glob_rules"] 4708 idx = self.find(rules, rule) 4709 self.assertIsNone(idx) 4710 4711 rule = {"act": "Filter", "cap": "stat", "pat": path} 4712 self.assertTrue(stat_add(Action.ACTION_FILTER, parg)) 4713 rules = info()["glob_rules"] 4714 idx = self.find(rules, rule) 4715 self.assertEqual(idx, len(rules) - 1) 4716 4717 self.assertTrue(stat_del(Action.ACTION_FILTER, parg)) 4718 rules = info()["glob_rules"] 4719 idx = self.find(rules, rule) 4720 self.assertIsNone(idx) 4721 4722 self.assertTrue(stat_add(Action.ACTION_FILTER, parg)) 4723 self.assertTrue(stat_add(Action.ACTION_FILTER, parg)) 4724 self.assertTrue(stat_add(Action.ACTION_FILTER, parg)) 4725 self.assertTrue(stat_rem(Action.ACTION_FILTER, parg)) 4726 rules = info()["glob_rules"] 4727 idx = self.find(rules, rule) 4728 self.assertIsNone(idx) 4729 4730 rule = {"act": "Allow", "cap": "read", "pat": path} 4731 self.assertTrue(read_add(Action.ACTION_ALLOW, parg)) 4732 rules = info()["glob_rules"] 4733 idx = self.find(rules, rule) 4734 self.assertEqual(idx, len(rules) - 1) 4735 4736 self.assertTrue(read_del(Action.ACTION_ALLOW, parg)) 4737 rules = info()["glob_rules"] 4738 idx = self.find(rules, rule) 4739 self.assertIsNone(idx) 4740 4741 self.assertTrue(read_add(Action.ACTION_ALLOW, parg)) 4742 self.assertTrue(read_add(Action.ACTION_ALLOW, parg)) 4743 self.assertTrue(read_add(Action.ACTION_ALLOW, parg)) 4744 self.assertTrue(read_rem(Action.ACTION_ALLOW, parg)) 4745 rules = info()["glob_rules"] 4746 idx = self.find(rules, rule) 4747 self.assertIsNone(idx) 4748 4749 rule = {"act": "Deny", "cap": "read", "pat": path} 4750 self.assertTrue(read_add(Action.ACTION_DENY, parg)) 4751 rules = info()["glob_rules"] 4752 idx = self.find(rules, rule) 4753 self.assertEqual(idx, len(rules) - 1) 4754 4755 self.assertTrue(read_del(Action.ACTION_DENY, parg)) 4756 rules = info()["glob_rules"] 4757 idx = self.find(rules, rule) 4758 self.assertIsNone(idx) 4759 4760 self.assertTrue(read_add(Action.ACTION_DENY, parg)) 4761 self.assertTrue(read_add(Action.ACTION_DENY, parg)) 4762 self.assertTrue(read_add(Action.ACTION_DENY, parg)) 4763 self.assertTrue(read_rem(Action.ACTION_DENY, parg)) 4764 rules = info()["glob_rules"] 4765 idx = self.find(rules, rule) 4766 self.assertIsNone(idx) 4767 4768 rule = {"act": "Filter", "cap": "read", "pat": path} 4769 self.assertTrue(read_add(Action.ACTION_FILTER, parg)) 4770 rules = info()["glob_rules"] 4771 idx = self.find(rules, rule) 4772 self.assertEqual(idx, len(rules) - 1) 4773 4774 self.assertTrue(read_del(Action.ACTION_FILTER, parg)) 4775 rules = info()["glob_rules"] 4776 idx = self.find(rules, rule) 4777 self.assertIsNone(idx) 4778 4779 self.assertTrue(read_add(Action.ACTION_FILTER, parg)) 4780 self.assertTrue(read_add(Action.ACTION_FILTER, parg)) 4781 self.assertTrue(read_add(Action.ACTION_FILTER, parg)) 4782 self.assertTrue(read_rem(Action.ACTION_FILTER, parg)) 4783 rules = info()["glob_rules"] 4784 idx = self.find(rules, rule) 4785 self.assertIsNone(idx) 4786 4787 rule = {"act": "Allow", "cap": "write", "pat": path} 4788 self.assertTrue(write_add(Action.ACTION_ALLOW, parg)) 4789 rules = info()["glob_rules"] 4790 idx = self.find(rules, rule) 4791 self.assertEqual(idx, len(rules) - 1) 4792 4793 self.assertTrue(write_del(Action.ACTION_ALLOW, parg)) 4794 rules = info()["glob_rules"] 4795 idx = self.find(rules, rule) 4796 self.assertIsNone(idx) 4797 4798 self.assertTrue(write_add(Action.ACTION_ALLOW, parg)) 4799 self.assertTrue(write_add(Action.ACTION_ALLOW, parg)) 4800 self.assertTrue(write_add(Action.ACTION_ALLOW, parg)) 4801 self.assertTrue(write_rem(Action.ACTION_ALLOW, parg)) 4802 rules = info()["glob_rules"] 4803 idx = self.find(rules, rule) 4804 self.assertIsNone(idx) 4805 4806 rule = {"act": "Deny", "cap": "write", "pat": path} 4807 self.assertTrue(write_add(Action.ACTION_DENY, parg)) 4808 rules = info()["glob_rules"] 4809 idx = self.find(rules, rule) 4810 self.assertEqual(idx, len(rules) - 1) 4811 4812 self.assertTrue(write_del(Action.ACTION_DENY, parg)) 4813 rules = info()["glob_rules"] 4814 idx = self.find(rules, rule) 4815 self.assertIsNone(idx) 4816 4817 self.assertTrue(write_add(Action.ACTION_DENY, parg)) 4818 self.assertTrue(write_add(Action.ACTION_DENY, parg)) 4819 self.assertTrue(write_add(Action.ACTION_DENY, parg)) 4820 self.assertTrue(write_rem(Action.ACTION_DENY, parg)) 4821 rules = info()["glob_rules"] 4822 idx = self.find(rules, rule) 4823 self.assertIsNone(idx) 4824 4825 rule = {"act": "Filter", "cap": "write", "pat": path} 4826 self.assertTrue(write_add(Action.ACTION_FILTER, parg)) 4827 rules = info()["glob_rules"] 4828 idx = self.find(rules, rule) 4829 self.assertEqual(idx, len(rules) - 1) 4830 4831 self.assertTrue(write_del(Action.ACTION_FILTER, parg)) 4832 rules = info()["glob_rules"] 4833 idx = self.find(rules, rule) 4834 self.assertIsNone(idx) 4835 4836 self.assertTrue(write_add(Action.ACTION_FILTER, parg)) 4837 self.assertTrue(write_add(Action.ACTION_FILTER, parg)) 4838 self.assertTrue(write_add(Action.ACTION_FILTER, parg)) 4839 self.assertTrue(write_rem(Action.ACTION_FILTER, parg)) 4840 rules = info()["glob_rules"] 4841 idx = self.find(rules, rule) 4842 self.assertIsNone(idx) 4843 4844 rule = {"act": "Allow", "cap": "exec", "pat": path} 4845 self.assertTrue(exec_add(Action.ACTION_ALLOW, parg)) 4846 rules = info()["glob_rules"] 4847 idx = self.find(rules, rule) 4848 self.assertEqual(idx, len(rules) - 1) 4849 4850 self.assertTrue(exec_del(Action.ACTION_ALLOW, parg)) 4851 rules = info()["glob_rules"] 4852 idx = self.find(rules, rule) 4853 self.assertIsNone(idx) 4854 4855 self.assertTrue(exec_add(Action.ACTION_ALLOW, parg)) 4856 self.assertTrue(exec_add(Action.ACTION_ALLOW, parg)) 4857 self.assertTrue(exec_add(Action.ACTION_ALLOW, parg)) 4858 self.assertTrue(exec_rem(Action.ACTION_ALLOW, parg)) 4859 rules = info()["glob_rules"] 4860 idx = self.find(rules, rule) 4861 self.assertIsNone(idx) 4862 4863 rule = {"act": "Deny", "cap": "exec", "pat": path} 4864 self.assertTrue(exec_add(Action.ACTION_DENY, parg)) 4865 rules = info()["glob_rules"] 4866 idx = self.find(rules, rule) 4867 self.assertEqual(idx, len(rules) - 1) 4868 4869 self.assertTrue(exec_del(Action.ACTION_DENY, parg)) 4870 rules = info()["glob_rules"] 4871 idx = self.find(rules, rule) 4872 self.assertIsNone(idx) 4873 4874 self.assertTrue(exec_add(Action.ACTION_DENY, parg)) 4875 self.assertTrue(exec_add(Action.ACTION_DENY, parg)) 4876 self.assertTrue(exec_add(Action.ACTION_DENY, parg)) 4877 self.assertTrue(exec_rem(Action.ACTION_DENY, parg)) 4878 rules = info()["glob_rules"] 4879 idx = self.find(rules, rule) 4880 self.assertIsNone(idx) 4881 4882 rule = {"act": "Filter", "cap": "exec", "pat": path} 4883 self.assertTrue(exec_add(Action.ACTION_FILTER, parg)) 4884 rules = info()["glob_rules"] 4885 idx = self.find(rules, rule) 4886 self.assertEqual(idx, len(rules) - 1) 4887 4888 self.assertTrue(exec_del(Action.ACTION_FILTER, parg)) 4889 rules = info()["glob_rules"] 4890 idx = self.find(rules, rule) 4891 self.assertIsNone(idx) 4892 4893 self.assertTrue(exec_add(Action.ACTION_FILTER, parg)) 4894 self.assertTrue(exec_add(Action.ACTION_FILTER, parg)) 4895 self.assertTrue(exec_add(Action.ACTION_FILTER, parg)) 4896 self.assertTrue(exec_rem(Action.ACTION_FILTER, parg)) 4897 rules = info()["glob_rules"] 4898 idx = self.find(rules, rule) 4899 self.assertIsNone(idx) 4900 4901 rule = {"act": "Allow", "cap": "ioctl", "pat": path} 4902 self.assertTrue(ioctl_add(Action.ACTION_ALLOW, parg)) 4903 rules = info()["glob_rules"] 4904 idx = self.find(rules, rule) 4905 self.assertEqual(idx, len(rules) - 1) 4906 4907 self.assertTrue(ioctl_del(Action.ACTION_ALLOW, parg)) 4908 rules = info()["glob_rules"] 4909 idx = self.find(rules, rule) 4910 self.assertIsNone(idx) 4911 4912 self.assertTrue(ioctl_add(Action.ACTION_ALLOW, parg)) 4913 self.assertTrue(ioctl_add(Action.ACTION_ALLOW, parg)) 4914 self.assertTrue(ioctl_add(Action.ACTION_ALLOW, parg)) 4915 self.assertTrue(ioctl_rem(Action.ACTION_ALLOW, parg)) 4916 rules = info()["glob_rules"] 4917 idx = self.find(rules, rule) 4918 self.assertIsNone(idx) 4919 4920 rule = {"act": "Deny", "cap": "ioctl", "pat": path} 4921 self.assertTrue(ioctl_add(Action.ACTION_DENY, parg)) 4922 rules = info()["glob_rules"] 4923 idx = self.find(rules, rule) 4924 self.assertEqual(idx, len(rules) - 1) 4925 4926 self.assertTrue(ioctl_del(Action.ACTION_DENY, parg)) 4927 rules = info()["glob_rules"] 4928 idx = self.find(rules, rule) 4929 self.assertIsNone(idx) 4930 4931 self.assertTrue(ioctl_add(Action.ACTION_DENY, parg)) 4932 self.assertTrue(ioctl_add(Action.ACTION_DENY, parg)) 4933 self.assertTrue(ioctl_add(Action.ACTION_DENY, parg)) 4934 self.assertTrue(ioctl_rem(Action.ACTION_DENY, parg)) 4935 rules = info()["glob_rules"] 4936 idx = self.find(rules, rule) 4937 self.assertIsNone(idx) 4938 4939 rule = {"act": "Filter", "cap": "ioctl", "pat": path} 4940 self.assertTrue(ioctl_add(Action.ACTION_FILTER, parg)) 4941 rules = info()["glob_rules"] 4942 idx = self.find(rules, rule) 4943 self.assertEqual(idx, len(rules) - 1) 4944 4945 self.assertTrue(ioctl_del(Action.ACTION_FILTER, parg)) 4946 rules = info()["glob_rules"] 4947 idx = self.find(rules, rule) 4948 self.assertIsNone(idx) 4949 4950 self.assertTrue(ioctl_add(Action.ACTION_FILTER, parg)) 4951 self.assertTrue(ioctl_add(Action.ACTION_FILTER, parg)) 4952 self.assertTrue(ioctl_add(Action.ACTION_FILTER, parg)) 4953 self.assertTrue(ioctl_rem(Action.ACTION_FILTER, parg)) 4954 rules = info()["glob_rules"] 4955 idx = self.find(rules, rule) 4956 self.assertIsNone(idx) 4957 4958 rule = {"act": "Allow", "cap": "create", "pat": path} 4959 self.assertTrue(create_add(Action.ACTION_ALLOW, parg)) 4960 rules = info()["glob_rules"] 4961 idx = self.find(rules, rule) 4962 self.assertEqual(idx, len(rules) - 1) 4963 4964 self.assertTrue(create_del(Action.ACTION_ALLOW, parg)) 4965 rules = info()["glob_rules"] 4966 idx = self.find(rules, rule) 4967 self.assertIsNone(idx) 4968 4969 self.assertTrue(create_add(Action.ACTION_ALLOW, parg)) 4970 self.assertTrue(create_add(Action.ACTION_ALLOW, parg)) 4971 self.assertTrue(create_add(Action.ACTION_ALLOW, parg)) 4972 self.assertTrue(create_rem(Action.ACTION_ALLOW, parg)) 4973 rules = info()["glob_rules"] 4974 idx = self.find(rules, rule) 4975 self.assertIsNone(idx) 4976 4977 rule = {"act": "Deny", "cap": "create", "pat": path} 4978 self.assertTrue(create_add(Action.ACTION_DENY, parg)) 4979 rules = info()["glob_rules"] 4980 idx = self.find(rules, rule) 4981 self.assertEqual(idx, len(rules) - 1) 4982 4983 self.assertTrue(create_del(Action.ACTION_DENY, parg)) 4984 rules = info()["glob_rules"] 4985 idx = self.find(rules, rule) 4986 self.assertIsNone(idx) 4987 4988 self.assertTrue(create_add(Action.ACTION_DENY, parg)) 4989 self.assertTrue(create_add(Action.ACTION_DENY, parg)) 4990 self.assertTrue(create_add(Action.ACTION_DENY, parg)) 4991 self.assertTrue(create_rem(Action.ACTION_DENY, parg)) 4992 rules = info()["glob_rules"] 4993 idx = self.find(rules, rule) 4994 self.assertIsNone(idx) 4995 4996 rule = {"act": "Filter", "cap": "create", "pat": path} 4997 self.assertTrue(create_add(Action.ACTION_FILTER, parg)) 4998 rules = info()["glob_rules"] 4999 idx = self.find(rules, rule) 5000 self.assertEqual(idx, len(rules) - 1) 5001 5002 self.assertTrue(create_del(Action.ACTION_FILTER, parg)) 5003 rules = info()["glob_rules"] 5004 idx = self.find(rules, rule) 5005 self.assertIsNone(idx) 5006 5007 self.assertTrue(create_add(Action.ACTION_FILTER, parg)) 5008 self.assertTrue(create_add(Action.ACTION_FILTER, parg)) 5009 self.assertTrue(create_add(Action.ACTION_FILTER, parg)) 5010 self.assertTrue(create_rem(Action.ACTION_FILTER, parg)) 5011 rules = info()["glob_rules"] 5012 idx = self.find(rules, rule) 5013 self.assertIsNone(idx) 5014 5015 rule = {"act": "Allow", "cap": "delete", "pat": path} 5016 self.assertTrue(delete_add(Action.ACTION_ALLOW, parg)) 5017 rules = info()["glob_rules"] 5018 idx = self.find(rules, rule) 5019 self.assertEqual(idx, len(rules) - 1) 5020 5021 self.assertTrue(delete_del(Action.ACTION_ALLOW, parg)) 5022 rules = info()["glob_rules"] 5023 idx = self.find(rules, rule) 5024 self.assertIsNone(idx) 5025 5026 self.assertTrue(delete_add(Action.ACTION_ALLOW, parg)) 5027 self.assertTrue(delete_add(Action.ACTION_ALLOW, parg)) 5028 self.assertTrue(delete_add(Action.ACTION_ALLOW, parg)) 5029 self.assertTrue(delete_rem(Action.ACTION_ALLOW, parg)) 5030 rules = info()["glob_rules"] 5031 idx = self.find(rules, rule) 5032 self.assertIsNone(idx) 5033 5034 rule = {"act": "Deny", "cap": "delete", "pat": path} 5035 self.assertTrue(delete_add(Action.ACTION_DENY, parg)) 5036 rules = info()["glob_rules"] 5037 idx = self.find(rules, rule) 5038 self.assertEqual(idx, len(rules) - 1) 5039 5040 self.assertTrue(delete_del(Action.ACTION_DENY, parg)) 5041 rules = info()["glob_rules"] 5042 idx = self.find(rules, rule) 5043 self.assertIsNone(idx) 5044 5045 self.assertTrue(delete_add(Action.ACTION_DENY, parg)) 5046 self.assertTrue(delete_add(Action.ACTION_DENY, parg)) 5047 self.assertTrue(delete_add(Action.ACTION_DENY, parg)) 5048 self.assertTrue(delete_rem(Action.ACTION_DENY, parg)) 5049 rules = info()["glob_rules"] 5050 idx = self.find(rules, rule) 5051 self.assertIsNone(idx) 5052 5053 rule = {"act": "Filter", "cap": "delete", "pat": path} 5054 self.assertTrue(delete_add(Action.ACTION_FILTER, parg)) 5055 rules = info()["glob_rules"] 5056 idx = self.find(rules, rule) 5057 self.assertEqual(idx, len(rules) - 1) 5058 5059 self.assertTrue(delete_del(Action.ACTION_FILTER, parg)) 5060 rules = info()["glob_rules"] 5061 idx = self.find(rules, rule) 5062 self.assertIsNone(idx) 5063 5064 self.assertTrue(delete_add(Action.ACTION_FILTER, parg)) 5065 self.assertTrue(delete_add(Action.ACTION_FILTER, parg)) 5066 self.assertTrue(delete_add(Action.ACTION_FILTER, parg)) 5067 self.assertTrue(delete_rem(Action.ACTION_FILTER, parg)) 5068 rules = info()["glob_rules"] 5069 idx = self.find(rules, rule) 5070 self.assertIsNone(idx) 5071 5072 rule = {"act": "Allow", "cap": "rename", "pat": path} 5073 self.assertTrue(rename_add(Action.ACTION_ALLOW, parg)) 5074 rules = info()["glob_rules"] 5075 idx = self.find(rules, rule) 5076 self.assertEqual(idx, len(rules) - 1) 5077 5078 self.assertTrue(rename_del(Action.ACTION_ALLOW, parg)) 5079 rules = info()["glob_rules"] 5080 idx = self.find(rules, rule) 5081 self.assertIsNone(idx) 5082 5083 self.assertTrue(rename_add(Action.ACTION_ALLOW, parg)) 5084 self.assertTrue(rename_add(Action.ACTION_ALLOW, parg)) 5085 self.assertTrue(rename_add(Action.ACTION_ALLOW, parg)) 5086 self.assertTrue(rename_rem(Action.ACTION_ALLOW, parg)) 5087 rules = info()["glob_rules"] 5088 idx = self.find(rules, rule) 5089 self.assertIsNone(idx) 5090 5091 rule = {"act": "Deny", "cap": "rename", "pat": path} 5092 self.assertTrue(rename_add(Action.ACTION_DENY, parg)) 5093 rules = info()["glob_rules"] 5094 idx = self.find(rules, rule) 5095 self.assertEqual(idx, len(rules) - 1) 5096 5097 self.assertTrue(rename_del(Action.ACTION_DENY, parg)) 5098 rules = info()["glob_rules"] 5099 idx = self.find(rules, rule) 5100 self.assertIsNone(idx) 5101 5102 self.assertTrue(rename_add(Action.ACTION_DENY, parg)) 5103 self.assertTrue(rename_add(Action.ACTION_DENY, parg)) 5104 self.assertTrue(rename_add(Action.ACTION_DENY, parg)) 5105 self.assertTrue(rename_rem(Action.ACTION_DENY, parg)) 5106 rules = info()["glob_rules"] 5107 idx = self.find(rules, rule) 5108 self.assertIsNone(idx) 5109 5110 rule = {"act": "Filter", "cap": "rename", "pat": path} 5111 self.assertTrue(rename_add(Action.ACTION_FILTER, parg)) 5112 rules = info()["glob_rules"] 5113 idx = self.find(rules, rule) 5114 self.assertEqual(idx, len(rules) - 1) 5115 5116 self.assertTrue(rename_del(Action.ACTION_FILTER, parg)) 5117 rules = info()["glob_rules"] 5118 idx = self.find(rules, rule) 5119 self.assertIsNone(idx) 5120 5121 self.assertTrue(rename_add(Action.ACTION_FILTER, parg)) 5122 self.assertTrue(rename_add(Action.ACTION_FILTER, parg)) 5123 self.assertTrue(rename_add(Action.ACTION_FILTER, parg)) 5124 self.assertTrue(rename_rem(Action.ACTION_FILTER, parg)) 5125 rules = info()["glob_rules"] 5126 idx = self.find(rules, rule) 5127 self.assertIsNone(idx) 5128 5129 rule = {"act": "Allow", "cap": "symlink", "pat": path} 5130 self.assertTrue(symlink_add(Action.ACTION_ALLOW, parg)) 5131 rules = info()["glob_rules"] 5132 idx = self.find(rules, rule) 5133 self.assertEqual(idx, len(rules) - 1) 5134 5135 self.assertTrue(symlink_del(Action.ACTION_ALLOW, parg)) 5136 rules = info()["glob_rules"] 5137 idx = self.find(rules, rule) 5138 self.assertIsNone(idx) 5139 5140 self.assertTrue(symlink_add(Action.ACTION_ALLOW, parg)) 5141 self.assertTrue(symlink_add(Action.ACTION_ALLOW, parg)) 5142 self.assertTrue(symlink_add(Action.ACTION_ALLOW, parg)) 5143 self.assertTrue(symlink_rem(Action.ACTION_ALLOW, parg)) 5144 rules = info()["glob_rules"] 5145 idx = self.find(rules, rule) 5146 self.assertIsNone(idx) 5147 5148 rule = {"act": "Deny", "cap": "symlink", "pat": path} 5149 self.assertTrue(symlink_add(Action.ACTION_DENY, parg)) 5150 rules = info()["glob_rules"] 5151 idx = self.find(rules, rule) 5152 self.assertEqual(idx, len(rules) - 1) 5153 5154 self.assertTrue(symlink_del(Action.ACTION_DENY, parg)) 5155 rules = info()["glob_rules"] 5156 idx = self.find(rules, rule) 5157 self.assertIsNone(idx) 5158 5159 self.assertTrue(symlink_add(Action.ACTION_DENY, parg)) 5160 self.assertTrue(symlink_add(Action.ACTION_DENY, parg)) 5161 self.assertTrue(symlink_add(Action.ACTION_DENY, parg)) 5162 self.assertTrue(symlink_rem(Action.ACTION_DENY, parg)) 5163 rules = info()["glob_rules"] 5164 idx = self.find(rules, rule) 5165 self.assertIsNone(idx) 5166 5167 rule = {"act": "Filter", "cap": "symlink", "pat": path} 5168 self.assertTrue(symlink_add(Action.ACTION_FILTER, parg)) 5169 rules = info()["glob_rules"] 5170 idx = self.find(rules, rule) 5171 self.assertEqual(idx, len(rules) - 1) 5172 5173 self.assertTrue(symlink_del(Action.ACTION_FILTER, parg)) 5174 rules = info()["glob_rules"] 5175 idx = self.find(rules, rule) 5176 self.assertIsNone(idx) 5177 5178 self.assertTrue(symlink_add(Action.ACTION_FILTER, parg)) 5179 self.assertTrue(symlink_add(Action.ACTION_FILTER, parg)) 5180 self.assertTrue(symlink_add(Action.ACTION_FILTER, parg)) 5181 self.assertTrue(symlink_rem(Action.ACTION_FILTER, parg)) 5182 rules = info()["glob_rules"] 5183 idx = self.find(rules, rule) 5184 self.assertIsNone(idx) 5185 5186 rule = {"act": "Allow", "cap": "truncate", "pat": path} 5187 self.assertTrue(truncate_add(Action.ACTION_ALLOW, parg)) 5188 rules = info()["glob_rules"] 5189 idx = self.find(rules, rule) 5190 self.assertEqual(idx, len(rules) - 1) 5191 5192 self.assertTrue(truncate_del(Action.ACTION_ALLOW, parg)) 5193 rules = info()["glob_rules"] 5194 idx = self.find(rules, rule) 5195 self.assertIsNone(idx) 5196 5197 self.assertTrue(truncate_add(Action.ACTION_ALLOW, parg)) 5198 self.assertTrue(truncate_add(Action.ACTION_ALLOW, parg)) 5199 self.assertTrue(truncate_add(Action.ACTION_ALLOW, parg)) 5200 self.assertTrue(truncate_rem(Action.ACTION_ALLOW, parg)) 5201 rules = info()["glob_rules"] 5202 idx = self.find(rules, rule) 5203 self.assertIsNone(idx) 5204 5205 rule = {"act": "Deny", "cap": "truncate", "pat": path} 5206 self.assertTrue(truncate_add(Action.ACTION_DENY, parg)) 5207 rules = info()["glob_rules"] 5208 idx = self.find(rules, rule) 5209 self.assertEqual(idx, len(rules) - 1) 5210 5211 self.assertTrue(truncate_del(Action.ACTION_DENY, parg)) 5212 rules = info()["glob_rules"] 5213 idx = self.find(rules, rule) 5214 self.assertIsNone(idx) 5215 5216 self.assertTrue(truncate_add(Action.ACTION_DENY, parg)) 5217 self.assertTrue(truncate_add(Action.ACTION_DENY, parg)) 5218 self.assertTrue(truncate_add(Action.ACTION_DENY, parg)) 5219 self.assertTrue(truncate_rem(Action.ACTION_DENY, parg)) 5220 rules = info()["glob_rules"] 5221 idx = self.find(rules, rule) 5222 self.assertIsNone(idx) 5223 5224 rule = {"act": "Filter", "cap": "truncate", "pat": path} 5225 self.assertTrue(truncate_add(Action.ACTION_FILTER, parg)) 5226 rules = info()["glob_rules"] 5227 idx = self.find(rules, rule) 5228 self.assertEqual(idx, len(rules) - 1) 5229 5230 self.assertTrue(truncate_del(Action.ACTION_FILTER, parg)) 5231 rules = info()["glob_rules"] 5232 idx = self.find(rules, rule) 5233 self.assertIsNone(idx) 5234 5235 self.assertTrue(truncate_add(Action.ACTION_FILTER, parg)) 5236 self.assertTrue(truncate_add(Action.ACTION_FILTER, parg)) 5237 self.assertTrue(truncate_add(Action.ACTION_FILTER, parg)) 5238 self.assertTrue(truncate_rem(Action.ACTION_FILTER, parg)) 5239 rules = info()["glob_rules"] 5240 idx = self.find(rules, rule) 5241 self.assertIsNone(idx) 5242 5243 rule = {"act": "Allow", "cap": "chdir", "pat": path} 5244 self.assertTrue(chdir_add(Action.ACTION_ALLOW, parg)) 5245 rules = info()["glob_rules"] 5246 idx = self.find(rules, rule) 5247 self.assertEqual(idx, len(rules) - 1) 5248 5249 self.assertTrue(chdir_del(Action.ACTION_ALLOW, parg)) 5250 rules = info()["glob_rules"] 5251 idx = self.find(rules, rule) 5252 self.assertIsNone(idx) 5253 5254 self.assertTrue(chdir_add(Action.ACTION_ALLOW, parg)) 5255 self.assertTrue(chdir_add(Action.ACTION_ALLOW, parg)) 5256 self.assertTrue(chdir_add(Action.ACTION_ALLOW, parg)) 5257 self.assertTrue(chdir_rem(Action.ACTION_ALLOW, parg)) 5258 rules = info()["glob_rules"] 5259 idx = self.find(rules, rule) 5260 self.assertIsNone(idx) 5261 5262 rule = {"act": "Deny", "cap": "chdir", "pat": path} 5263 self.assertTrue(chdir_add(Action.ACTION_DENY, parg)) 5264 rules = info()["glob_rules"] 5265 idx = self.find(rules, rule) 5266 self.assertEqual(idx, len(rules) - 1) 5267 5268 self.assertTrue(chdir_del(Action.ACTION_DENY, parg)) 5269 rules = info()["glob_rules"] 5270 idx = self.find(rules, rule) 5271 self.assertIsNone(idx) 5272 5273 self.assertTrue(chdir_add(Action.ACTION_DENY, parg)) 5274 self.assertTrue(chdir_add(Action.ACTION_DENY, parg)) 5275 self.assertTrue(chdir_add(Action.ACTION_DENY, parg)) 5276 self.assertTrue(chdir_rem(Action.ACTION_DENY, parg)) 5277 rules = info()["glob_rules"] 5278 idx = self.find(rules, rule) 5279 self.assertIsNone(idx) 5280 5281 rule = {"act": "Filter", "cap": "chdir", "pat": path} 5282 self.assertTrue(chdir_add(Action.ACTION_FILTER, parg)) 5283 rules = info()["glob_rules"] 5284 idx = self.find(rules, rule) 5285 self.assertEqual(idx, len(rules) - 1) 5286 5287 self.assertTrue(chdir_del(Action.ACTION_FILTER, parg)) 5288 rules = info()["glob_rules"] 5289 idx = self.find(rules, rule) 5290 self.assertIsNone(idx) 5291 5292 self.assertTrue(chdir_add(Action.ACTION_FILTER, parg)) 5293 self.assertTrue(chdir_add(Action.ACTION_FILTER, parg)) 5294 self.assertTrue(chdir_add(Action.ACTION_FILTER, parg)) 5295 self.assertTrue(chdir_rem(Action.ACTION_FILTER, parg)) 5296 rules = info()["glob_rules"] 5297 idx = self.find(rules, rule) 5298 self.assertIsNone(idx) 5299 5300 rule = {"act": "Allow", "cap": "readdir", "pat": path} 5301 self.assertTrue(readdir_add(Action.ACTION_ALLOW, parg)) 5302 rules = info()["glob_rules"] 5303 idx = self.find(rules, rule) 5304 self.assertEqual(idx, len(rules) - 1) 5305 5306 self.assertTrue(readdir_del(Action.ACTION_ALLOW, parg)) 5307 rules = info()["glob_rules"] 5308 idx = self.find(rules, rule) 5309 self.assertIsNone(idx) 5310 5311 self.assertTrue(readdir_add(Action.ACTION_ALLOW, parg)) 5312 self.assertTrue(readdir_add(Action.ACTION_ALLOW, parg)) 5313 self.assertTrue(readdir_add(Action.ACTION_ALLOW, parg)) 5314 self.assertTrue(readdir_rem(Action.ACTION_ALLOW, parg)) 5315 rules = info()["glob_rules"] 5316 idx = self.find(rules, rule) 5317 self.assertIsNone(idx) 5318 5319 rule = {"act": "Deny", "cap": "readdir", "pat": path} 5320 self.assertTrue(readdir_add(Action.ACTION_DENY, parg)) 5321 rules = info()["glob_rules"] 5322 idx = self.find(rules, rule) 5323 self.assertEqual(idx, len(rules) - 1) 5324 5325 self.assertTrue(readdir_del(Action.ACTION_DENY, parg)) 5326 rules = info()["glob_rules"] 5327 idx = self.find(rules, rule) 5328 self.assertIsNone(idx) 5329 5330 self.assertTrue(readdir_add(Action.ACTION_DENY, parg)) 5331 self.assertTrue(readdir_add(Action.ACTION_DENY, parg)) 5332 self.assertTrue(readdir_add(Action.ACTION_DENY, parg)) 5333 self.assertTrue(readdir_rem(Action.ACTION_DENY, parg)) 5334 rules = info()["glob_rules"] 5335 idx = self.find(rules, rule) 5336 self.assertIsNone(idx) 5337 5338 rule = {"act": "Filter", "cap": "readdir", "pat": path} 5339 self.assertTrue(readdir_add(Action.ACTION_FILTER, parg)) 5340 rules = info()["glob_rules"] 5341 idx = self.find(rules, rule) 5342 self.assertEqual(idx, len(rules) - 1) 5343 5344 self.assertTrue(readdir_del(Action.ACTION_FILTER, parg)) 5345 rules = info()["glob_rules"] 5346 idx = self.find(rules, rule) 5347 self.assertIsNone(idx) 5348 5349 self.assertTrue(readdir_add(Action.ACTION_FILTER, parg)) 5350 self.assertTrue(readdir_add(Action.ACTION_FILTER, parg)) 5351 self.assertTrue(readdir_add(Action.ACTION_FILTER, parg)) 5352 self.assertTrue(readdir_rem(Action.ACTION_FILTER, parg)) 5353 rules = info()["glob_rules"] 5354 idx = self.find(rules, rule) 5355 self.assertIsNone(idx) 5356 5357 rule = {"act": "Allow", "cap": "mkdir", "pat": path} 5358 self.assertTrue(mkdir_add(Action.ACTION_ALLOW, parg)) 5359 rules = info()["glob_rules"] 5360 idx = self.find(rules, rule) 5361 self.assertEqual(idx, len(rules) - 1) 5362 5363 self.assertTrue(mkdir_del(Action.ACTION_ALLOW, parg)) 5364 rules = info()["glob_rules"] 5365 idx = self.find(rules, rule) 5366 self.assertIsNone(idx) 5367 5368 self.assertTrue(mkdir_add(Action.ACTION_ALLOW, parg)) 5369 self.assertTrue(mkdir_add(Action.ACTION_ALLOW, parg)) 5370 self.assertTrue(mkdir_add(Action.ACTION_ALLOW, parg)) 5371 self.assertTrue(mkdir_rem(Action.ACTION_ALLOW, parg)) 5372 rules = info()["glob_rules"] 5373 idx = self.find(rules, rule) 5374 self.assertIsNone(idx) 5375 5376 rule = {"act": "Deny", "cap": "mkdir", "pat": path} 5377 self.assertTrue(mkdir_add(Action.ACTION_DENY, parg)) 5378 rules = info()["glob_rules"] 5379 idx = self.find(rules, rule) 5380 self.assertEqual(idx, len(rules) - 1) 5381 5382 self.assertTrue(mkdir_del(Action.ACTION_DENY, parg)) 5383 rules = info()["glob_rules"] 5384 idx = self.find(rules, rule) 5385 self.assertIsNone(idx) 5386 5387 self.assertTrue(mkdir_add(Action.ACTION_DENY, parg)) 5388 self.assertTrue(mkdir_add(Action.ACTION_DENY, parg)) 5389 self.assertTrue(mkdir_add(Action.ACTION_DENY, parg)) 5390 self.assertTrue(mkdir_rem(Action.ACTION_DENY, parg)) 5391 rules = info()["glob_rules"] 5392 idx = self.find(rules, rule) 5393 self.assertIsNone(idx) 5394 5395 rule = {"act": "Filter", "cap": "mkdir", "pat": path} 5396 self.assertTrue(mkdir_add(Action.ACTION_FILTER, parg)) 5397 rules = info()["glob_rules"] 5398 idx = self.find(rules, rule) 5399 self.assertEqual(idx, len(rules) - 1) 5400 5401 self.assertTrue(mkdir_del(Action.ACTION_FILTER, parg)) 5402 rules = info()["glob_rules"] 5403 idx = self.find(rules, rule) 5404 self.assertIsNone(idx) 5405 5406 self.assertTrue(mkdir_add(Action.ACTION_FILTER, parg)) 5407 self.assertTrue(mkdir_add(Action.ACTION_FILTER, parg)) 5408 self.assertTrue(mkdir_add(Action.ACTION_FILTER, parg)) 5409 self.assertTrue(mkdir_rem(Action.ACTION_FILTER, parg)) 5410 rules = info()["glob_rules"] 5411 idx = self.find(rules, rule) 5412 self.assertIsNone(idx) 5413 5414 rule = {"act": "Allow", "cap": "rmdir", "pat": path} 5415 self.assertTrue(rmdir_add(Action.ACTION_ALLOW, parg)) 5416 rules = info()["glob_rules"] 5417 idx = self.find(rules, rule) 5418 self.assertEqual(idx, len(rules) - 1) 5419 5420 self.assertTrue(rmdir_del(Action.ACTION_ALLOW, parg)) 5421 rules = info()["glob_rules"] 5422 idx = self.find(rules, rule) 5423 self.assertIsNone(idx) 5424 5425 self.assertTrue(rmdir_add(Action.ACTION_ALLOW, parg)) 5426 self.assertTrue(rmdir_add(Action.ACTION_ALLOW, parg)) 5427 self.assertTrue(rmdir_add(Action.ACTION_ALLOW, parg)) 5428 self.assertTrue(rmdir_rem(Action.ACTION_ALLOW, parg)) 5429 rules = info()["glob_rules"] 5430 idx = self.find(rules, rule) 5431 self.assertIsNone(idx) 5432 5433 rule = {"act": "Deny", "cap": "rmdir", "pat": path} 5434 self.assertTrue(rmdir_add(Action.ACTION_DENY, parg)) 5435 rules = info()["glob_rules"] 5436 idx = self.find(rules, rule) 5437 self.assertEqual(idx, len(rules) - 1) 5438 5439 self.assertTrue(rmdir_del(Action.ACTION_DENY, parg)) 5440 rules = info()["glob_rules"] 5441 idx = self.find(rules, rule) 5442 self.assertIsNone(idx) 5443 5444 self.assertTrue(rmdir_add(Action.ACTION_DENY, parg)) 5445 self.assertTrue(rmdir_add(Action.ACTION_DENY, parg)) 5446 self.assertTrue(rmdir_add(Action.ACTION_DENY, parg)) 5447 self.assertTrue(rmdir_rem(Action.ACTION_DENY, parg)) 5448 rules = info()["glob_rules"] 5449 idx = self.find(rules, rule) 5450 self.assertIsNone(idx) 5451 5452 rule = {"act": "Filter", "cap": "rmdir", "pat": path} 5453 self.assertTrue(rmdir_add(Action.ACTION_FILTER, parg)) 5454 rules = info()["glob_rules"] 5455 idx = self.find(rules, rule) 5456 self.assertEqual(idx, len(rules) - 1) 5457 5458 self.assertTrue(rmdir_del(Action.ACTION_FILTER, parg)) 5459 rules = info()["glob_rules"] 5460 idx = self.find(rules, rule) 5461 self.assertIsNone(idx) 5462 5463 self.assertTrue(rmdir_add(Action.ACTION_FILTER, parg)) 5464 self.assertTrue(rmdir_add(Action.ACTION_FILTER, parg)) 5465 self.assertTrue(rmdir_add(Action.ACTION_FILTER, parg)) 5466 self.assertTrue(rmdir_rem(Action.ACTION_FILTER, parg)) 5467 rules = info()["glob_rules"] 5468 idx = self.find(rules, rule) 5469 self.assertIsNone(idx) 5470 5471 rule = {"act": "Allow", "cap": "chown", "pat": path} 5472 self.assertTrue(chown_add(Action.ACTION_ALLOW, parg)) 5473 rules = info()["glob_rules"] 5474 idx = self.find(rules, rule) 5475 self.assertEqual(idx, len(rules) - 1) 5476 5477 self.assertTrue(chown_del(Action.ACTION_ALLOW, parg)) 5478 rules = info()["glob_rules"] 5479 idx = self.find(rules, rule) 5480 self.assertIsNone(idx) 5481 5482 self.assertTrue(chown_add(Action.ACTION_ALLOW, parg)) 5483 self.assertTrue(chown_add(Action.ACTION_ALLOW, parg)) 5484 self.assertTrue(chown_add(Action.ACTION_ALLOW, parg)) 5485 self.assertTrue(chown_rem(Action.ACTION_ALLOW, parg)) 5486 rules = info()["glob_rules"] 5487 idx = self.find(rules, rule) 5488 self.assertIsNone(idx) 5489 5490 rule = {"act": "Deny", "cap": "chown", "pat": path} 5491 self.assertTrue(chown_add(Action.ACTION_DENY, parg)) 5492 rules = info()["glob_rules"] 5493 idx = self.find(rules, rule) 5494 self.assertEqual(idx, len(rules) - 1) 5495 5496 self.assertTrue(chown_del(Action.ACTION_DENY, parg)) 5497 rules = info()["glob_rules"] 5498 idx = self.find(rules, rule) 5499 self.assertIsNone(idx) 5500 5501 self.assertTrue(chown_add(Action.ACTION_DENY, parg)) 5502 self.assertTrue(chown_add(Action.ACTION_DENY, parg)) 5503 self.assertTrue(chown_add(Action.ACTION_DENY, parg)) 5504 self.assertTrue(chown_rem(Action.ACTION_DENY, parg)) 5505 rules = info()["glob_rules"] 5506 idx = self.find(rules, rule) 5507 self.assertIsNone(idx) 5508 5509 rule = {"act": "Filter", "cap": "chown", "pat": path} 5510 self.assertTrue(chown_add(Action.ACTION_FILTER, parg)) 5511 rules = info()["glob_rules"] 5512 idx = self.find(rules, rule) 5513 self.assertEqual(idx, len(rules) - 1) 5514 5515 self.assertTrue(chown_del(Action.ACTION_FILTER, parg)) 5516 rules = info()["glob_rules"] 5517 idx = self.find(rules, rule) 5518 self.assertIsNone(idx) 5519 5520 self.assertTrue(chown_add(Action.ACTION_FILTER, parg)) 5521 self.assertTrue(chown_add(Action.ACTION_FILTER, parg)) 5522 self.assertTrue(chown_add(Action.ACTION_FILTER, parg)) 5523 self.assertTrue(chown_rem(Action.ACTION_FILTER, parg)) 5524 rules = info()["glob_rules"] 5525 idx = self.find(rules, rule) 5526 self.assertIsNone(idx) 5527 5528 rule = {"act": "Allow", "cap": "chgrp", "pat": path} 5529 self.assertTrue(chgrp_add(Action.ACTION_ALLOW, parg)) 5530 rules = info()["glob_rules"] 5531 idx = self.find(rules, rule) 5532 self.assertEqual(idx, len(rules) - 1) 5533 5534 self.assertTrue(chgrp_del(Action.ACTION_ALLOW, parg)) 5535 rules = info()["glob_rules"] 5536 idx = self.find(rules, rule) 5537 self.assertIsNone(idx) 5538 5539 self.assertTrue(chgrp_add(Action.ACTION_ALLOW, parg)) 5540 self.assertTrue(chgrp_add(Action.ACTION_ALLOW, parg)) 5541 self.assertTrue(chgrp_add(Action.ACTION_ALLOW, parg)) 5542 self.assertTrue(chgrp_rem(Action.ACTION_ALLOW, parg)) 5543 rules = info()["glob_rules"] 5544 idx = self.find(rules, rule) 5545 self.assertIsNone(idx) 5546 5547 rule = {"act": "Deny", "cap": "chgrp", "pat": path} 5548 self.assertTrue(chgrp_add(Action.ACTION_DENY, parg)) 5549 rules = info()["glob_rules"] 5550 idx = self.find(rules, rule) 5551 self.assertEqual(idx, len(rules) - 1) 5552 5553 self.assertTrue(chgrp_del(Action.ACTION_DENY, parg)) 5554 rules = info()["glob_rules"] 5555 idx = self.find(rules, rule) 5556 self.assertIsNone(idx) 5557 5558 self.assertTrue(chgrp_add(Action.ACTION_DENY, parg)) 5559 self.assertTrue(chgrp_add(Action.ACTION_DENY, parg)) 5560 self.assertTrue(chgrp_add(Action.ACTION_DENY, parg)) 5561 self.assertTrue(chgrp_rem(Action.ACTION_DENY, parg)) 5562 rules = info()["glob_rules"] 5563 idx = self.find(rules, rule) 5564 self.assertIsNone(idx) 5565 5566 rule = {"act": "Filter", "cap": "chgrp", "pat": path} 5567 self.assertTrue(chgrp_add(Action.ACTION_FILTER, parg)) 5568 rules = info()["glob_rules"] 5569 idx = self.find(rules, rule) 5570 self.assertEqual(idx, len(rules) - 1) 5571 5572 self.assertTrue(chgrp_del(Action.ACTION_FILTER, parg)) 5573 rules = info()["glob_rules"] 5574 idx = self.find(rules, rule) 5575 self.assertIsNone(idx) 5576 5577 self.assertTrue(chgrp_add(Action.ACTION_FILTER, parg)) 5578 self.assertTrue(chgrp_add(Action.ACTION_FILTER, parg)) 5579 self.assertTrue(chgrp_add(Action.ACTION_FILTER, parg)) 5580 self.assertTrue(chgrp_rem(Action.ACTION_FILTER, parg)) 5581 rules = info()["glob_rules"] 5582 idx = self.find(rules, rule) 5583 self.assertIsNone(idx) 5584 5585 rule = {"act": "Allow", "cap": "chmod", "pat": path} 5586 self.assertTrue(chmod_add(Action.ACTION_ALLOW, parg)) 5587 rules = info()["glob_rules"] 5588 idx = self.find(rules, rule) 5589 self.assertEqual(idx, len(rules) - 1) 5590 5591 self.assertTrue(chmod_del(Action.ACTION_ALLOW, parg)) 5592 rules = info()["glob_rules"] 5593 idx = self.find(rules, rule) 5594 self.assertIsNone(idx) 5595 5596 self.assertTrue(chmod_add(Action.ACTION_ALLOW, parg)) 5597 self.assertTrue(chmod_add(Action.ACTION_ALLOW, parg)) 5598 self.assertTrue(chmod_add(Action.ACTION_ALLOW, parg)) 5599 self.assertTrue(chmod_rem(Action.ACTION_ALLOW, parg)) 5600 rules = info()["glob_rules"] 5601 idx = self.find(rules, rule) 5602 self.assertIsNone(idx) 5603 5604 rule = {"act": "Deny", "cap": "chmod", "pat": path} 5605 self.assertTrue(chmod_add(Action.ACTION_DENY, parg)) 5606 rules = info()["glob_rules"] 5607 idx = self.find(rules, rule) 5608 self.assertEqual(idx, len(rules) - 1) 5609 5610 self.assertTrue(chmod_del(Action.ACTION_DENY, parg)) 5611 rules = info()["glob_rules"] 5612 idx = self.find(rules, rule) 5613 self.assertIsNone(idx) 5614 5615 self.assertTrue(chmod_add(Action.ACTION_DENY, parg)) 5616 self.assertTrue(chmod_add(Action.ACTION_DENY, parg)) 5617 self.assertTrue(chmod_add(Action.ACTION_DENY, parg)) 5618 self.assertTrue(chmod_rem(Action.ACTION_DENY, parg)) 5619 rules = info()["glob_rules"] 5620 idx = self.find(rules, rule) 5621 self.assertIsNone(idx) 5622 5623 rule = {"act": "Filter", "cap": "chmod", "pat": path} 5624 self.assertTrue(chmod_add(Action.ACTION_FILTER, parg)) 5625 rules = info()["glob_rules"] 5626 idx = self.find(rules, rule) 5627 self.assertEqual(idx, len(rules) - 1) 5628 5629 self.assertTrue(chmod_del(Action.ACTION_FILTER, parg)) 5630 rules = info()["glob_rules"] 5631 idx = self.find(rules, rule) 5632 self.assertIsNone(idx) 5633 5634 self.assertTrue(chmod_add(Action.ACTION_FILTER, parg)) 5635 self.assertTrue(chmod_add(Action.ACTION_FILTER, parg)) 5636 self.assertTrue(chmod_add(Action.ACTION_FILTER, parg)) 5637 self.assertTrue(chmod_rem(Action.ACTION_FILTER, parg)) 5638 rules = info()["glob_rules"] 5639 idx = self.find(rules, rule) 5640 self.assertIsNone(idx) 5641 5642 rule = {"act": "Allow", "cap": "chattr", "pat": path} 5643 self.assertTrue(chattr_add(Action.ACTION_ALLOW, parg)) 5644 rules = info()["glob_rules"] 5645 idx = self.find(rules, rule) 5646 self.assertEqual(idx, len(rules) - 1) 5647 5648 self.assertTrue(chattr_del(Action.ACTION_ALLOW, parg)) 5649 rules = info()["glob_rules"] 5650 idx = self.find(rules, rule) 5651 self.assertIsNone(idx) 5652 5653 self.assertTrue(chattr_add(Action.ACTION_ALLOW, parg)) 5654 self.assertTrue(chattr_add(Action.ACTION_ALLOW, parg)) 5655 self.assertTrue(chattr_add(Action.ACTION_ALLOW, parg)) 5656 self.assertTrue(chattr_rem(Action.ACTION_ALLOW, parg)) 5657 rules = info()["glob_rules"] 5658 idx = self.find(rules, rule) 5659 self.assertIsNone(idx) 5660 5661 rule = {"act": "Deny", "cap": "chattr", "pat": path} 5662 self.assertTrue(chattr_add(Action.ACTION_DENY, parg)) 5663 rules = info()["glob_rules"] 5664 idx = self.find(rules, rule) 5665 self.assertEqual(idx, len(rules) - 1) 5666 5667 self.assertTrue(chattr_del(Action.ACTION_DENY, parg)) 5668 rules = info()["glob_rules"] 5669 idx = self.find(rules, rule) 5670 self.assertIsNone(idx) 5671 5672 self.assertTrue(chattr_add(Action.ACTION_DENY, parg)) 5673 self.assertTrue(chattr_add(Action.ACTION_DENY, parg)) 5674 self.assertTrue(chattr_add(Action.ACTION_DENY, parg)) 5675 self.assertTrue(chattr_rem(Action.ACTION_DENY, parg)) 5676 rules = info()["glob_rules"] 5677 idx = self.find(rules, rule) 5678 self.assertIsNone(idx) 5679 5680 rule = {"act": "Filter", "cap": "chattr", "pat": path} 5681 self.assertTrue(chattr_add(Action.ACTION_FILTER, parg)) 5682 rules = info()["glob_rules"] 5683 idx = self.find(rules, rule) 5684 self.assertEqual(idx, len(rules) - 1) 5685 5686 self.assertTrue(chattr_del(Action.ACTION_FILTER, parg)) 5687 rules = info()["glob_rules"] 5688 idx = self.find(rules, rule) 5689 self.assertIsNone(idx) 5690 5691 self.assertTrue(chattr_add(Action.ACTION_FILTER, parg)) 5692 self.assertTrue(chattr_add(Action.ACTION_FILTER, parg)) 5693 self.assertTrue(chattr_add(Action.ACTION_FILTER, parg)) 5694 self.assertTrue(chattr_rem(Action.ACTION_FILTER, parg)) 5695 rules = info()["glob_rules"] 5696 idx = self.find(rules, rule) 5697 self.assertIsNone(idx) 5698 5699 # Chroot is startup only since 3.32.4 5700 # rule = {"act": "Allow", "cap": "chroot", "pat": path} 5701 # self.assertTrue(chroot_add(Action.ACTION_ALLOW, parg)) 5702 # rules = info()["glob_rules"] 5703 # idx = self.find(rules, rule) 5704 # self.assertEqual(idx, len(rules) - 1) 5705 # 5706 # self.assertTrue(chroot_del(Action.ACTION_ALLOW, parg)) 5707 # rules = info()["glob_rules"] 5708 # idx = self.find(rules, rule) 5709 # self.assertIsNone(idx) 5710 # 5711 # self.assertTrue(chroot_add(Action.ACTION_ALLOW, parg)) 5712 # self.assertTrue(chroot_add(Action.ACTION_ALLOW, parg)) 5713 # self.assertTrue(chroot_add(Action.ACTION_ALLOW, parg)) 5714 # self.assertTrue(chroot_rem(Action.ACTION_ALLOW, parg)) 5715 # rules = info()["glob_rules"] 5716 # idx = self.find(rules, rule) 5717 # self.assertIsNone(idx) 5718 # 5719 # rule = {"act": "Deny", "cap": "chroot", "pat": path} 5720 # self.assertTrue(chroot_add(Action.ACTION_DENY, parg)) 5721 # rules = info()["glob_rules"] 5722 # idx = self.find(rules, rule) 5723 # self.assertEqual(idx, len(rules) - 1) 5724 # 5725 # self.assertTrue(chroot_del(Action.ACTION_DENY, parg)) 5726 # rules = info()["glob_rules"] 5727 # idx = self.find(rules, rule) 5728 # self.assertIsNone(idx) 5729 # 5730 # self.assertTrue(chroot_add(Action.ACTION_DENY, parg)) 5731 # self.assertTrue(chroot_add(Action.ACTION_DENY, parg)) 5732 # self.assertTrue(chroot_add(Action.ACTION_DENY, parg)) 5733 # self.assertTrue(chroot_rem(Action.ACTION_DENY, parg)) 5734 # rules = info()["glob_rules"] 5735 # idx = self.find(rules, rule) 5736 # self.assertIsNone(idx) 5737 # 5738 # rule = {"act": "Filter", "cap": "chroot", "pat": path} 5739 # self.assertTrue(chroot_add(Action.ACTION_FILTER, parg)) 5740 # rules = info()["glob_rules"] 5741 # idx = self.find(rules, rule) 5742 # self.assertEqual(idx, len(rules) - 1) 5743 # 5744 # self.assertTrue(chroot_del(Action.ACTION_FILTER, parg)) 5745 # rules = info()["glob_rules"] 5746 # idx = self.find(rules, rule) 5747 # self.assertIsNone(idx) 5748 # 5749 # self.assertTrue(chroot_add(Action.ACTION_FILTER, parg)) 5750 # self.assertTrue(chroot_add(Action.ACTION_FILTER, parg)) 5751 # self.assertTrue(chroot_add(Action.ACTION_FILTER, parg)) 5752 # self.assertTrue(chroot_rem(Action.ACTION_FILTER, parg)) 5753 # rules = info()["glob_rules"] 5754 # idx = self.find(rules, rule) 5755 # self.assertIsNone(idx) 5756 5757 rule = {"act": "Allow", "cap": "utime", "pat": path} 5758 self.assertTrue(utime_add(Action.ACTION_ALLOW, parg)) 5759 rules = info()["glob_rules"] 5760 idx = self.find(rules, rule) 5761 self.assertEqual(idx, len(rules) - 1) 5762 5763 self.assertTrue(utime_del(Action.ACTION_ALLOW, parg)) 5764 rules = info()["glob_rules"] 5765 idx = self.find(rules, rule) 5766 self.assertIsNone(idx) 5767 5768 self.assertTrue(utime_add(Action.ACTION_ALLOW, parg)) 5769 self.assertTrue(utime_add(Action.ACTION_ALLOW, parg)) 5770 self.assertTrue(utime_add(Action.ACTION_ALLOW, parg)) 5771 self.assertTrue(utime_rem(Action.ACTION_ALLOW, parg)) 5772 rules = info()["glob_rules"] 5773 idx = self.find(rules, rule) 5774 self.assertIsNone(idx) 5775 5776 rule = {"act": "Deny", "cap": "utime", "pat": path} 5777 self.assertTrue(utime_add(Action.ACTION_DENY, parg)) 5778 rules = info()["glob_rules"] 5779 idx = self.find(rules, rule) 5780 self.assertEqual(idx, len(rules) - 1) 5781 5782 self.assertTrue(utime_del(Action.ACTION_DENY, parg)) 5783 rules = info()["glob_rules"] 5784 idx = self.find(rules, rule) 5785 self.assertIsNone(idx) 5786 5787 self.assertTrue(utime_add(Action.ACTION_DENY, parg)) 5788 self.assertTrue(utime_add(Action.ACTION_DENY, parg)) 5789 self.assertTrue(utime_add(Action.ACTION_DENY, parg)) 5790 self.assertTrue(utime_rem(Action.ACTION_DENY, parg)) 5791 rules = info()["glob_rules"] 5792 idx = self.find(rules, rule) 5793 self.assertIsNone(idx) 5794 5795 rule = {"act": "Filter", "cap": "utime", "pat": path} 5796 self.assertTrue(utime_add(Action.ACTION_FILTER, parg)) 5797 rules = info()["glob_rules"] 5798 idx = self.find(rules, rule) 5799 self.assertEqual(idx, len(rules) - 1) 5800 5801 self.assertTrue(utime_del(Action.ACTION_FILTER, parg)) 5802 rules = info()["glob_rules"] 5803 idx = self.find(rules, rule) 5804 self.assertIsNone(idx) 5805 5806 self.assertTrue(utime_add(Action.ACTION_FILTER, parg)) 5807 self.assertTrue(utime_add(Action.ACTION_FILTER, parg)) 5808 self.assertTrue(utime_add(Action.ACTION_FILTER, parg)) 5809 self.assertTrue(utime_rem(Action.ACTION_FILTER, parg)) 5810 rules = info()["glob_rules"] 5811 idx = self.find(rules, rule) 5812 self.assertIsNone(idx) 5813 5814 rule = {"act": "Allow", "cap": "mkdev", "pat": path} 5815 self.assertTrue(mkdev_add(Action.ACTION_ALLOW, parg)) 5816 rules = info()["glob_rules"] 5817 idx = self.find(rules, rule) 5818 self.assertEqual(idx, len(rules) - 1) 5819 5820 self.assertTrue(mkdev_del(Action.ACTION_ALLOW, parg)) 5821 rules = info()["glob_rules"] 5822 idx = self.find(rules, rule) 5823 self.assertIsNone(idx) 5824 5825 self.assertTrue(mkdev_add(Action.ACTION_ALLOW, parg)) 5826 self.assertTrue(mkdev_add(Action.ACTION_ALLOW, parg)) 5827 self.assertTrue(mkdev_add(Action.ACTION_ALLOW, parg)) 5828 self.assertTrue(mkdev_rem(Action.ACTION_ALLOW, parg)) 5829 rules = info()["glob_rules"] 5830 idx = self.find(rules, rule) 5831 self.assertIsNone(idx) 5832 5833 rule = {"act": "Deny", "cap": "mkdev", "pat": path} 5834 self.assertTrue(mkdev_add(Action.ACTION_DENY, parg)) 5835 rules = info()["glob_rules"] 5836 idx = self.find(rules, rule) 5837 self.assertEqual(idx, len(rules) - 1) 5838 5839 self.assertTrue(mkdev_del(Action.ACTION_DENY, parg)) 5840 rules = info()["glob_rules"] 5841 idx = self.find(rules, rule) 5842 self.assertIsNone(idx) 5843 5844 self.assertTrue(mkdev_add(Action.ACTION_DENY, parg)) 5845 self.assertTrue(mkdev_add(Action.ACTION_DENY, parg)) 5846 self.assertTrue(mkdev_add(Action.ACTION_DENY, parg)) 5847 self.assertTrue(mkdev_rem(Action.ACTION_DENY, parg)) 5848 rules = info()["glob_rules"] 5849 idx = self.find(rules, rule) 5850 self.assertIsNone(idx) 5851 5852 rule = {"act": "Filter", "cap": "mkdev", "pat": path} 5853 self.assertTrue(mkdev_add(Action.ACTION_FILTER, parg)) 5854 rules = info()["glob_rules"] 5855 idx = self.find(rules, rule) 5856 self.assertEqual(idx, len(rules) - 1) 5857 5858 self.assertTrue(mkdev_del(Action.ACTION_FILTER, parg)) 5859 rules = info()["glob_rules"] 5860 idx = self.find(rules, rule) 5861 self.assertIsNone(idx) 5862 5863 self.assertTrue(mkdev_add(Action.ACTION_FILTER, parg)) 5864 self.assertTrue(mkdev_add(Action.ACTION_FILTER, parg)) 5865 self.assertTrue(mkdev_add(Action.ACTION_FILTER, parg)) 5866 self.assertTrue(mkdev_rem(Action.ACTION_FILTER, parg)) 5867 rules = info()["glob_rules"] 5868 idx = self.find(rules, rule) 5869 self.assertIsNone(idx) 5870 5871 rule = {"act": "Allow", "cap": "mkfifo", "pat": path} 5872 self.assertTrue(mkfifo_add(Action.ACTION_ALLOW, parg)) 5873 rules = info()["glob_rules"] 5874 idx = self.find(rules, rule) 5875 self.assertEqual(idx, len(rules) - 1) 5876 5877 self.assertTrue(mkfifo_del(Action.ACTION_ALLOW, parg)) 5878 rules = info()["glob_rules"] 5879 idx = self.find(rules, rule) 5880 self.assertIsNone(idx) 5881 5882 self.assertTrue(mkfifo_add(Action.ACTION_ALLOW, parg)) 5883 self.assertTrue(mkfifo_add(Action.ACTION_ALLOW, parg)) 5884 self.assertTrue(mkfifo_add(Action.ACTION_ALLOW, parg)) 5885 self.assertTrue(mkfifo_rem(Action.ACTION_ALLOW, parg)) 5886 rules = info()["glob_rules"] 5887 idx = self.find(rules, rule) 5888 self.assertIsNone(idx) 5889 5890 rule = {"act": "Deny", "cap": "mkfifo", "pat": path} 5891 self.assertTrue(mkfifo_add(Action.ACTION_DENY, parg)) 5892 rules = info()["glob_rules"] 5893 idx = self.find(rules, rule) 5894 self.assertEqual(idx, len(rules) - 1) 5895 5896 self.assertTrue(mkfifo_del(Action.ACTION_DENY, parg)) 5897 rules = info()["glob_rules"] 5898 idx = self.find(rules, rule) 5899 self.assertIsNone(idx) 5900 5901 self.assertTrue(mkfifo_add(Action.ACTION_DENY, parg)) 5902 self.assertTrue(mkfifo_add(Action.ACTION_DENY, parg)) 5903 self.assertTrue(mkfifo_add(Action.ACTION_DENY, parg)) 5904 self.assertTrue(mkfifo_rem(Action.ACTION_DENY, parg)) 5905 rules = info()["glob_rules"] 5906 idx = self.find(rules, rule) 5907 self.assertIsNone(idx) 5908 5909 rule = {"act": "Filter", "cap": "mkfifo", "pat": path} 5910 self.assertTrue(mkfifo_add(Action.ACTION_FILTER, parg)) 5911 rules = info()["glob_rules"] 5912 idx = self.find(rules, rule) 5913 self.assertEqual(idx, len(rules) - 1) 5914 5915 self.assertTrue(mkfifo_del(Action.ACTION_FILTER, parg)) 5916 rules = info()["glob_rules"] 5917 idx = self.find(rules, rule) 5918 self.assertIsNone(idx) 5919 5920 self.assertTrue(mkfifo_add(Action.ACTION_FILTER, parg)) 5921 self.assertTrue(mkfifo_add(Action.ACTION_FILTER, parg)) 5922 self.assertTrue(mkfifo_add(Action.ACTION_FILTER, parg)) 5923 self.assertTrue(mkfifo_rem(Action.ACTION_FILTER, parg)) 5924 rules = info()["glob_rules"] 5925 idx = self.find(rules, rule) 5926 self.assertIsNone(idx) 5927 5928 rule = {"act": "Allow", "cap": "mktemp", "pat": path} 5929 self.assertTrue(mktemp_add(Action.ACTION_ALLOW, parg)) 5930 rules = info()["glob_rules"] 5931 idx = self.find(rules, rule) 5932 self.assertEqual(idx, len(rules) - 1) 5933 5934 self.assertTrue(mktemp_del(Action.ACTION_ALLOW, parg)) 5935 rules = info()["glob_rules"] 5936 idx = self.find(rules, rule) 5937 self.assertIsNone(idx) 5938 5939 self.assertTrue(mktemp_add(Action.ACTION_ALLOW, parg)) 5940 self.assertTrue(mktemp_add(Action.ACTION_ALLOW, parg)) 5941 self.assertTrue(mktemp_add(Action.ACTION_ALLOW, parg)) 5942 self.assertTrue(mktemp_rem(Action.ACTION_ALLOW, parg)) 5943 rules = info()["glob_rules"] 5944 idx = self.find(rules, rule) 5945 self.assertIsNone(idx) 5946 5947 rule = {"act": "Deny", "cap": "mktemp", "pat": path} 5948 self.assertTrue(mktemp_add(Action.ACTION_DENY, parg)) 5949 rules = info()["glob_rules"] 5950 idx = self.find(rules, rule) 5951 self.assertEqual(idx, len(rules) - 1) 5952 5953 self.assertTrue(mktemp_del(Action.ACTION_DENY, parg)) 5954 rules = info()["glob_rules"] 5955 idx = self.find(rules, rule) 5956 self.assertIsNone(idx) 5957 5958 self.assertTrue(mktemp_add(Action.ACTION_DENY, parg)) 5959 self.assertTrue(mktemp_add(Action.ACTION_DENY, parg)) 5960 self.assertTrue(mktemp_add(Action.ACTION_DENY, parg)) 5961 self.assertTrue(mktemp_rem(Action.ACTION_DENY, parg)) 5962 rules = info()["glob_rules"] 5963 idx = self.find(rules, rule) 5964 self.assertIsNone(idx) 5965 5966 rule = {"act": "Filter", "cap": "mktemp", "pat": path} 5967 self.assertTrue(mktemp_add(Action.ACTION_FILTER, parg)) 5968 rules = info()["glob_rules"] 5969 idx = self.find(rules, rule) 5970 self.assertEqual(idx, len(rules) - 1) 5971 5972 self.assertTrue(mktemp_del(Action.ACTION_FILTER, parg)) 5973 rules = info()["glob_rules"] 5974 idx = self.find(rules, rule) 5975 self.assertIsNone(idx) 5976 5977 self.assertTrue(mktemp_add(Action.ACTION_FILTER, parg)) 5978 self.assertTrue(mktemp_add(Action.ACTION_FILTER, parg)) 5979 self.assertTrue(mktemp_add(Action.ACTION_FILTER, parg)) 5980 self.assertTrue(mktemp_rem(Action.ACTION_FILTER, parg)) 5981 rules = info()["glob_rules"] 5982 idx = self.find(rules, rule) 5983 self.assertIsNone(idx) 5984 5985 rule = {"act": "Allow", "cap": "net/sendfd", "pat": path} 5986 self.assertTrue(net_sendfd_add(Action.ACTION_ALLOW, parg)) 5987 rules = info()["glob_rules"] 5988 idx = self.find(rules, rule) 5989 self.assertEqual(idx, len(rules) - 1) 5990 5991 self.assertTrue(net_sendfd_del(Action.ACTION_ALLOW, parg)) 5992 rules = info()["glob_rules"] 5993 idx = self.find(rules, rule) 5994 self.assertIsNone(idx) 5995 5996 self.assertTrue(net_sendfd_add(Action.ACTION_ALLOW, parg)) 5997 self.assertTrue(net_sendfd_add(Action.ACTION_ALLOW, parg)) 5998 self.assertTrue(net_sendfd_add(Action.ACTION_ALLOW, parg)) 5999 self.assertTrue(net_sendfd_rem(Action.ACTION_ALLOW, parg)) 6000 rules = info()["glob_rules"] 6001 idx = self.find(rules, rule) 6002 self.assertIsNone(idx) 6003 6004 rule = {"act": "Deny", "cap": "net/sendfd", "pat": path} 6005 self.assertTrue(net_sendfd_add(Action.ACTION_DENY, parg)) 6006 rules = info()["glob_rules"] 6007 idx = self.find(rules, rule) 6008 self.assertEqual(idx, len(rules) - 1) 6009 6010 self.assertTrue(net_sendfd_del(Action.ACTION_DENY, parg)) 6011 rules = info()["glob_rules"] 6012 idx = self.find(rules, rule) 6013 self.assertIsNone(idx) 6014 6015 self.assertTrue(net_sendfd_add(Action.ACTION_DENY, parg)) 6016 self.assertTrue(net_sendfd_add(Action.ACTION_DENY, parg)) 6017 self.assertTrue(net_sendfd_add(Action.ACTION_DENY, parg)) 6018 self.assertTrue(net_sendfd_rem(Action.ACTION_DENY, parg)) 6019 rules = info()["glob_rules"] 6020 idx = self.find(rules, rule) 6021 self.assertIsNone(idx) 6022 6023 rule = {"act": "Filter", "cap": "net/sendfd", "pat": path} 6024 self.assertTrue(net_sendfd_add(Action.ACTION_FILTER, parg)) 6025 rules = info()["glob_rules"] 6026 idx = self.find(rules, rule) 6027 self.assertEqual(idx, len(rules) - 1) 6028 6029 self.assertTrue(net_sendfd_del(Action.ACTION_FILTER, parg)) 6030 rules = info()["glob_rules"] 6031 idx = self.find(rules, rule) 6032 self.assertIsNone(idx) 6033 6034 self.assertTrue(net_sendfd_add(Action.ACTION_FILTER, parg)) 6035 self.assertTrue(net_sendfd_add(Action.ACTION_FILTER, parg)) 6036 self.assertTrue(net_sendfd_add(Action.ACTION_FILTER, parg)) 6037 self.assertTrue(net_sendfd_rem(Action.ACTION_FILTER, parg)) 6038 rules = info()["glob_rules"] 6039 idx = self.find(rules, rule) 6040 self.assertIsNone(idx) 6041 6042 def test_05_addr(self): 6043 host = "127.3.1.4/8" 6044 port = 16 6045 addr = f"{host}!{port}" 6046 aarg = addr.encode("utf-8") 6047 6048 rule = { 6049 "act": "Allow", 6050 "cap": "net/bind", 6051 "pat": {"addr": host, "port": port}, 6052 } 6053 self.assertTrue(net_bind_add(Action.ACTION_ALLOW, aarg)) 6054 rules = info()["cidr_rules"] 6055 idx = self.find(rules, rule) 6056 self.assertEqual(idx, len(rules) - 1) 6057 6058 self.assertTrue(net_bind_del(Action.ACTION_ALLOW, aarg)) 6059 rules = info()["cidr_rules"] 6060 idx = self.find(rules, rule) 6061 self.assertIsNone(idx) 6062 6063 self.assertTrue(net_bind_add(Action.ACTION_ALLOW, aarg)) 6064 self.assertTrue(net_bind_add(Action.ACTION_ALLOW, aarg)) 6065 self.assertTrue(net_bind_add(Action.ACTION_ALLOW, aarg)) 6066 self.assertTrue(net_bind_rem(Action.ACTION_ALLOW, aarg)) 6067 idx = self.find(rules, rule) 6068 self.assertIsNone(idx) 6069 6070 rule = { 6071 "act": "Deny", 6072 "cap": "net/bind", 6073 "pat": {"addr": host, "port": port}, 6074 } 6075 self.assertTrue(net_bind_add(Action.ACTION_DENY, aarg)) 6076 rules = info()["cidr_rules"] 6077 idx = self.find(rules, rule) 6078 self.assertEqual(idx, len(rules) - 1) 6079 6080 self.assertTrue(net_bind_del(Action.ACTION_DENY, aarg)) 6081 rules = info()["cidr_rules"] 6082 idx = self.find(rules, rule) 6083 self.assertIsNone(idx) 6084 6085 self.assertTrue(net_bind_add(Action.ACTION_DENY, aarg)) 6086 self.assertTrue(net_bind_add(Action.ACTION_DENY, aarg)) 6087 self.assertTrue(net_bind_add(Action.ACTION_DENY, aarg)) 6088 self.assertTrue(net_bind_rem(Action.ACTION_DENY, aarg)) 6089 idx = self.find(rules, rule) 6090 self.assertIsNone(idx) 6091 6092 rule = { 6093 "act": "Filter", 6094 "cap": "net/bind", 6095 "pat": {"addr": host, "port": port}, 6096 } 6097 self.assertTrue(net_bind_add(Action.ACTION_FILTER, aarg)) 6098 rules = info()["cidr_rules"] 6099 idx = self.find(rules, rule) 6100 self.assertEqual(idx, len(rules) - 1) 6101 6102 self.assertTrue(net_bind_del(Action.ACTION_FILTER, aarg)) 6103 rules = info()["cidr_rules"] 6104 idx = self.find(rules, rule) 6105 self.assertIsNone(idx) 6106 6107 self.assertTrue(net_bind_add(Action.ACTION_FILTER, aarg)) 6108 self.assertTrue(net_bind_add(Action.ACTION_FILTER, aarg)) 6109 self.assertTrue(net_bind_add(Action.ACTION_FILTER, aarg)) 6110 self.assertTrue(net_bind_rem(Action.ACTION_FILTER, aarg)) 6111 idx = self.find(rules, rule) 6112 self.assertIsNone(idx) 6113 6114 rule = { 6115 "act": "Allow", 6116 "cap": "net/connect", 6117 "pat": {"addr": host, "port": port}, 6118 } 6119 self.assertTrue(net_connect_add(Action.ACTION_ALLOW, aarg)) 6120 rules = info()["cidr_rules"] 6121 idx = self.find(rules, rule) 6122 self.assertEqual(idx, len(rules) - 1) 6123 6124 self.assertTrue(net_connect_del(Action.ACTION_ALLOW, aarg)) 6125 rules = info()["cidr_rules"] 6126 idx = self.find(rules, rule) 6127 self.assertIsNone(idx) 6128 6129 self.assertTrue(net_connect_add(Action.ACTION_ALLOW, aarg)) 6130 self.assertTrue(net_connect_add(Action.ACTION_ALLOW, aarg)) 6131 self.assertTrue(net_connect_add(Action.ACTION_ALLOW, aarg)) 6132 self.assertTrue(net_connect_rem(Action.ACTION_ALLOW, aarg)) 6133 idx = self.find(rules, rule) 6134 self.assertIsNone(idx) 6135 6136 rule = { 6137 "act": "Deny", 6138 "cap": "net/connect", 6139 "pat": {"addr": host, "port": port}, 6140 } 6141 self.assertTrue(net_connect_add(Action.ACTION_DENY, aarg)) 6142 rules = info()["cidr_rules"] 6143 idx = self.find(rules, rule) 6144 self.assertEqual(idx, len(rules) - 1) 6145 6146 self.assertTrue(net_connect_del(Action.ACTION_DENY, aarg)) 6147 rules = info()["cidr_rules"] 6148 idx = self.find(rules, rule) 6149 self.assertIsNone(idx) 6150 6151 self.assertTrue(net_connect_add(Action.ACTION_DENY, aarg)) 6152 self.assertTrue(net_connect_add(Action.ACTION_DENY, aarg)) 6153 self.assertTrue(net_connect_add(Action.ACTION_DENY, aarg)) 6154 self.assertTrue(net_connect_rem(Action.ACTION_DENY, aarg)) 6155 idx = self.find(rules, rule) 6156 self.assertIsNone(idx) 6157 6158 rule = { 6159 "act": "Filter", 6160 "cap": "net/connect", 6161 "pat": {"addr": host, "port": port}, 6162 } 6163 self.assertTrue(net_connect_add(Action.ACTION_FILTER, aarg)) 6164 rules = info()["cidr_rules"] 6165 idx = self.find(rules, rule) 6166 self.assertEqual(idx, len(rules) - 1) 6167 6168 self.assertTrue(net_connect_del(Action.ACTION_FILTER, aarg)) 6169 rules = info()["cidr_rules"] 6170 idx = self.find(rules, rule) 6171 self.assertIsNone(idx) 6172 6173 self.assertTrue(net_connect_add(Action.ACTION_FILTER, aarg)) 6174 self.assertTrue(net_connect_add(Action.ACTION_FILTER, aarg)) 6175 self.assertTrue(net_connect_add(Action.ACTION_FILTER, aarg)) 6176 self.assertTrue(net_connect_rem(Action.ACTION_FILTER, aarg)) 6177 idx = self.find(rules, rule) 6178 self.assertIsNone(idx) 6179 6180 def test_06_ioctl(self): 6181 self.assertTrue(ioctl_deny(0xDEADCA11)) 6182 6183 def test_07_force(self): 6184 sha = "0" * 128 6185 path = "/tmp/pysyd" 6186 parg = path.encode("utf-8") 6187 rule = {"act": "Kill", "sha": sha, "pat": path} 6188 6189 self.assertTrue(force_add(parg, sha, Action.ACTION_KILL)) 6190 rules = info()["force_rules"] 6191 idx = self.find(rules, rule) 6192 self.assertIsNotNone(idx) 6193 6194 self.assertTrue(force_del(parg)) 6195 rules = info()["force_rules"] 6196 idx = self.find(rules, rule) 6197 self.assertIsNone(idx) 6198 6199 self.assertTrue( 6200 force_add(f"{path}_1".encode("utf-8"), sha, Action.ACTION_WARN) 6201 ) 6202 self.assertTrue( 6203 force_add(f"{path}_2".encode("utf-8"), sha, Action.ACTION_KILL) 6204 ) 6205 self.assertTrue(force_clr()) 6206 rules = info()["force_rules"] 6207 self.assertFalse(rules) 6208 6209 def test_08_segvguard(self): 6210 segvguard_expiry_orig = info()["segvguard_expiry"] 6211 with self.assertRaises(ValueError): 6212 segvguard_expiry(-1) 6213 self.assertTrue(segvguard_expiry(4096)) 6214 self.assertEqual(info()["segvguard_expiry"], 4096) 6215 self.assertTrue(segvguard_expiry(8192)) 6216 self.assertEqual(info()["segvguard_expiry"], 8192) 6217 segvguard_expiry(segvguard_expiry_orig) 6218 6219 segvguard_suspension_orig = info()["segvguard_suspension"] 6220 with self.assertRaises(ValueError): 6221 segvguard_suspension(-1) 6222 self.assertTrue(segvguard_suspension(4096)) 6223 self.assertEqual(info()["segvguard_suspension"], 4096) 6224 self.assertTrue(segvguard_suspension(8192)) 6225 self.assertEqual(info()["segvguard_suspension"], 8192) 6226 segvguard_suspension(segvguard_suspension_orig) 6227 6228 segvguard_maxcrashes_orig = info()["segvguard_maxcrashes"] 6229 with self.assertRaises(ValueError): 6230 segvguard_maxcrashes(-1) 6231 self.assertTrue(segvguard_maxcrashes(40)) 6232 self.assertEqual(info()["segvguard_maxcrashes"], 40) 6233 self.assertTrue(segvguard_maxcrashes(81)) 6234 self.assertEqual(info()["segvguard_maxcrashes"], 81) 6235 segvguard_maxcrashes(segvguard_maxcrashes_orig) 6236 6237 def test_09_exec(self): 6238 with tempfile.TemporaryDirectory() as temp_dir: 6239 # Path to the temporary file 6240 temp_file = os.path.join(temp_dir, "file") 6241 6242 # Prepare command and arguments 6243 file = b"/bin/sh" 6244 argv = [b"-c", b'echo 42 > "' + temp_file.encode() + b'"'] 6245 6246 # Call syd_exec 6247 self.assertTrue(exec(file, argv)) 6248 6249 # Wait for syd to execute the process. 6250 time.sleep(3) 6251 6252 # Assert the contents of the file 6253 with open(temp_file, "r") as f: 6254 contents = f.read().strip() 6255 self.assertEqual(contents, "42") 6256 6257 def test_10_load(self): 6258 with tempfile.TemporaryFile() as temp_file: 6259 temp_file.write( 6260 b""" 6261pid/max:77 6262""" 6263 ) 6264 temp_file.seek(0) 6265 load(temp_file.fileno()) 6266 self.assertEqual(77, info()["pid_max"]) 6267 6268 # This _must_ be the final test, 6269 # because it locks the sandbox!! 6270 def test_11_lock(self): 6271 self.assertTrue(lock(LockState.LOCK_OFF)) 6272 self.assertTrue(lock(LockState.LOCK_EXEC)) 6273 self.assertTrue(lock(LockState.LOCK_ON)) 6274 6275 with self.assertRaises(OSError) as cm: 6276 lock(LockState.LOCK_OFF) 6277 self.assertEqual(cm.exception.errno, errno.ENOENT) 6278 6279 with self.assertRaises(OSError) as cm: 6280 lock(LockState.LOCK_EXEC) 6281 self.assertEqual(cm.exception.errno, errno.ENOENT) 6282 6283 with self.assertRaises(OSError) as cm: 6284 lock(LockState.LOCK_ON) 6285 self.assertEqual(cm.exception.errno, errno.ENOENT) 6286 6287 unittest.main(verbosity=2)
@enum.unique
class
Action289@enum.unique 290class Action(enum.Enum): 291 """ 292 Enum for representing actions for sandboxing: 293 294 - ALLOW: Allow system call. 295 - WARN: Allow system call and warn. 296 - FILTER: Deny system call silently. 297 - DENY: Deny system call and warn. 298 - PANIC: Deny system call, warn and panic the current Syd thread. 299 - STOP: Deny system call, warn and stop offending process. 300 - ABORT: Deny system call, warn and abort offending process. 301 - KILL: Deny system call, warn and kill offending process. 302 - EXIT: Warn, and exit Syd immediately with deny errno as exit value. 303 """ 304 305 ACTION_ALLOW = 0 306 ACTION_WARN = 1 307 ACTION_FILTER = 2 308 ACTION_DENY = 3 309 ACTION_PANIC = 4 310 ACTION_STOP = 5 311 ACTION_ABORT = 6 312 ACTION_KILL = 7 313 ACTION_EXIT = 8
Enum for representing actions for sandboxing:
- ALLOW: Allow system call.
- WARN: Allow system call and warn.
- FILTER: Deny system call silently.
- DENY: Deny system call and warn.
- PANIC: Deny system call, warn and panic the current Syd thread.
- STOP: Deny system call, warn and stop offending process.
- ABORT: Deny system call, warn and abort offending process.
- KILL: Deny system call, warn and kill offending process.
- EXIT: Warn, and exit Syd immediately with deny errno as exit value.
ACTION_ALLOW =
<Action.ACTION_ALLOW: 0>
ACTION_WARN =
<Action.ACTION_WARN: 1>
ACTION_FILTER =
<Action.ACTION_FILTER: 2>
ACTION_DENY =
<Action.ACTION_DENY: 3>
ACTION_PANIC =
<Action.ACTION_PANIC: 4>
ACTION_STOP =
<Action.ACTION_STOP: 5>
ACTION_ABORT =
<Action.ACTION_ABORT: 6>
ACTION_KILL =
<Action.ACTION_KILL: 7>
ACTION_EXIT =
<Action.ACTION_EXIT: 8>
@enum.unique
class
LockState316@enum.unique 317class LockState(enum.Enum): 318 """ 319 Enum for representing the sandbox lock states: 320 321 - LOCK_OFF: The sandbox lock is off, allowing all sandbox commands. 322 - LOCK_EXEC: The sandbox lock is set to on for all processes except 323 the initial process (syd exec child). This is the default state. 324 - LOCK_ON: The sandbox lock is on, disallowing all sandbox commands. 325 """ 326 327 LOCK_OFF = 0 328 LOCK_EXEC = 1 329 LOCK_ON = 2
Enum for representing the sandbox lock states:
- LOCK_OFF: The sandbox lock is off, allowing all sandbox commands.
- LOCK_EXEC: The sandbox lock is set to on for all processes except the initial process (syd exec child). This is the default state.
- LOCK_ON: The sandbox lock is on, disallowing all sandbox commands.
LOCK_OFF =
<LockState.LOCK_OFF: 0>
LOCK_EXEC =
<LockState.LOCK_EXEC: 1>
LOCK_ON =
<LockState.LOCK_ON: 2>
def
info() -> dict:
349def info() -> dict: 350 """ 351 Reads the state of the syd sandbox from /dev/syd and returns it 352 as a JSON object. 353 354 This function opens the special file /dev/syd, which contains the 355 current state of the syd sandbox in JSON format, and then parses 356 and returns this state as a Python dictionary. 357 358 # Returns 359 dict: The current state of the syd sandbox. 360 361 # Raises 362 - OSError: If the file /dev/syd cannot be opened. 363 - JSONDecodeError: If the content of /dev/syd is not valid JSON. 364 """ 365 with open("/dev/syd") as f: 366 return json.load(f)
Reads the state of the syd sandbox from /dev/syd and returns it as a JSON object.
This function opens the special file /dev/syd, which contains the current state of the syd sandbox in JSON format, and then parses and returns this state as a Python dictionary.
Returns
dict: The current state of the syd sandbox.
Raises
- OSError: If the file /dev/syd cannot be opened.
- JSONDecodeError: If the content of /dev/syd is not valid JSON.
def
check() -> bool:
384def check() -> bool: 385 """ 386 Performs an lstat system call on the file "/dev/syd". 387 388 # Returns 389 bool: True on successful operation, or raises an OSError on failure. 390 """ 391 return check_return(libsyd.syd_check())
Performs an lstat system call on the file "/dev/syd".
Returns
bool: True on successful operation, or raises an OSError on failure.
def
api() -> int:
369def api() -> int: 370 """ 371 Performs a syd API check 372 The caller is advised to perform this check before 373 calling any other syd API calls. 374 375 # Returns 376 int: API number on successful operation, or raises an OSError on failure. 377 """ 378 api = libsyd.syd_api() 379 if api < 0: 380 raise OSError(-api, os.strerror(-api)) 381 return api
Performs a syd API check The caller is advised to perform this check before calling any other syd API calls.
Returns
int: API number on successful operation, or raises an OSError on failure.
def
panic() -> bool:
394def panic() -> bool: 395 """ 396 Causes syd to exit immediately with code 127. 397 398 # Returns 399 bool: True on successful operation, or raises an OSError on failure. 400 """ 401 return check_return(libsyd.syd_panic())
Causes syd to exit immediately with code 127.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
reset() -> bool:
404def reset() -> bool: 405 """ 406 Causes syd to reset sandboxing to the default state. 407 Allowlists, denylists and filters are going to be cleared. 408 409 # Returns 410 bool: True on successful operation, or raises an OSError on failure. 411 """ 412 return check_return(libsyd.syd_reset())
Causes syd to reset sandboxing to the default state. Allowlists, denylists and filters are going to be cleared.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
load(fd: int) -> bool:
415def load(fd: int) -> bool: 416 """ 417 Causes syd to read configuration from the given file descriptor. 418 419 # Returns 420 bool: True on successful operation, or raises an OSError on failure. 421 """ 422 return check_return(libsyd.syd_load(fd))
Causes syd to read configuration from the given file descriptor.
Returns
bool: True on successful operation, or raises an OSError on failure.
425def lock(state: LockState) -> bool: 426 """ 427 Sets the state of the sandbox lock. 428 429 # Parameters 430 - state (LockState): The desired state of the sandbox lock, as 431 defined by the `LockState` enum. 432 433 # Returns 434 - bool: True on successful operation, or raises an OSError on failure. 435 """ 436 return check_return(libsyd.syd_lock(state.value))
Sets the state of the sandbox lock.
Parameters
- state (LockState): The desired state of the sandbox lock, as
defined by the
LockStateenum.
Returns
- bool: True on successful operation, or raises an OSError on failure.
def
exec(file: bytes, argv: List[bytes]) -> bool:
439def exec(file: bytes, argv: List[bytes]) -> bool: 440 """ 441 Execute a command outside the sandbox without sandboxing 442 443 # Parameters 444 - file (bytes): The file path of the command to be executed, as bytes. 445 - argv (List[bytes]): The arguments to the command, as a list of bytes. 446 447 # Returns 448 bool: True on successful operation, or raises an OSError on failure. 449 """ 450 argv_array = ( 451 ctypes.c_char_p * (len(argv) + 1) 452 )() # Array of strings, null-terminated 453 argv_array[:-1] = [arg for arg in argv] 454 argv_array[-1] = None # Null-terminate the array 455 456 return check_return(libsyd.syd_exec(file, argv_array))
Execute a command outside the sandbox without sandboxing
Parameters
- file (bytes): The file path of the command to be executed, as bytes.
- argv (List[bytes]): The arguments to the command, as a list of bytes.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
enable_stat() -> bool:
459def enable_stat() -> bool: 460 """ 461 Enables stat sandboxing. 462 463 # Returns 464 bool: True on successful operation, or raises OSError on failure. 465 """ 466 return check_return(libsyd.syd_enable_stat())
Enables stat sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_stat() -> bool:
469def disable_stat() -> bool: 470 """ 471 Disables stat sandboxing. 472 473 # Returns 474 bool: True on successful operation, or raises OSError on failure. 475 """ 476 return check_return(libsyd.syd_disable_stat())
Disables stat sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_stat() -> bool:
479def enabled_stat() -> bool: 480 """ 481 Checks if stat sandboxing is enabled. 482 483 # Returns 484 bool: True if stat sandboxing is enabled, False otherwise. 485 """ 486 return libsyd.syd_enabled_stat()
Checks if stat sandboxing is enabled.
Returns
bool: True if stat sandboxing is enabled, False otherwise.
def
enable_read() -> bool:
489def enable_read() -> bool: 490 """ 491 Enables read sandboxing. 492 493 # Returns 494 bool: True on successful operation, or raises OSError on failure. 495 """ 496 return check_return(libsyd.syd_enable_read())
Enables read sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_read() -> bool:
499def disable_read() -> bool: 500 """ 501 Disables read sandboxing. 502 503 # Returns 504 bool: True on successful operation, or raises OSError on failure. 505 """ 506 return check_return(libsyd.syd_disable_read())
Disables read sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_read() -> bool:
509def enabled_read() -> bool: 510 """ 511 Checks if read sandboxing is enabled. 512 513 # Returns 514 bool: True if read sandboxing is enabled, False otherwise. 515 """ 516 return libsyd.syd_enabled_read()
Checks if read sandboxing is enabled.
Returns
bool: True if read sandboxing is enabled, False otherwise.
def
enable_write() -> bool:
519def enable_write() -> bool: 520 """ 521 Enables write sandboxing. 522 523 # Returns 524 bool: True on successful operation, or raises OSError on failure. 525 """ 526 return check_return(libsyd.syd_enable_write())
Enables write sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_write() -> bool:
529def disable_write() -> bool: 530 """ 531 Disables write sandboxing. 532 533 # Returns 534 bool: True on successful operation, or raises OSError on failure. 535 """ 536 return check_return(libsyd.syd_disable_write())
Disables write sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_write() -> bool:
539def enabled_write() -> bool: 540 """ 541 Checks if write sandboxing is enabled. 542 543 # Returns 544 bool: True if write sandboxing is enabled, False otherwise. 545 """ 546 return libsyd.syd_enabled_write()
Checks if write sandboxing is enabled.
Returns
bool: True if write sandboxing is enabled, False otherwise.
def
enable_exec() -> bool:
549def enable_exec() -> bool: 550 """ 551 Enables exec sandboxing. 552 553 # Returns 554 bool: True on successful operation, or raises OSError on failure. 555 """ 556 return check_return(libsyd.syd_enable_exec())
Enables exec sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_exec() -> bool:
559def disable_exec() -> bool: 560 """ 561 Disables exec sandboxing. 562 563 # Returns 564 bool: True on successful operation, or raises OSError on failure. 565 """ 566 return check_return(libsyd.syd_disable_exec())
Disables exec sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_exec() -> bool:
569def enabled_exec() -> bool: 570 """ 571 Checks if exec sandboxing is enabled. 572 573 # Returns 574 bool: True if exec sandboxing is enabled, False otherwise. 575 """ 576 return libsyd.syd_enabled_exec()
Checks if exec sandboxing is enabled.
Returns
bool: True if exec sandboxing is enabled, False otherwise.
def
enable_ioctl() -> bool:
579def enable_ioctl() -> bool: 580 """ 581 Enables ioctl sandboxing. 582 583 # Returns 584 bool: True on successful operation, or raises OSError on failure. 585 """ 586 return check_return(libsyd.syd_enable_ioctl())
Enables ioctl sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_ioctl() -> bool:
589def disable_ioctl() -> bool: 590 """ 591 Disables ioctl sandboxing. 592 593 # Returns 594 bool: True on successful operation, or raises OSError on failure. 595 """ 596 return check_return(libsyd.syd_disable_ioctl())
Disables ioctl sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_ioctl() -> bool:
599def enabled_ioctl() -> bool: 600 """ 601 Checks if ioctl sandboxing is enabled. 602 603 # Returns 604 bool: True if ioctl sandboxing is enabled, False otherwise. 605 """ 606 return libsyd.syd_enabled_ioctl()
Checks if ioctl sandboxing is enabled.
Returns
bool: True if ioctl sandboxing is enabled, False otherwise.
def
enable_create() -> bool:
609def enable_create() -> bool: 610 """ 611 Enables create sandboxing. 612 613 # Returns 614 bool: True on successful operation, or raises OSError on failure. 615 """ 616 return check_return(libsyd.syd_enable_create())
Enables create sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_create() -> bool:
619def disable_create() -> bool: 620 """ 621 Disables create sandboxing. 622 623 # Returns 624 bool: True on successful operation, or raises OSError on failure. 625 """ 626 return check_return(libsyd.syd_disable_create())
Disables create sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_create() -> bool:
629def enabled_create() -> bool: 630 """ 631 Checks if create sandboxing is enabled. 632 633 # Returns 634 bool: True if create sandboxing is enabled, False otherwise. 635 """ 636 return libsyd.syd_enabled_create()
Checks if create sandboxing is enabled.
Returns
bool: True if create sandboxing is enabled, False otherwise.
def
enable_delete() -> bool:
639def enable_delete() -> bool: 640 """ 641 Enables delete sandboxing. 642 643 # Returns 644 bool: True on successful operation, or raises OSError on failure. 645 """ 646 return check_return(libsyd.syd_enable_delete())
Enables delete sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_delete() -> bool:
649def disable_delete() -> bool: 650 """ 651 Disables delete sandboxing. 652 653 # Returns 654 bool: True on successful operation, or raises OSError on failure. 655 """ 656 return check_return(libsyd.syd_disable_delete())
Disables delete sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_delete() -> bool:
659def enabled_delete() -> bool: 660 """ 661 Checks if delete sandboxing is enabled. 662 663 # Returns 664 bool: True if delete sandboxing is enabled, False otherwise. 665 """ 666 return libsyd.syd_enabled_delete()
Checks if delete sandboxing is enabled.
Returns
bool: True if delete sandboxing is enabled, False otherwise.
def
enable_rename() -> bool:
669def enable_rename() -> bool: 670 """ 671 Enables rename sandboxing. 672 673 # Returns 674 bool: True on successful operation, or raises OSError on failure. 675 """ 676 return check_return(libsyd.syd_enable_rename())
Enables rename sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_rename() -> bool:
679def disable_rename() -> bool: 680 """ 681 Disables rename sandboxing. 682 683 # Returns 684 bool: True on successful operation, or raises OSError on failure. 685 """ 686 return check_return(libsyd.syd_disable_rename())
Disables rename sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_rename() -> bool:
689def enabled_rename() -> bool: 690 """ 691 Checks if rename sandboxing is enabled. 692 693 # Returns 694 bool: True if rename sandboxing is enabled, False otherwise. 695 """ 696 return libsyd.syd_enabled_rename()
Checks if rename sandboxing is enabled.
Returns
bool: True if rename sandboxing is enabled, False otherwise.
def
enable_symlink() -> bool:
699def enable_symlink() -> bool: 700 """ 701 Enables symlink sandboxing. 702 703 # Returns 704 bool: True on successful operation, or raises OSError on failure. 705 """ 706 return check_return(libsyd.syd_enable_symlink())
Enables symlink sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_symlink() -> bool:
709def disable_symlink() -> bool: 710 """ 711 Disables symlink sandboxing. 712 713 # Returns 714 bool: True on successful operation, or raises OSError on failure. 715 """ 716 return check_return(libsyd.syd_disable_symlink())
Disables symlink sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_symlink() -> bool:
719def enabled_symlink() -> bool: 720 """ 721 Checks if symlink sandboxing is enabled. 722 723 # Returns 724 bool: True if symlink sandboxing is enabled, False otherwise. 725 """ 726 return libsyd.syd_enabled_symlink()
Checks if symlink sandboxing is enabled.
Returns
bool: True if symlink sandboxing is enabled, False otherwise.
def
enable_truncate() -> bool:
729def enable_truncate() -> bool: 730 """ 731 Enables truncate sandboxing. 732 733 # Returns 734 bool: True on successful operation, or raises OSError on failure. 735 """ 736 return check_return(libsyd.syd_enable_truncate())
Enables truncate sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_truncate() -> bool:
739def disable_truncate() -> bool: 740 """ 741 Disables truncate sandboxing. 742 743 # Returns 744 bool: True on successful operation, or raises OSError on failure. 745 """ 746 return check_return(libsyd.syd_disable_truncate())
Disables truncate sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_truncate() -> bool:
749def enabled_truncate() -> bool: 750 """ 751 Checks if truncate sandboxing is enabled. 752 753 # Returns 754 bool: True if truncate sandboxing is enabled, False otherwise. 755 """ 756 return libsyd.syd_enabled_truncate()
Checks if truncate sandboxing is enabled.
Returns
bool: True if truncate sandboxing is enabled, False otherwise.
def
enable_chdir() -> bool:
759def enable_chdir() -> bool: 760 """ 761 Enables chdir sandboxing. 762 763 # Returns 764 bool: True on successful operation, or raises OSError on failure. 765 """ 766 return check_return(libsyd.syd_enable_chdir())
Enables chdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_chdir() -> bool:
769def disable_chdir() -> bool: 770 """ 771 Disables chdir sandboxing. 772 773 # Returns 774 bool: True on successful operation, or raises OSError on failure. 775 """ 776 return check_return(libsyd.syd_disable_chdir())
Disables chdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_chdir() -> bool:
779def enabled_chdir() -> bool: 780 """ 781 Checks if chdir sandboxing is enabled. 782 783 # Returns 784 bool: True if chdir sandboxing is enabled, False otherwise. 785 """ 786 return libsyd.syd_enabled_chdir()
Checks if chdir sandboxing is enabled.
Returns
bool: True if chdir sandboxing is enabled, False otherwise.
def
enable_readdir() -> bool:
789def enable_readdir() -> bool: 790 """ 791 Enables readdir sandboxing. 792 793 # Returns 794 bool: True on successful operation, or raises OSError on failure. 795 """ 796 return check_return(libsyd.syd_enable_readdir())
Enables readdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_readdir() -> bool:
799def disable_readdir() -> bool: 800 """ 801 Disables readdir sandboxing. 802 803 # Returns 804 bool: True on successful operation, or raises OSError on failure. 805 """ 806 return check_return(libsyd.syd_disable_readdir())
Disables readdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_readdir() -> bool:
809def enabled_readdir() -> bool: 810 """ 811 Checks if readdir sandboxing is enabled. 812 813 # Returns 814 bool: True if readdir sandboxing is enabled, False otherwise. 815 """ 816 return libsyd.syd_enabled_readdir()
Checks if readdir sandboxing is enabled.
Returns
bool: True if readdir sandboxing is enabled, False otherwise.
def
enable_mkdir() -> bool:
819def enable_mkdir() -> bool: 820 """ 821 Enables mkdir sandboxing. 822 823 # Returns 824 bool: True on successful operation, or raises OSError on failure. 825 """ 826 return check_return(libsyd.syd_enable_mkdir())
Enables mkdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_mkdir() -> bool:
829def disable_mkdir() -> bool: 830 """ 831 Disables mkdir sandboxing. 832 833 # Returns 834 bool: True on successful operation, or raises OSError on failure. 835 """ 836 return check_return(libsyd.syd_disable_mkdir())
Disables mkdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_mkdir() -> bool:
839def enabled_mkdir() -> bool: 840 """ 841 Checks if mkdir sandboxing is enabled. 842 843 # Returns 844 bool: True if mkdir sandboxing is enabled, False otherwise. 845 """ 846 return libsyd.syd_enabled_mkdir()
Checks if mkdir sandboxing is enabled.
Returns
bool: True if mkdir sandboxing is enabled, False otherwise.
def
enable_rmdir() -> bool:
849def enable_rmdir() -> bool: 850 """ 851 Enables rmdir sandboxing. 852 853 # Returns 854 bool: True on successful operation, or raises OSError on failure. 855 """ 856 return check_return(libsyd.syd_enable_rmdir())
Enables rmdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_rmdir() -> bool:
859def disable_rmdir() -> bool: 860 """ 861 Disables rmdir sandboxing. 862 863 # Returns 864 bool: True on successful operation, or raises OSError on failure. 865 """ 866 return check_return(libsyd.syd_disable_rmdir())
Disables rmdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_rmdir() -> bool:
869def enabled_rmdir() -> bool: 870 """ 871 Checks if rmdir sandboxing is enabled. 872 873 # Returns 874 bool: True if rmdir sandboxing is enabled, False otherwise. 875 """ 876 return libsyd.syd_enabled_rmdir()
Checks if rmdir sandboxing is enabled.
Returns
bool: True if rmdir sandboxing is enabled, False otherwise.
def
enable_chown() -> bool:
879def enable_chown() -> bool: 880 """ 881 Enables chown sandboxing. 882 883 # Returns 884 bool: True on successful operation, or raises OSError on failure. 885 """ 886 return check_return(libsyd.syd_enable_chown())
Enables chown sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_chown() -> bool:
889def disable_chown() -> bool: 890 """ 891 Disables chown sandboxing. 892 893 # Returns 894 bool: True on successful operation, or raises OSError on failure. 895 """ 896 return check_return(libsyd.syd_disable_chown())
Disables chown sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_chown() -> bool:
899def enabled_chown() -> bool: 900 """ 901 Checks if chown sandboxing is enabled. 902 903 # Returns 904 bool: True if chown sandboxing is enabled, False otherwise. 905 """ 906 return libsyd.syd_enabled_chown()
Checks if chown sandboxing is enabled.
Returns
bool: True if chown sandboxing is enabled, False otherwise.
def
enable_chgrp() -> bool:
909def enable_chgrp() -> bool: 910 """ 911 Enables chgrp sandboxing. 912 913 # Returns 914 bool: True on successful operation, or raises OSError on failure. 915 """ 916 return check_return(libsyd.syd_enable_chgrp())
Enables chgrp sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_chgrp() -> bool:
919def disable_chgrp() -> bool: 920 """ 921 Disables chgrp sandboxing. 922 923 # Returns 924 bool: True on successful operation, or raises OSError on failure. 925 """ 926 return check_return(libsyd.syd_disable_chgrp())
Disables chgrp sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_chgrp() -> bool:
929def enabled_chgrp() -> bool: 930 """ 931 Checks if chgrp sandboxing is enabled. 932 933 # Returns 934 bool: True if chgrp sandboxing is enabled, False otherwise. 935 """ 936 return libsyd.syd_enabled_chgrp()
Checks if chgrp sandboxing is enabled.
Returns
bool: True if chgrp sandboxing is enabled, False otherwise.
def
enable_chattr() -> bool:
969def enable_chattr() -> bool: 970 """ 971 Enables chattr sandboxing. 972 973 # Returns 974 bool: True on successful operation, or raises OSError on failure. 975 """ 976 return check_return(libsyd.syd_enable_chattr())
Enables chattr sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_chattr() -> bool:
979def disable_chattr() -> bool: 980 """ 981 Disables chattr sandboxing. 982 983 # Returns 984 bool: True on successful operation, or raises OSError on failure. 985 """ 986 return check_return(libsyd.syd_disable_chattr())
Disables chattr sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_chattr() -> bool:
989def enabled_chattr() -> bool: 990 """ 991 Checks if chattr sandboxing is enabled. 992 993 # Returns 994 bool: True if chattr sandboxing is enabled, False otherwise. 995 """ 996 return libsyd.syd_enabled_chattr()
Checks if chattr sandboxing is enabled.
Returns
bool: True if chattr sandboxing is enabled, False otherwise.
def
enable_chroot() -> bool:
999def enable_chroot() -> bool: 1000 """ 1001 Enables chroot sandboxing. 1002 1003 # Returns 1004 bool: True on successful operation, or raises OSError on failure. 1005 """ 1006 return check_return(libsyd.syd_enable_chroot())
Enables chroot sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_chroot() -> bool:
1009def disable_chroot() -> bool: 1010 """ 1011 Disables chroot sandboxing. 1012 1013 # Returns 1014 bool: True on successful operation, or raises OSError on failure. 1015 """ 1016 return check_return(libsyd.syd_disable_chroot())
Disables chroot sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_chroot() -> bool:
1019def enabled_chroot() -> bool: 1020 """ 1021 Checks if chroot sandboxing is enabled. 1022 1023 # Returns 1024 bool: True if chroot sandboxing is enabled, False otherwise. 1025 """ 1026 return libsyd.syd_enabled_chroot()
Checks if chroot sandboxing is enabled.
Returns
bool: True if chroot sandboxing is enabled, False otherwise.
def
enable_utime() -> bool:
1029def enable_utime() -> bool: 1030 """ 1031 Enables utime sandboxing. 1032 1033 # Returns 1034 bool: True on successful operation, or raises OSError on failure. 1035 """ 1036 return check_return(libsyd.syd_enable_utime())
Enables utime sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_utime() -> bool:
1039def disable_utime() -> bool: 1040 """ 1041 Disables utime sandboxing. 1042 1043 # Returns 1044 bool: True on successful operation, or raises OSError on failure. 1045 """ 1046 return check_return(libsyd.syd_disable_utime())
Disables utime sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_utime() -> bool:
1049def enabled_utime() -> bool: 1050 """ 1051 Checks if utime sandboxing is enabled. 1052 1053 # Returns 1054 bool: True if utime sandboxing is enabled, False otherwise. 1055 """ 1056 return libsyd.syd_enabled_utime()
Checks if utime sandboxing is enabled.
Returns
bool: True if utime sandboxing is enabled, False otherwise.
def
enable_mkdev() -> bool:
1059def enable_mkdev() -> bool: 1060 """ 1061 Enables mkdev sandboxing. 1062 1063 # Returns 1064 bool: True on successful operation, or raises OSError on failure. 1065 """ 1066 return check_return(libsyd.syd_enable_mkdev())
Enables mkdev sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_mkdev() -> bool:
1069def disable_mkdev() -> bool: 1070 """ 1071 Disables mkdev sandboxing. 1072 1073 # Returns 1074 bool: True on successful operation, or raises OSError on failure. 1075 """ 1076 return check_return(libsyd.syd_disable_mkdev())
Disables mkdev sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_mkdev() -> bool:
1079def enabled_mkdev() -> bool: 1080 """ 1081 Checks if mkdev sandboxing is enabled. 1082 1083 # Returns 1084 bool: True if mkdev sandboxing is enabled, False otherwise. 1085 """ 1086 return libsyd.syd_enabled_mkdev()
Checks if mkdev sandboxing is enabled.
Returns
bool: True if mkdev sandboxing is enabled, False otherwise.
def
enable_mkfifo() -> bool:
1089def enable_mkfifo() -> bool: 1090 """ 1091 Enables mkfifo sandboxing. 1092 1093 # Returns 1094 bool: True on successful operation, or raises OSError on failure. 1095 """ 1096 return check_return(libsyd.syd_enable_mkfifo())
Enables mkfifo sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_mkfifo() -> bool:
1099def disable_mkfifo() -> bool: 1100 """ 1101 Disables mkfifo sandboxing. 1102 1103 # Returns 1104 bool: True on successful operation, or raises OSError on failure. 1105 """ 1106 return check_return(libsyd.syd_disable_mkfifo())
Disables mkfifo sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_mkfifo() -> bool:
1109def enabled_mkfifo() -> bool: 1110 """ 1111 Checks if mkfifo sandboxing is enabled. 1112 1113 # Returns 1114 bool: True if mkfifo sandboxing is enabled, False otherwise. 1115 """ 1116 return libsyd.syd_enabled_mkfifo()
Checks if mkfifo sandboxing is enabled.
Returns
bool: True if mkfifo sandboxing is enabled, False otherwise.
def
enable_mktemp() -> bool:
1119def enable_mktemp() -> bool: 1120 """ 1121 Enables mktemp sandboxing. 1122 1123 # Returns 1124 bool: True on successful operation, or raises OSError on failure. 1125 """ 1126 return check_return(libsyd.syd_enable_mktemp())
Enables mktemp sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_mktemp() -> bool:
1129def disable_mktemp() -> bool: 1130 """ 1131 Disables mktemp sandboxing. 1132 1133 # Returns 1134 bool: True on successful operation, or raises OSError on failure. 1135 """ 1136 return check_return(libsyd.syd_disable_mktemp())
Disables mktemp sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_mktemp() -> bool:
1139def enabled_mktemp() -> bool: 1140 """ 1141 Checks if mktemp sandboxing is enabled. 1142 1143 # Returns 1144 bool: True if mktemp sandboxing is enabled, False otherwise. 1145 """ 1146 return libsyd.syd_enabled_mktemp()
Checks if mktemp sandboxing is enabled.
Returns
bool: True if mktemp sandboxing is enabled, False otherwise.
def
enable_net() -> bool:
1149def enable_net() -> bool: 1150 """ 1151 Enables net sandboxing. 1152 1153 # Returns 1154 bool: True on successful operation, or raises OSError on failure. 1155 """ 1156 return check_return(libsyd.syd_enable_net())
Enables net sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_net() -> bool:
1159def disable_net() -> bool: 1160 """ 1161 Disables net sandboxing. 1162 1163 # Returns 1164 bool: True on successful operation, or raises OSError on failure. 1165 """ 1166 return check_return(libsyd.syd_disable_net())
Disables net sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_net() -> bool:
1169def enabled_net() -> bool: 1170 """ 1171 Checks if net sandboxing is enabled. 1172 1173 # Returns 1174 bool: True if net sandboxing is enabled, False otherwise. 1175 """ 1176 return libsyd.syd_enabled_net()
Checks if net sandboxing is enabled.
Returns
bool: True if net sandboxing is enabled, False otherwise.
def
enabled_lock() -> bool:
1179def enabled_lock() -> bool: 1180 """ 1181 Checks if lock sandboxing is enabled. 1182 1183 # Returns 1184 bool: True if lock sandboxing is enabled, False otherwise. 1185 """ 1186 return libsyd.syd_enabled_lock()
Checks if lock sandboxing is enabled.
Returns
bool: True if lock sandboxing is enabled, False otherwise.
def
enabled_crypt() -> bool:
1189def enabled_crypt() -> bool: 1190 """ 1191 Checks if crypt sandboxing is enabled. 1192 1193 # Returns 1194 bool: True if crypt sandboxing is enabled, False otherwise. 1195 """ 1196 return libsyd.syd_enabled_crypt()
Checks if crypt sandboxing is enabled.
Returns
bool: True if crypt sandboxing is enabled, False otherwise.
def
enabled_proxy() -> bool:
1199def enabled_proxy() -> bool: 1200 """ 1201 Checks if Proxy sandboxing is enabled. 1202 1203 # Returns 1204 bool: True if Proxy andboxing is enabled, False otherwise. 1205 """ 1206 return libsyd.syd_enabled_proxy()
Checks if Proxy sandboxing is enabled.
Returns
bool: True if Proxy andboxing is enabled, False otherwise.
def
enable_mem() -> bool:
1209def enable_mem() -> bool: 1210 """ 1211 Enables memory sandboxing. 1212 1213 # Returns 1214 bool: True on successful operation, or raises OSError on failure. 1215 """ 1216 return check_return(libsyd.syd_enable_mem())
Enables memory sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_mem() -> bool:
1219def disable_mem() -> bool: 1220 """ 1221 Disables memory sandboxing. 1222 1223 # Returns 1224 bool: True on successful operation, or raises OSError on failure. 1225 """ 1226 return check_return(libsyd.syd_disable_mem())
Disables memory sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_mem() -> bool:
1229def enabled_mem() -> bool: 1230 """ 1231 Checks if memory sandboxing is enabled. 1232 1233 # Returns 1234 bool: True if memory sandboxing is enabled, False otherwise. 1235 """ 1236 return libsyd.syd_enabled_mem()
Checks if memory sandboxing is enabled.
Returns
bool: True if memory sandboxing is enabled, False otherwise.
def
enable_pid() -> bool:
1239def enable_pid() -> bool: 1240 """ 1241 Enables PID sandboxing. 1242 1243 # Returns 1244 bool: True on successful operation, or raises OSError on failure. 1245 """ 1246 return check_return(libsyd.syd_enable_pid())
Enables PID sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_pid() -> bool:
1249def disable_pid() -> bool: 1250 """ 1251 Disables PID sandboxing. 1252 1253 # Returns 1254 bool: True on successful operation, or raises OSError on failure. 1255 """ 1256 return check_return(libsyd.syd_disable_pid())
Disables PID sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_pid() -> bool:
1259def enabled_pid() -> bool: 1260 """ 1261 Checks if PID sandboxing is enabled. 1262 1263 # Returns 1264 bool: True if PID sandboxing is enabled, False otherwise. 1265 """ 1266 return libsyd.syd_enabled_pid()
Checks if PID sandboxing is enabled.
Returns
bool: True if PID sandboxing is enabled, False otherwise.
def
enable_force() -> bool:
1269def enable_force() -> bool: 1270 """ 1271 Enables force sandboxing. 1272 1273 # Returns 1274 bool: True on successful operation, or raises OSError on failure. 1275 """ 1276 return check_return(libsyd.syd_enable_force())
Enables force sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_force() -> bool:
1279def disable_force() -> bool: 1280 """ 1281 Disables force sandboxing. 1282 1283 # Returns 1284 bool: True on successful operation, or raises OSError on failure. 1285 """ 1286 return check_return(libsyd.syd_disable_force())
Disables force sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_force() -> bool:
1289def enabled_force() -> bool: 1290 """ 1291 Checks if force sandboxing is enabled. 1292 1293 # Returns 1294 bool: True if force sandboxing is enabled, False otherwise. 1295 """ 1296 return libsyd.syd_enabled_force()
Checks if force sandboxing is enabled.
Returns
bool: True if force sandboxing is enabled, False otherwise.
def
enable_tpe() -> bool:
1299def enable_tpe() -> bool: 1300 """ 1301 Enables TPE sandboxing. 1302 1303 # Returns 1304 bool: True on successful operation, or raises OSError on failure. 1305 """ 1306 return check_return(libsyd.syd_enable_tpe())
Enables TPE sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
disable_tpe() -> bool:
1309def disable_tpe() -> bool: 1310 """ 1311 Disables TPE sandboxing. 1312 1313 # Returns 1314 bool: True on successful operation, or raises OSError on failure. 1315 """ 1316 return check_return(libsyd.syd_disable_tpe())
Disables TPE sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
enabled_tpe() -> bool:
1319def enabled_tpe() -> bool: 1320 """ 1321 Checks if TPE sandboxing is enabled. 1322 1323 # Returns 1324 bool: True if TPE sandboxing is enabled, False otherwise. 1325 """ 1326 return libsyd.syd_enabled_tpe()
Checks if TPE sandboxing is enabled.
Returns
bool: True if TPE sandboxing is enabled, False otherwise.
1329def default_stat(action: Action) -> bool: 1330 """ 1331 Set default action for Stat sandboxing. 1332 1333 # Returns 1334 bool: True on successful operation, or raises OSError on failure. 1335 """ 1336 return check_return(libsyd.syd_default_stat(action.value))
Set default action for Stat sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1339def default_read(action: Action) -> bool: 1340 """ 1341 Set default action for Read sandboxing. 1342 1343 # Returns 1344 bool: True on successful operation, or raises OSError on failure. 1345 """ 1346 return check_return(libsyd.syd_default_read(action.value))
Set default action for Read sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1349def default_write(action: Action) -> bool: 1350 """ 1351 Set default action for Write sandboxing. 1352 1353 # Returns 1354 bool: True on successful operation, or raises OSError on failure. 1355 """ 1356 return check_return(libsyd.syd_default_write(action.value))
Set default action for Write sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1359def default_exec(action: Action) -> bool: 1360 """ 1361 Set default action for Exec sandboxing. 1362 1363 # Returns 1364 bool: True on successful operation, or raises OSError on failure. 1365 """ 1366 return check_return(libsyd.syd_default_exec(action.value))
Set default action for Exec sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1369def default_ioctl(action: Action) -> bool: 1370 """ 1371 Set default action for Ioctl sandboxing. 1372 1373 # Returns 1374 bool: True on successful operation, or raises OSError on failure. 1375 """ 1376 return check_return(libsyd.syd_default_ioctl(action.value))
Set default action for Ioctl sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1379def default_create(action: Action) -> bool: 1380 """ 1381 Set default action for create sandboxing. 1382 1383 # Returns 1384 bool: True on successful operation, or raises OSError on failure. 1385 """ 1386 return check_return(libsyd.syd_default_create(action.value))
Set default action for create sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1389def default_delete(action: Action) -> bool: 1390 """ 1391 Set default action for delete sandboxing. 1392 1393 # Returns 1394 bool: True on successful operation, or raises OSError on failure. 1395 """ 1396 return check_return(libsyd.syd_default_delete(action.value))
Set default action for delete sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1399def default_rename(action: Action) -> bool: 1400 """ 1401 Set default action for rename sandboxing. 1402 1403 # Returns 1404 bool: True on successful operation, or raises OSError on failure. 1405 """ 1406 return check_return(libsyd.syd_default_rename(action.value))
Set default action for rename sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1409def default_symlink(action: Action) -> bool: 1410 """ 1411 Set default action for symlink sandboxing. 1412 1413 # Returns 1414 bool: True on successful operation, or raises OSError on failure. 1415 """ 1416 return check_return(libsyd.syd_default_symlink(action.value))
Set default action for symlink sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1419def default_truncate(action: Action) -> bool: 1420 """ 1421 Set default action for truncate sandboxing. 1422 1423 # Returns 1424 bool: True on successful operation, or raises OSError on failure. 1425 """ 1426 return check_return(libsyd.syd_default_truncate(action.value))
Set default action for truncate sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1429def default_chdir(action: Action) -> bool: 1430 """ 1431 Set default action for chdir sandboxing. 1432 1433 # Returns 1434 bool: True on successful operation, or raises OSError on failure. 1435 """ 1436 return check_return(libsyd.syd_default_chdir(action.value))
Set default action for chdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1439def default_readdir(action: Action) -> bool: 1440 """ 1441 Set default action for readdir sandboxing. 1442 1443 # Returns 1444 bool: True on successful operation, or raises OSError on failure. 1445 """ 1446 return check_return(libsyd.syd_default_readdir(action.value))
Set default action for readdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1449def default_mkdir(action: Action) -> bool: 1450 """ 1451 Set default action for mkdir sandboxing. 1452 1453 # Returns 1454 bool: True on successful operation, or raises OSError on failure. 1455 """ 1456 return check_return(libsyd.syd_default_mkdir(action.value))
Set default action for mkdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1459def default_rmdir(action: Action) -> bool: 1460 """ 1461 Set default action for rmdir sandboxing. 1462 1463 # Returns 1464 bool: True on successful operation, or raises OSError on failure. 1465 """ 1466 return check_return(libsyd.syd_default_rmdir(action.value))
Set default action for rmdir sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1469def default_chown(action: Action) -> bool: 1470 """ 1471 Set default action for chown sandboxing. 1472 1473 # Returns 1474 bool: True on successful operation, or raises OSError on failure. 1475 """ 1476 return check_return(libsyd.syd_default_chown(action.value))
Set default action for chown sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1479def default_chgrp(action: Action) -> bool: 1480 """ 1481 Set default action for chgrp sandboxing. 1482 1483 # Returns 1484 bool: True on successful operation, or raises OSError on failure. 1485 """ 1486 return check_return(libsyd.syd_default_chgrp(action.value))
Set default action for chgrp sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1489def default_chmod(action: Action) -> bool: 1490 """ 1491 Set default action for chmod sandboxing. 1492 1493 # Returns 1494 bool: True on successful operation, or raises OSError on failure. 1495 """ 1496 return check_return(libsyd.syd_default_chmod(action.value))
Set default action for chmod sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1499def default_chattr(action: Action) -> bool: 1500 """ 1501 Set default action for chattr sandboxing. 1502 1503 # Returns 1504 bool: True on successful operation, or raises OSError on failure. 1505 """ 1506 return check_return(libsyd.syd_default_chattr(action.value))
Set default action for chattr sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1509def default_chroot(action: Action) -> bool: 1510 """ 1511 Set default action for chroot sandboxing. 1512 1513 # Returns 1514 bool: True on successful operation, or raises OSError on failure. 1515 """ 1516 return check_return(libsyd.syd_default_chroot(action.value))
Set default action for chroot sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1519def default_utime(action: Action) -> bool: 1520 """ 1521 Set default action for utime sandboxing. 1522 1523 # Returns 1524 bool: True on successful operation, or raises OSError on failure. 1525 """ 1526 return check_return(libsyd.syd_default_utime(action.value))
Set default action for utime sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1529def default_mkdev(action: Action) -> bool: 1530 """ 1531 Set default action for mkdev sandboxing. 1532 1533 # Returns 1534 bool: True on successful operation, or raises OSError on failure. 1535 """ 1536 return check_return(libsyd.syd_default_mkdev(action.value))
Set default action for mkdev sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1539def default_mkfifo(action: Action) -> bool: 1540 """ 1541 Set default action for mkfifo sandboxing. 1542 1543 # Returns 1544 bool: True on successful operation, or raises OSError on failure. 1545 """ 1546 return check_return(libsyd.syd_default_mkfifo(action.value))
Set default action for mkfifo sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1549def default_mktemp(action: Action) -> bool: 1550 """ 1551 Set default action for mktemp sandboxing. 1552 1553 # Returns 1554 bool: True on successful operation, or raises OSError on failure. 1555 """ 1556 return check_return(libsyd.syd_default_mktemp(action.value))
Set default action for mktemp sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1559def default_net(action: Action) -> bool: 1560 """ 1561 Set default action for Network sandboxing. 1562 1563 # Returns 1564 bool: True on successful operation, or raises OSError on failure. 1565 """ 1566 return check_return(libsyd.syd_default_net(action.value))
Set default action for Network sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1569def default_block(action: Action) -> bool: 1570 """ 1571 Set default action for block sandboxing. 1572 1573 # Returns 1574 bool: True on successful operation, or raises OSError on failure. 1575 """ 1576 return check_return(libsyd.syd_default_block(action.value))
Set default action for block sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1579def default_mem(action: Action) -> bool: 1580 """ 1581 Set default action for Memory sandboxing. 1582 1583 # Returns 1584 bool: True on successful operation, or raises OSError on failure. 1585 """ 1586 return check_return(libsyd.syd_default_mem(action.value))
Set default action for Memory sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1589def default_pid(action: Action) -> bool: 1590 """ 1591 Set default action for PID sandboxing. 1592 1593 # Returns 1594 bool: True on successful operation, or raises OSError on failure. 1595 """ 1596 return check_return(libsyd.syd_default_pid(action.value))
Set default action for PID sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1599def default_force(action: Action) -> bool: 1600 """ 1601 Set default action for Force sandboxing. 1602 1603 # Returns 1604 bool: True on successful operation, or raises OSError on failure. 1605 """ 1606 return check_return(libsyd.syd_default_force(action.value))
Set default action for Force sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
1609def default_segvguard(action: Action) -> bool: 1610 """ 1611 Set default action for SegvGuard. 1612 1613 # Returns 1614 bool: True on successful operation, or raises OSError on failure. 1615 """ 1616 return check_return(libsyd.syd_default_segvguard(action.value))
Set default action for SegvGuard.
Returns
bool: True on successful operation, or raises OSError on failure.
1619def default_tpe(action: Action) -> bool: 1620 """ 1621 Set default action for TPE sandboxing. 1622 1623 # Returns 1624 bool: True on successful operation, or raises OSError on failure. 1625 """ 1626 return check_return(libsyd.syd_default_tpe(action.value))
Set default action for TPE sandboxing.
Returns
bool: True on successful operation, or raises OSError on failure.
def
ioctl_deny(request: int) -> bool:
1629def ioctl_deny(request: int) -> bool: 1630 """ 1631 Adds a request to the _ioctl_(2) denylist. 1632 1633 # Parameters 1634 - request (int): _ioctl_(2) request 1635 1636 # Returns 1637 bool: True on successful operation, or raises an OSError on failure. 1638 """ 1639 return check_return(libsyd.syd_ioctl_deny(request))
Adds a request to the _ioctl_(2) denylist.
Parameters
- request (int): _ioctl_(2) request
Returns
bool: True on successful operation, or raises an OSError on failure.
1642def stat_add(action: Action, glob: bytes) -> bool: 1643 """ 1644 Adds to the given actionlist of stat sandboxing. 1645 1646 # Parameters 1647 - action (Action): Sandbox action 1648 - glob (bytes): Glob pattern 1649 1650 # Returns 1651 bool: True on successful operation, or raises an OSError on failure. 1652 """ 1653 return check_return(libsyd.syd_stat_add(action.value, glob))
Adds to the given actionlist of stat sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1656def stat_del(action: Action, glob: bytes) -> bool: 1657 """ 1658 Removes the first instance from the end of the given actionlist of 1659 stat sandboxing. 1660 1661 # Parameters 1662 - action (Action): Sandbox action 1663 - glob (bytes): Glob pattern 1664 1665 # Returns 1666 bool: True on successful operation, or raises an OSError on failure. 1667 """ 1668 return check_return(libsyd.syd_stat_del(action.value, glob))
Removes the first instance from the end of the given actionlist of stat sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1671def stat_rem(action: Action, glob: bytes) -> bool: 1672 """ 1673 Removes all matching patterns from the given actionlist of stat sandboxing. 1674 1675 # Parameters 1676 - action (Action): Sandbox action 1677 - glob (bytes): Glob pattern 1678 1679 # Returns 1680 bool: True on successful operation, or raises an OSError on failure. 1681 """ 1682 return check_return(libsyd.syd_stat_rem(action.value, glob))
Removes all matching patterns from the given actionlist of stat sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1685def read_add(action: Action, glob: bytes) -> bool: 1686 """ 1687 Adds to the given actionlist of read sandboxing. 1688 1689 # Parameters 1690 - action (Action): Sandbox action 1691 - glob (bytes): Glob pattern 1692 1693 # Returns 1694 bool: True on successful operation, or raises an OSError on failure. 1695 """ 1696 return check_return(libsyd.syd_read_add(action.value, glob))
Adds to the given actionlist of read sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1699def read_del(action: Action, glob: bytes) -> bool: 1700 """ 1701 Removes the first instance from the end of the given actionlist of 1702 read sandboxing. 1703 1704 # Parameters 1705 - action (Action): Sandbox action 1706 - glob (bytes): Glob pattern 1707 1708 # Returns 1709 bool: True on successful operation, or raises an OSError on failure. 1710 """ 1711 return check_return(libsyd.syd_read_del(action.value, glob))
Removes the first instance from the end of the given actionlist of read sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1714def read_rem(action: Action, glob: bytes) -> bool: 1715 """ 1716 Removes all matching patterns from the given actionlist of read sandboxing. 1717 1718 # Parameters 1719 - action (Action): Sandbox action 1720 - glob (bytes): Glob pattern 1721 1722 # Returns 1723 bool: True on successful operation, or raises an OSError on failure. 1724 """ 1725 return check_return(libsyd.syd_read_rem(action.value, glob))
Removes all matching patterns from the given actionlist of read sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1728def write_add(action: Action, glob: bytes) -> bool: 1729 """ 1730 Adds to the given actionlist of write sandboxing. 1731 1732 # Parameters 1733 - action (Action): Sandbox action 1734 - glob (bytes): Glob pattern 1735 1736 # Returns 1737 bool: True on successful operation, or raises an OSError on failure. 1738 """ 1739 return check_return(libsyd.syd_write_add(action.value, glob))
Adds to the given actionlist of write sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1742def write_del(action: Action, glob: bytes) -> bool: 1743 """ 1744 Removes the first instance from the end of the given actionlist of 1745 write sandboxing. 1746 1747 # Parameters 1748 - action (Action): Sandbox action 1749 - glob (bytes): Glob pattern 1750 1751 # Returns 1752 bool: True on successful operation, or raises an OSError on failure. 1753 """ 1754 return check_return(libsyd.syd_write_del(action.value, glob))
Removes the first instance from the end of the given actionlist of write sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1757def write_rem(action: Action, glob: bytes) -> bool: 1758 """ 1759 Removes all matching patterns from the given actionlist of write sandboxing. 1760 1761 # Parameters 1762 - action (Action): Sandbox action 1763 - glob (bytes): Glob pattern 1764 1765 # Returns 1766 bool: True on successful operation, or raises an OSError on failure. 1767 """ 1768 return check_return(libsyd.syd_write_rem(action.value, glob))
Removes all matching patterns from the given actionlist of write sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1771def exec_add(action: Action, glob: bytes) -> bool: 1772 """ 1773 Adds to the given actionlist of exec sandboxing. 1774 1775 # Parameters 1776 - action (Action): Sandbox action 1777 - glob (bytes): Glob pattern 1778 1779 # Returns 1780 bool: True on successful operation, or raises an OSError on failure. 1781 """ 1782 return check_return(libsyd.syd_exec_add(action.value, glob))
Adds to the given actionlist of exec sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1785def exec_del(action: Action, glob: bytes) -> bool: 1786 """ 1787 Removes the first instance from the end of the given actionlist of 1788 exec sandboxing. 1789 1790 # Parameters 1791 - action (Action): Sandbox action 1792 - glob (bytes): Glob pattern 1793 1794 # Returns 1795 bool: True on successful operation, or raises an OSError on failure. 1796 """ 1797 return check_return(libsyd.syd_exec_del(action.value, glob))
Removes the first instance from the end of the given actionlist of exec sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1800def exec_rem(action: Action, glob: bytes) -> bool: 1801 """ 1802 Removes all matching patterns from the given actionlist of exec sandboxing. 1803 1804 # Parameters 1805 - action (Action): Sandbox action 1806 - glob (bytes): Glob pattern 1807 1808 # Returns 1809 bool: True on successful operation, or raises an OSError on failure. 1810 """ 1811 return check_return(libsyd.syd_exec_rem(action.value, glob))
Removes all matching patterns from the given actionlist of exec sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1814def ioctl_add(action: Action, glob: bytes) -> bool: 1815 """ 1816 Adds to the given actionlist of ioctl sandboxing. 1817 1818 # Parameters 1819 - action (Action): Sandbox action 1820 - glob (bytes): Glob pattern 1821 1822 # Returns 1823 bool: True on successful operation, or raises an OSError on failure. 1824 """ 1825 return check_return(libsyd.syd_ioctl_add(action.value, glob))
Adds to the given actionlist of ioctl sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1828def ioctl_del(action: Action, glob: bytes) -> bool: 1829 """ 1830 Removes the first instance from the end of the given actionlist of 1831 ioctl sandboxing. 1832 1833 # Parameters 1834 - action (Action): Sandbox action 1835 - glob (bytes): Glob pattern 1836 1837 # Returns 1838 bool: True on successful operation, or raises an OSError on failure. 1839 """ 1840 return check_return(libsyd.syd_ioctl_del(action.value, glob))
Removes the first instance from the end of the given actionlist of ioctl sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1843def ioctl_rem(action: Action, glob: bytes) -> bool: 1844 """ 1845 Removes all matching patterns from the given actionlist of ioctl sandboxing. 1846 1847 # Parameters 1848 - action (Action): Sandbox action 1849 - glob (bytes): Glob pattern 1850 1851 # Returns 1852 bool: True on successful operation, or raises an OSError on failure. 1853 """ 1854 return check_return(libsyd.syd_ioctl_rem(action.value, glob))
Removes all matching patterns from the given actionlist of ioctl sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1857def create_add(action: Action, glob: bytes) -> bool: 1858 """ 1859 Adds to the given actionlist of create sandboxing. 1860 1861 # Parameters 1862 - action (Action): Sandbox action 1863 - glob (bytes): Glob pattern 1864 1865 # Returns 1866 bool: True on successful operation, or raises an OSError on failure. 1867 """ 1868 return check_return(libsyd.syd_create_add(action.value, glob))
Adds to the given actionlist of create sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1871def create_del(action: Action, glob: bytes) -> bool: 1872 """ 1873 Removes the first instance from the end of the given actionlist of 1874 create sandboxing. 1875 1876 # Parameters 1877 - action (Action): Sandbox action 1878 - glob (bytes): Glob pattern 1879 1880 # Returns 1881 bool: True on successful operation, or raises an OSError on failure. 1882 """ 1883 return check_return(libsyd.syd_create_del(action.value, glob))
Removes the first instance from the end of the given actionlist of create sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1886def create_rem(action: Action, glob: bytes) -> bool: 1887 """ 1888 Removes all matching patterns from the given actionlist of create sandboxing. 1889 1890 # Parameters 1891 - action (Action): Sandbox action 1892 - glob (bytes): Glob pattern 1893 1894 # Returns 1895 bool: True on successful operation, or raises an OSError on failure. 1896 """ 1897 return check_return(libsyd.syd_create_rem(action.value, glob))
Removes all matching patterns from the given actionlist of create sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1900def delete_add(action: Action, glob: bytes) -> bool: 1901 """ 1902 Adds to the given actionlist of delete sandboxing. 1903 1904 # Parameters 1905 - action (Action): Sandbox action 1906 - glob (bytes): Glob pattern 1907 1908 # Returns 1909 bool: True on successful operation, or raises an OSError on failure. 1910 """ 1911 return check_return(libsyd.syd_delete_add(action.value, glob))
Adds to the given actionlist of delete sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1914def delete_del(action: Action, glob: bytes) -> bool: 1915 """ 1916 Removes the first instance from the end of the given actionlist of 1917 delete sandboxing. 1918 1919 # Parameters 1920 - action (Action): Sandbox action 1921 - glob (bytes): Glob pattern 1922 1923 # Returns 1924 bool: True on successful operation, or raises an OSError on failure. 1925 """ 1926 return check_return(libsyd.syd_delete_del(action.value, glob))
Removes the first instance from the end of the given actionlist of delete sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1929def delete_rem(action: Action, glob: bytes) -> bool: 1930 """ 1931 Removes all matching patterns from the given actionlist of delete sandboxing. 1932 1933 # Parameters 1934 - action (Action): Sandbox action 1935 - glob (bytes): Glob pattern 1936 1937 # Returns 1938 bool: True on successful operation, or raises an OSError on failure. 1939 """ 1940 return check_return(libsyd.syd_delete_rem(action.value, glob))
Removes all matching patterns from the given actionlist of delete sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1943def rename_add(action: Action, glob: bytes) -> bool: 1944 """ 1945 Adds to the given actionlist of rename sandboxing. 1946 1947 # Parameters 1948 - action (Action): Sandbox action 1949 - glob (bytes): Glob pattern 1950 1951 # Returns 1952 bool: True on successful operation, or raises an OSError on failure. 1953 """ 1954 return check_return(libsyd.syd_rename_add(action.value, glob))
Adds to the given actionlist of rename sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1957def rename_del(action: Action, glob: bytes) -> bool: 1958 """ 1959 Removes the first instance from the end of the given actionlist of 1960 rename sandboxing. 1961 1962 # Parameters 1963 - action (Action): Sandbox action 1964 - glob (bytes): Glob pattern 1965 1966 # Returns 1967 bool: True on successful operation, or raises an OSError on failure. 1968 """ 1969 return check_return(libsyd.syd_rename_del(action.value, glob))
Removes the first instance from the end of the given actionlist of rename sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1972def rename_rem(action: Action, glob: bytes) -> bool: 1973 """ 1974 Removes all matching patterns from the given actionlist of rename sandboxing. 1975 1976 # Parameters 1977 - action (Action): Sandbox action 1978 - glob (bytes): Glob pattern 1979 1980 # Returns 1981 bool: True on successful operation, or raises an OSError on failure. 1982 """ 1983 return check_return(libsyd.syd_rename_rem(action.value, glob))
Removes all matching patterns from the given actionlist of rename sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
1986def symlink_add(action: Action, glob: bytes) -> bool: 1987 """ 1988 Adds to the given actionlist of symlink sandboxing. 1989 1990 # Parameters 1991 - action (Action): Sandbox action 1992 - glob (bytes): Glob pattern 1993 1994 # Returns 1995 bool: True on successful operation, or raises an OSError on failure. 1996 """ 1997 return check_return(libsyd.syd_symlink_add(action.value, glob))
Adds to the given actionlist of symlink sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2000def symlink_del(action: Action, glob: bytes) -> bool: 2001 """ 2002 Removes the first instance from the end of the given actionlist of 2003 symlink sandboxing. 2004 2005 # Parameters 2006 - action (Action): Sandbox action 2007 - glob (bytes): Glob pattern 2008 2009 # Returns 2010 bool: True on successful operation, or raises an OSError on failure. 2011 """ 2012 return check_return(libsyd.syd_symlink_del(action.value, glob))
Removes the first instance from the end of the given actionlist of symlink sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2015def symlink_rem(action: Action, glob: bytes) -> bool: 2016 """ 2017 Removes all matching patterns from the given actionlist of symlink sandboxing. 2018 2019 # Parameters 2020 - action (Action): Sandbox action 2021 - glob (bytes): Glob pattern 2022 2023 # Returns 2024 bool: True on successful operation, or raises an OSError on failure. 2025 """ 2026 return check_return(libsyd.syd_symlink_rem(action.value, glob))
Removes all matching patterns from the given actionlist of symlink sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2029def truncate_add(action: Action, glob: bytes) -> bool: 2030 """ 2031 Adds to the given actionlist of truncate sandboxing. 2032 2033 # Parameters 2034 - action (Action): Sandbox action 2035 - glob (bytes): Glob pattern 2036 2037 # Returns 2038 bool: True on successful operation, or raises an OSError on failure. 2039 """ 2040 return check_return(libsyd.syd_truncate_add(action.value, glob))
Adds to the given actionlist of truncate sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2043def truncate_del(action: Action, glob: bytes) -> bool: 2044 """ 2045 Removes the first instance from the end of the given actionlist of 2046 truncate sandboxing. 2047 2048 # Parameters 2049 - action (Action): Sandbox action 2050 - glob (bytes): Glob pattern 2051 2052 # Returns 2053 bool: True on successful operation, or raises an OSError on failure. 2054 """ 2055 return check_return(libsyd.syd_truncate_del(action.value, glob))
Removes the first instance from the end of the given actionlist of truncate sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2058def truncate_rem(action: Action, glob: bytes) -> bool: 2059 """ 2060 Removes all matching patterns from the given actionlist of truncate sandboxing. 2061 2062 # Parameters 2063 - action (Action): Sandbox action 2064 - glob (bytes): Glob pattern 2065 2066 # Returns 2067 bool: True on successful operation, or raises an OSError on failure. 2068 """ 2069 return check_return(libsyd.syd_truncate_rem(action.value, glob))
Removes all matching patterns from the given actionlist of truncate sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2072def chdir_add(action: Action, glob: bytes) -> bool: 2073 """ 2074 Adds to the given actionlist of chdir sandboxing. 2075 2076 # Parameters 2077 - action (Action): Sandbox action 2078 - glob (bytes): Glob pattern 2079 2080 # Returns 2081 bool: True on successful operation, or raises an OSError on failure. 2082 """ 2083 return check_return(libsyd.syd_chdir_add(action.value, glob))
Adds to the given actionlist of chdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2086def chdir_del(action: Action, glob: bytes) -> bool: 2087 """ 2088 Removes the first instance from the end of the given actionlist of 2089 chdir sandboxing. 2090 2091 # Parameters 2092 - action (Action): Sandbox action 2093 - glob (bytes): Glob pattern 2094 2095 # Returns 2096 bool: True on successful operation, or raises an OSError on failure. 2097 """ 2098 return check_return(libsyd.syd_chdir_del(action.value, glob))
Removes the first instance from the end of the given actionlist of chdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2101def chdir_rem(action: Action, glob: bytes) -> bool: 2102 """ 2103 Removes all matching patterns from the given actionlist of chdir sandboxing. 2104 2105 # Parameters 2106 - action (Action): Sandbox action 2107 - glob (bytes): Glob pattern 2108 2109 # Returns 2110 bool: True on successful operation, or raises an OSError on failure. 2111 """ 2112 return check_return(libsyd.syd_chdir_rem(action.value, glob))
Removes all matching patterns from the given actionlist of chdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2115def readdir_add(action: Action, glob: bytes) -> bool: 2116 """ 2117 Adds to the given actionlist of readdir sandboxing. 2118 2119 # Parameters 2120 - action (Action): Sandbox action 2121 - glob (bytes): Glob pattern 2122 2123 # Returns 2124 bool: True on successful operation, or raises an OSError on failure. 2125 """ 2126 return check_return(libsyd.syd_readdir_add(action.value, glob))
Adds to the given actionlist of readdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2129def readdir_del(action: Action, glob: bytes) -> bool: 2130 """ 2131 Removes the first instance from the end of the given actionlist of 2132 readdir sandboxing. 2133 2134 # Parameters 2135 - action (Action): Sandbox action 2136 - glob (bytes): Glob pattern 2137 2138 # Returns 2139 bool: True on successful operation, or raises an OSError on failure. 2140 """ 2141 return check_return(libsyd.syd_readdir_del(action.value, glob))
Removes the first instance from the end of the given actionlist of readdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2144def readdir_rem(action: Action, glob: bytes) -> bool: 2145 """ 2146 Removes all matching patterns from the given actionlist of readdir sandboxing. 2147 2148 # Parameters 2149 - action (Action): Sandbox action 2150 - glob (bytes): Glob pattern 2151 2152 # Returns 2153 bool: True on successful operation, or raises an OSError on failure. 2154 """ 2155 return check_return(libsyd.syd_readdir_rem(action.value, glob))
Removes all matching patterns from the given actionlist of readdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2158def mkdir_add(action: Action, glob: bytes) -> bool: 2159 """ 2160 Adds to the given actionlist of mkdir sandboxing. 2161 2162 # Parameters 2163 - action (Action): Sandbox action 2164 - glob (bytes): Glob pattern 2165 2166 # Returns 2167 bool: True on successful operation, or raises an OSError on failure. 2168 """ 2169 return check_return(libsyd.syd_mkdir_add(action.value, glob))
Adds to the given actionlist of mkdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2172def mkdir_del(action: Action, glob: bytes) -> bool: 2173 """ 2174 Removes the first instance from the end of the given actionlist of 2175 mkdir sandboxing. 2176 2177 # Parameters 2178 - action (Action): Sandbox action 2179 - glob (bytes): Glob pattern 2180 2181 # Returns 2182 bool: True on successful operation, or raises an OSError on failure. 2183 """ 2184 return check_return(libsyd.syd_mkdir_del(action.value, glob))
Removes the first instance from the end of the given actionlist of mkdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2187def mkdir_rem(action: Action, glob: bytes) -> bool: 2188 """ 2189 Removes all matching patterns from the given actionlist of mkdir sandboxing. 2190 2191 # Parameters 2192 - action (Action): Sandbox action 2193 - glob (bytes): Glob pattern 2194 2195 # Returns 2196 bool: True on successful operation, or raises an OSError on failure. 2197 """ 2198 return check_return(libsyd.syd_mkdir_rem(action.value, glob))
Removes all matching patterns from the given actionlist of mkdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2201def rmdir_add(action: Action, glob: bytes) -> bool: 2202 """ 2203 Adds to the given actionlist of rmdir sandboxing. 2204 2205 # Parameters 2206 - action (Action): Sandbox action 2207 - glob (bytes): Glob pattern 2208 2209 # Returns 2210 bool: True on successful operation, or raises an OSError on failure. 2211 """ 2212 return check_return(libsyd.syd_rmdir_add(action.value, glob))
Adds to the given actionlist of rmdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2215def rmdir_del(action: Action, glob: bytes) -> bool: 2216 """ 2217 Removes the first instance from the end of the given actionlist of 2218 rmdir sandboxing. 2219 2220 # Parameters 2221 - action (Action): Sandbox action 2222 - glob (bytes): Glob pattern 2223 2224 # Returns 2225 bool: True on successful operation, or raises an OSError on failure. 2226 """ 2227 return check_return(libsyd.syd_rmdir_del(action.value, glob))
Removes the first instance from the end of the given actionlist of rmdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2230def rmdir_rem(action: Action, glob: bytes) -> bool: 2231 """ 2232 Removes all matching patterns from the given actionlist of rmdir sandboxing. 2233 2234 # Parameters 2235 - action (Action): Sandbox action 2236 - glob (bytes): Glob pattern 2237 2238 # Returns 2239 bool: True on successful operation, or raises an OSError on failure. 2240 """ 2241 return check_return(libsyd.syd_rmdir_rem(action.value, glob))
Removes all matching patterns from the given actionlist of rmdir sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2244def chown_add(action: Action, glob: bytes) -> bool: 2245 """ 2246 Adds to the given actionlist of chown sandboxing. 2247 2248 # Parameters 2249 - action (Action): Sandbox action 2250 - glob (bytes): Glob pattern 2251 2252 # Returns 2253 bool: True on successful operation, or raises an OSError on failure. 2254 """ 2255 return check_return(libsyd.syd_chown_add(action.value, glob))
Adds to the given actionlist of chown sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2258def chown_del(action: Action, glob: bytes) -> bool: 2259 """ 2260 Removes the first instance from the end of the given actionlist of 2261 chown sandboxing. 2262 2263 # Parameters 2264 - action (Action): Sandbox action 2265 - glob (bytes): Glob pattern 2266 2267 # Returns 2268 bool: True on successful operation, or raises an OSError on failure. 2269 """ 2270 return check_return(libsyd.syd_chown_del(action.value, glob))
Removes the first instance from the end of the given actionlist of chown sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2273def chown_rem(action: Action, glob: bytes) -> bool: 2274 """ 2275 Removes all matching patterns from the given actionlist of chown sandboxing. 2276 2277 # Parameters 2278 - action (Action): Sandbox action 2279 - glob (bytes): Glob pattern 2280 2281 # Returns 2282 bool: True on successful operation, or raises an OSError on failure. 2283 """ 2284 return check_return(libsyd.syd_chown_rem(action.value, glob))
Removes all matching patterns from the given actionlist of chown sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2287def chgrp_add(action: Action, glob: bytes) -> bool: 2288 """ 2289 Adds to the given actionlist of chgrp sandboxing. 2290 2291 # Parameters 2292 - action (Action): Sandbox action 2293 - glob (bytes): Glob pattern 2294 2295 # Returns 2296 bool: True on successful operation, or raises an OSError on failure. 2297 """ 2298 return check_return(libsyd.syd_chgrp_add(action.value, glob))
Adds to the given actionlist of chgrp sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2301def chgrp_del(action: Action, glob: bytes) -> bool: 2302 """ 2303 Removes the first instance from the end of the given actionlist of 2304 chgrp sandboxing. 2305 2306 # Parameters 2307 - action (Action): Sandbox action 2308 - glob (bytes): Glob pattern 2309 2310 # Returns 2311 bool: True on successful operation, or raises an OSError on failure. 2312 """ 2313 return check_return(libsyd.syd_chgrp_del(action.value, glob))
Removes the first instance from the end of the given actionlist of chgrp sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2316def chgrp_rem(action: Action, glob: bytes) -> bool: 2317 """ 2318 Removes all matching patterns from the given actionlist of chgrp sandboxing. 2319 2320 # Parameters 2321 - action (Action): Sandbox action 2322 - glob (bytes): Glob pattern 2323 2324 # Returns 2325 bool: True on successful operation, or raises an OSError on failure. 2326 """ 2327 return check_return(libsyd.syd_chgrp_rem(action.value, glob))
Removes all matching patterns from the given actionlist of chgrp sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2330def chmod_add(action: Action, glob: bytes) -> bool: 2331 """ 2332 Adds to the given actionlist of chmod sandboxing. 2333 2334 # Parameters 2335 - action (Action): Sandbox action 2336 - glob (bytes): Glob pattern 2337 2338 # Returns 2339 bool: True on successful operation, or raises an OSError on failure. 2340 """ 2341 return check_return(libsyd.syd_chmod_add(action.value, glob))
Adds to the given actionlist of chmod sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2344def chmod_del(action: Action, glob: bytes) -> bool: 2345 """ 2346 Removes the first instance from the end of the given actionlist of 2347 chmod sandboxing. 2348 2349 # Parameters 2350 - action (Action): Sandbox action 2351 - glob (bytes): Glob pattern 2352 2353 # Returns 2354 bool: True on successful operation, or raises an OSError on failure. 2355 """ 2356 return check_return(libsyd.syd_chmod_del(action.value, glob))
Removes the first instance from the end of the given actionlist of chmod sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2359def chmod_rem(action: Action, glob: bytes) -> bool: 2360 """ 2361 Removes all matching patterns from the given actionlist of chmod sandboxing. 2362 2363 # Parameters 2364 - action (Action): Sandbox action 2365 - glob (bytes): Glob pattern 2366 2367 # Returns 2368 bool: True on successful operation, or raises an OSError on failure. 2369 """ 2370 return check_return(libsyd.syd_chmod_rem(action.value, glob))
Removes all matching patterns from the given actionlist of chmod sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2373def chattr_add(action: Action, glob: bytes) -> bool: 2374 """ 2375 Adds to the given actionlist of chattr sandboxing. 2376 2377 # Parameters 2378 - action (Action): Sandbox action 2379 - glob (bytes): Glob pattern 2380 2381 # Returns 2382 bool: True on successful operation, or raises an OSError on failure. 2383 """ 2384 return check_return(libsyd.syd_chattr_add(action.value, glob))
Adds to the given actionlist of chattr sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2387def chattr_del(action: Action, glob: bytes) -> bool: 2388 """ 2389 Removes the first instance from the end of the given actionlist of 2390 chattr sandboxing. 2391 2392 # Parameters 2393 - action (Action): Sandbox action 2394 - glob (bytes): Glob pattern 2395 2396 # Returns 2397 bool: True on successful operation, or raises an OSError on failure. 2398 """ 2399 return check_return(libsyd.syd_chattr_del(action.value, glob))
Removes the first instance from the end of the given actionlist of chattr sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2402def chattr_rem(action: Action, glob: bytes) -> bool: 2403 """ 2404 Removes all matching patterns from the given actionlist of chattr sandboxing. 2405 2406 # Parameters 2407 - action (Action): Sandbox action 2408 - glob (bytes): Glob pattern 2409 2410 # Returns 2411 bool: True on successful operation, or raises an OSError on failure. 2412 """ 2413 return check_return(libsyd.syd_chattr_rem(action.value, glob))
Removes all matching patterns from the given actionlist of chattr sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2416def chroot_add(action: Action, glob: bytes) -> bool: 2417 """ 2418 Adds to the given actionlist of chroot sandboxing. 2419 2420 # Parameters 2421 - action (Action): Sandbox action 2422 - glob (bytes): Glob pattern 2423 2424 # Returns 2425 bool: True on successful operation, or raises an OSError on failure. 2426 """ 2427 return check_return(libsyd.syd_chroot_add(action.value, glob))
Adds to the given actionlist of chroot sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2430def chroot_del(action: Action, glob: bytes) -> bool: 2431 """ 2432 Removes the first instance from the end of the given actionlist of 2433 chroot sandboxing. 2434 2435 # Parameters 2436 - action (Action): Sandbox action 2437 - glob (bytes): Glob pattern 2438 2439 # Returns 2440 bool: True on successful operation, or raises an OSError on failure. 2441 """ 2442 return check_return(libsyd.syd_chroot_del(action.value, glob))
Removes the first instance from the end of the given actionlist of chroot sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2445def chroot_rem(action: Action, glob: bytes) -> bool: 2446 """ 2447 Removes all matching patterns from the given actionlist of chroot sandboxing. 2448 2449 # Parameters 2450 - action (Action): Sandbox action 2451 - glob (bytes): Glob pattern 2452 2453 # Returns 2454 bool: True on successful operation, or raises an OSError on failure. 2455 """ 2456 return check_return(libsyd.syd_chroot_rem(action.value, glob))
Removes all matching patterns from the given actionlist of chroot sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2459def utime_add(action: Action, glob: bytes) -> bool: 2460 """ 2461 Adds to the given actionlist of utime sandboxing. 2462 2463 # Parameters 2464 - action (Action): Sandbox action 2465 - glob (bytes): Glob pattern 2466 2467 # Returns 2468 bool: True on successful operation, or raises an OSError on failure. 2469 """ 2470 return check_return(libsyd.syd_utime_add(action.value, glob))
Adds to the given actionlist of utime sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2473def utime_del(action: Action, glob: bytes) -> bool: 2474 """ 2475 Removes the first instance from the end of the given actionlist of 2476 utime sandboxing. 2477 2478 # Parameters 2479 - action (Action): Sandbox action 2480 - glob (bytes): Glob pattern 2481 2482 # Returns 2483 bool: True on successful operation, or raises an OSError on failure. 2484 """ 2485 return check_return(libsyd.syd_utime_del(action.value, glob))
Removes the first instance from the end of the given actionlist of utime sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2488def utime_rem(action: Action, glob: bytes) -> bool: 2489 """ 2490 Removes all matching patterns from the given actionlist of utime sandboxing. 2491 2492 # Parameters 2493 - action (Action): Sandbox action 2494 - glob (bytes): Glob pattern 2495 2496 # Returns 2497 bool: True on successful operation, or raises an OSError on failure. 2498 """ 2499 return check_return(libsyd.syd_utime_rem(action.value, glob))
Removes all matching patterns from the given actionlist of utime sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2502def mkdev_add(action: Action, glob: bytes) -> bool: 2503 """ 2504 Adds to the given actionlist of mkdev sandboxing. 2505 2506 # Parameters 2507 - action (Action): Sandbox action 2508 - glob (bytes): Glob pattern 2509 2510 # Returns 2511 bool: True on successful operation, or raises an OSError on failure. 2512 """ 2513 return check_return(libsyd.syd_mkdev_add(action.value, glob))
Adds to the given actionlist of mkdev sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2516def mkdev_del(action: Action, glob: bytes) -> bool: 2517 """ 2518 Removes the first instance from the end of the given actionlist of 2519 mkdev sandboxing. 2520 2521 # Parameters 2522 - action (Action): Sandbox action 2523 - glob (bytes): Glob pattern 2524 2525 # Returns 2526 bool: True on successful operation, or raises an OSError on failure. 2527 """ 2528 return check_return(libsyd.syd_mkdev_del(action.value, glob))
Removes the first instance from the end of the given actionlist of mkdev sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2531def mkdev_rem(action: Action, glob: bytes) -> bool: 2532 """ 2533 Removes all matching patterns from the given actionlist of mkdev sandboxing. 2534 2535 # Parameters 2536 - action (Action): Sandbox action 2537 - glob (bytes): Glob pattern 2538 2539 # Returns 2540 bool: True on successful operation, or raises an OSError on failure. 2541 """ 2542 return check_return(libsyd.syd_mkdev_rem(action.value, glob))
Removes all matching patterns from the given actionlist of mkdev sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2545def mkfifo_add(action: Action, glob: bytes) -> bool: 2546 """ 2547 Adds to the given actionlist of mkfifo sandboxing. 2548 2549 # Parameters 2550 - action (Action): Sandbox action 2551 - glob (bytes): Glob pattern 2552 2553 # Returns 2554 bool: True on successful operation, or raises an OSError on failure. 2555 """ 2556 return check_return(libsyd.syd_mkfifo_add(action.value, glob))
Adds to the given actionlist of mkfifo sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2559def mkfifo_del(action: Action, glob: bytes) -> bool: 2560 """ 2561 Removes the first instance from the end of the given actionlist of 2562 mkfifo sandboxing. 2563 2564 # Parameters 2565 - action (Action): Sandbox action 2566 - glob (bytes): Glob pattern 2567 2568 # Returns 2569 bool: True on successful operation, or raises an OSError on failure. 2570 """ 2571 return check_return(libsyd.syd_mkfifo_del(action.value, glob))
Removes the first instance from the end of the given actionlist of mkfifo sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2574def mkfifo_rem(action: Action, glob: bytes) -> bool: 2575 """ 2576 Removes all matching patterns from the given actionlist of mkfifo sandboxing. 2577 2578 # Parameters 2579 - action (Action): Sandbox action 2580 - glob (bytes): Glob pattern 2581 2582 # Returns 2583 bool: True on successful operation, or raises an OSError on failure. 2584 """ 2585 return check_return(libsyd.syd_mkfifo_rem(action.value, glob))
Removes all matching patterns from the given actionlist of mkfifo sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2588def mktemp_add(action: Action, glob: bytes) -> bool: 2589 """ 2590 Adds to the given actionlist of mktemp sandboxing. 2591 2592 # Parameters 2593 - action (Action): Sandbox action 2594 - glob (bytes): Glob pattern 2595 2596 # Returns 2597 bool: True on successful operation, or raises an OSError on failure. 2598 """ 2599 return check_return(libsyd.syd_mktemp_add(action.value, glob))
Adds to the given actionlist of mktemp sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2602def mktemp_del(action: Action, glob: bytes) -> bool: 2603 """ 2604 Removes the first instance from the end of the given actionlist of 2605 mktemp sandboxing. 2606 2607 # Parameters 2608 - action (Action): Sandbox action 2609 - glob (bytes): Glob pattern 2610 2611 # Returns 2612 bool: True on successful operation, or raises an OSError on failure. 2613 """ 2614 return check_return(libsyd.syd_mktemp_del(action.value, glob))
Removes the first instance from the end of the given actionlist of mktemp sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2617def mktemp_rem(action: Action, glob: bytes) -> bool: 2618 """ 2619 Removes all matching patterns from the given actionlist of mktemp sandboxing. 2620 2621 # Parameters 2622 - action (Action): Sandbox action 2623 - glob (bytes): Glob pattern 2624 2625 # Returns 2626 bool: True on successful operation, or raises an OSError on failure. 2627 """ 2628 return check_return(libsyd.syd_mktemp_rem(action.value, glob))
Removes all matching patterns from the given actionlist of mktemp sandboxing.
Parameters
- action (Action): Sandbox action
- glob (bytes): Glob pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2631def net_bind_add(action: Action, addr: bytes) -> bool: 2632 """ 2633 Adds to the given actionlist of net_bind sandboxing. 2634 2635 # Parameters 2636 - action (Action): Sandbox action 2637 - addr (bytes): Address pattern 2638 2639 # Returns 2640 bool: True on successful operation, or raises an OSError on failure. 2641 """ 2642 return check_return(libsyd.syd_net_bind_add(action.value, addr))
Adds to the given actionlist of net_bind sandboxing.
Parameters
- action (Action): Sandbox action
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2645def net_bind_del(action: Action, addr: bytes) -> bool: 2646 """ 2647 Removes the first instance from the end of the given actionlist of 2648 net/bind sandboxing. 2649 2650 # Parameters 2651 - addr (bytes): Address pattern 2652 2653 # Returns 2654 bool: True on successful operation, or raises an OSError on failure. 2655 """ 2656 return check_return(libsyd.syd_net_bind_del(action.value, addr))
Removes the first instance from the end of the given actionlist of net/bind sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2659def net_bind_rem(action: Action, addr: bytes) -> bool: 2660 """ 2661 Removes all matching patterns from the given actionlist of net/bind 2662 sandboxing. 2663 2664 # Parameters 2665 - addr (bytes): Address pattern 2666 2667 # Returns 2668 bool: True on successful operation, or raises an OSError on failure. 2669 """ 2670 return check_return(libsyd.syd_net_bind_rem(action.value, addr))
Removes all matching patterns from the given actionlist of net/bind sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2673def net_connect_add(action: Action, addr: bytes) -> bool: 2674 """ 2675 Adds to the given actionlist of net_connect sandboxing. 2676 2677 # Parameters 2678 - action (Action): Sandbox action 2679 - addr (bytes): Address pattern 2680 2681 # Returns 2682 bool: True on successful operation, or raises an OSError on failure. 2683 """ 2684 return check_return(libsyd.syd_net_connect_add(action.value, addr))
Adds to the given actionlist of net_connect sandboxing.
Parameters
- action (Action): Sandbox action
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2687def net_connect_del(action: Action, addr: bytes) -> bool: 2688 """ 2689 Removes the first instance from the end of the given actionlist of 2690 net/connect sandboxing. 2691 2692 # Parameters 2693 - addr (bytes): Address pattern 2694 2695 # Returns 2696 bool: True on successful operation, or raises an OSError on failure. 2697 """ 2698 return check_return(libsyd.syd_net_connect_del(action.value, addr))
Removes the first instance from the end of the given actionlist of net/connect sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2701def net_connect_rem(action: Action, addr: bytes) -> bool: 2702 """ 2703 Removes all matching patterns from the given actionlist of net/connect 2704 sandboxing. 2705 2706 # Parameters 2707 - addr (bytes): Address pattern 2708 2709 # Returns 2710 bool: True on successful operation, or raises an OSError on failure. 2711 """ 2712 return check_return(libsyd.syd_net_connect_rem(action.value, addr))
Removes all matching patterns from the given actionlist of net/connect sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2715def net_sendfd_add(action: Action, addr: bytes) -> bool: 2716 """ 2717 Adds to the given actionlist of net_sendfd sandboxing. 2718 2719 # Parameters 2720 - action (Action): Sandbox action 2721 - addr (bytes): Address pattern 2722 2723 # Returns 2724 bool: True on successful operation, or raises an OSError on failure. 2725 """ 2726 return check_return(libsyd.syd_net_sendfd_add(action.value, addr))
Adds to the given actionlist of net_sendfd sandboxing.
Parameters
- action (Action): Sandbox action
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2729def net_sendfd_del(action: Action, addr: bytes) -> bool: 2730 """ 2731 Removes the first instance from the end of the given actionlist of 2732 net/sendfd sandboxing. 2733 2734 # Parameters 2735 - addr (bytes): Address pattern 2736 2737 # Returns 2738 bool: True on successful operation, or raises an OSError on failure. 2739 """ 2740 return check_return(libsyd.syd_net_sendfd_del(action.value, addr))
Removes the first instance from the end of the given actionlist of net/sendfd sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2743def net_sendfd_rem(action: Action, addr: bytes) -> bool: 2744 """ 2745 Removes all matching patterns from the given actionlist of net/sendfd 2746 sandboxing. 2747 2748 # Parameters 2749 - addr (bytes): Address pattern 2750 2751 # Returns 2752 bool: True on successful operation, or raises an OSError on failure. 2753 """ 2754 return check_return(libsyd.syd_net_sendfd_rem(action.value, addr))
Removes all matching patterns from the given actionlist of net/sendfd sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2757def net_link_add(action: Action, addr: bytes) -> bool: 2758 """ 2759 Adds to the given actionlist of net_link sandboxing. 2760 2761 # Parameters 2762 - action (Action): Sandbox action 2763 - addr (bytes): Address pattern 2764 2765 # Returns 2766 bool: True on successful operation, or raises an OSError on failure. 2767 """ 2768 return check_return(libsyd.syd_net_link_add(action.value, addr))
Adds to the given actionlist of net_link sandboxing.
Parameters
- action (Action): Sandbox action
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2771def net_link_del(action: Action, addr: bytes) -> bool: 2772 """ 2773 Removes the first instance from the end of the given actionlist of 2774 net/link sandboxing. 2775 2776 # Parameters 2777 - addr (bytes): Address pattern 2778 2779 # Returns 2780 bool: True on successful operation, or raises an OSError on failure. 2781 """ 2782 return check_return(libsyd.syd_net_link_del(action.value, addr))
Removes the first instance from the end of the given actionlist of net/link sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2785def net_link_rem(action: Action, addr: bytes) -> bool: 2786 """ 2787 Removes all matching patterns from the given actionlist of net/link 2788 sandboxing. 2789 2790 # Parameters 2791 - addr (bytes): Address pattern 2792 2793 # Returns 2794 bool: True on successful operation, or raises an OSError on failure. 2795 """ 2796 return check_return(libsyd.syd_net_link_rem(action.value, addr))
Removes all matching patterns from the given actionlist of net/link sandboxing.
Parameters
- addr (bytes): Address pattern
Returns
bool: True on successful operation, or raises an OSError on failure.
2799def force_add(path: bytes, hash: str, action: Action) -> bool: 2800 """ 2801 Adds an entry to the Integrity Force map for Force Sandboxing. 2802 2803 # Parameters 2804 - path (bytes): Fully-qualified file name. 2805 - hash (str): Hexadecimal encoded checksum: 2806 - 32-characters: MD5 2807 - 40-characters: SHA1 2808 - 64-characters: SHA3-256 2809 - 96-characters: SHA3-384 2810 - 128-characters: SHA3-512 2811 - action (Action): The action to take on checksum mismatch. 2812 2813 # Returns 2814 bool: True on successful operation, or raises an OSError on failure. 2815 """ 2816 return check_return(libsyd.syd_force_add(path, hash.encode("utf-8"), action.value))
Adds an entry to the Integrity Force map for Force Sandboxing.
Parameters
- path (bytes): Fully-qualified file name.
- hash (str): Hexadecimal encoded checksum:
- 32-characters: MD5
- 40-characters: SHA1
- 64-characters: SHA3-256
- 96-characters: SHA3-384
- 128-characters: SHA3-512
- action (Action): The action to take on checksum mismatch.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
force_del(path: bytes) -> bool:
2819def force_del(path: bytes) -> bool: 2820 """ 2821 Removes an entry from the Integrity Force map for Force Sandboxing. 2822 2823 # Parameters 2824 - path (bytes): Fully-qualified file name. 2825 2826 # Returns 2827 bool: True on successful operation, or raises an OSError on failure. 2828 """ 2829 return check_return(libsyd.syd_force_del(path))
Removes an entry from the Integrity Force map for Force Sandboxing.
Parameters
- path (bytes): Fully-qualified file name.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
force_clr() -> bool:
2832def force_clr() -> bool: 2833 """ 2834 Clears the Integrity Force map for Force Sandboxing. 2835 2836 # Returns 2837 bool: True on successful operation, or raises an OSError on failure. 2838 """ 2839 return check_return(libsyd.syd_force_clr())
Clears the Integrity Force map for Force Sandboxing.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
mem_max(size: Union[int, str, bytes]) -> bool:
2842def mem_max(size: Union[int, str, bytes]) -> bool: 2843 """ 2844 Set syd maximum per-process memory usage limit for memory sandboxing, 2845 parse-size crate is used to parse the value so formatted strings are OK. 2846 2847 # Parameters 2848 - size (int|str|bytes): Limit size. 2849 2850 # Returns 2851 bool: True on successful operation, or raises an OSError on failure. 2852 """ 2853 if isinstance(size, int): 2854 size = str(size) 2855 if isinstance(size, str): 2856 size = size.encode("utf-8") 2857 return check_return(libsyd.syd_mem_max(size))
Set syd maximum per-process memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.
Parameters
- size (int|str|bytes): Limit size.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
mem_vm_max(size: Union[int, str, bytes]) -> bool:
2860def mem_vm_max(size: Union[int, str, bytes]) -> bool: 2861 """ 2862 Set syd maximum per-process virtual memory usage limit for memory sandboxing, 2863 parse-size crate is used to parse the value so formatted strings are OK. 2864 2865 # Parameters 2866 - size (int|str|bytes): Limit size. 2867 2868 # Returns 2869 bool: True on successful operation, or raises an OSError on failure. 2870 """ 2871 if isinstance(size, int): 2872 size = str(size) 2873 if isinstance(size, str): 2874 size = size.encode("utf-8") 2875 return check_return(libsyd.syd_mem_vm_max(size))
Set syd maximum per-process virtual memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.
Parameters
- size (int|str|bytes): Limit size.
Returns
bool: True on successful operation, or raises an OSError on failure.
def
pid_max(size: int) -> bool:
2878def pid_max(size: int) -> bool: 2879 """ 2880 Set syd maximum process id limit for PID sandboxing 2881 2882 # Parameters 2883 - size (int): Limit size, must be greater than or equal to zero. 2884 2885 # Returns 2886 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2887 """ 2888 if size < 0: 2889 raise ValueError("Invalid limit size") 2890 return check_return(libsyd.syd_pid_max(size))
Set syd maximum process id limit for PID sandboxing
Parameters
- size (int): Limit size, must be greater than or equal to zero.
Returns
bool: True on successful operation, or raises a ValueError or an OSError on failure.
def
segvguard_expiry(timeout: int) -> bool:
2893def segvguard_expiry(timeout: int) -> bool: 2894 """ 2895 Specify SegvGuard expiry timeout in seconds, must be greater than or equal to zero. 2896 Setting this timeout to 0 effectively disables SegvGuard. 2897 2898 # Parameters 2899 - timeout (int): Expiry timeout in seconds, must be greater than or equal to zero. 2900 2901 # Returns 2902 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2903 """ 2904 if timeout < 0: 2905 raise ValueError("Invalid timeout") 2906 return check_return(libsyd.syd_segvguard_expiry(timeout))
Specify SegvGuard expiry timeout in seconds, must be greater than or equal to zero. Setting this timeout to 0 effectively disables SegvGuard.
Parameters
- timeout (int): Expiry timeout in seconds, must be greater than or equal to zero.
Returns
bool: True on successful operation, or raises a ValueError or an OSError on failure.
def
segvguard_suspension(timeout: int) -> bool:
2909def segvguard_suspension(timeout: int) -> bool: 2910 """ 2911 Specify SegvGuard entry suspension timeout in seconds. 2912 2913 # Parameters 2914 - timeout (int): Suspension timeout in seconds, must be greater than or equal to zero. 2915 2916 # Returns 2917 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2918 """ 2919 if timeout < 0: 2920 raise ValueError("Invalid timeout") 2921 return check_return(libsyd.syd_segvguard_suspension(timeout))
Specify SegvGuard entry suspension timeout in seconds.
Parameters
- timeout (int): Suspension timeout in seconds, must be greater than or equal to zero.
Returns
bool: True on successful operation, or raises a ValueError or an OSError on failure.
def
segvguard_maxcrashes(limit: int) -> bool:
2924def segvguard_maxcrashes(limit: int) -> bool: 2925 """ 2926 Specify SegvGuard max number of crashes before suspension. 2927 2928 # Parameters 2929 - limit (int): Limit, must be greater than or equal to zero. 2930 2931 # Returns 2932 bool: True on successful operation, or raises a ValueError or an OSError on failure. 2933 """ 2934 if limit < 0: 2935 raise ValueError("Invalid maxcrashes limit") 2936 return check_return(libsyd.syd_segvguard_maxcrashes(limit))
Specify SegvGuard max number of crashes before suspension.
Parameters
- limit (int): Limit, must be greater than or equal to zero.
Returns
bool: True on successful operation, or raises a ValueError or an OSError on failure.