From 497afa1f2ad071b4500403a527457730896578d1 Mon Sep 17 00:00:00 2001 From: Sebastian Walz <sebastian.walz@secunet.com> Date: Wed, 3 Jul 2024 16:29:13 +0200 Subject: [PATCH] feat(builtins): add builtin `Kill` --- src/builtins/kill.rs | 40 ++++++++++++++++++++++++++++++++++++++++ src/builtins/mod.rs | 31 +++++++++++++------------------ 2 files changed, 53 insertions(+), 18 deletions(-) create mode 100644 src/builtins/kill.rs diff --git a/src/builtins/kill.rs b/src/builtins/kill.rs new file mode 100644 index 0000000..4b21841 --- /dev/null +++ b/src/builtins/kill.rs @@ -0,0 +1,40 @@ +//! Allow `sys_kill`. + +use {crate::RuleSet, syscalls::Sysno}; + +/// Allow the syscall `kill` to send signals to other processes. +#[derive(Clone, Copy, Debug, Default, Eq, Hash, PartialEq, PartialOrd)] +#[must_use] +pub struct Kill; + +impl RuleSet for Kill { + fn simple_rules(&self) -> Vec<Sysno> { + Vec::from([Sysno::kill]) + } + + fn name(&self) -> &'static str { + "Kill" + } +} + +#[cfg(test)] +mod tests { + use {super::Kill, crate::RuleSet as _, syscalls::Sysno}; + + #[test] + fn name() { + assert_eq!(Kill.name(), "Kill"); + } + + #[test] + fn simple_rules() { + let rules = Kill.simple_rules(); + assert_eq!(rules.len(), 1); + assert!(rules.contains(&Sysno::kill)); + } + + #[test] + fn conditional_rules() { + assert!(Kill.conditional_rules().is_empty()); + } +} diff --git a/src/builtins/mod.rs b/src/builtins/mod.rs index 43b3c50..432b115 100644 --- a/src/builtins/mod.rs +++ b/src/builtins/mod.rs @@ -1,5 +1,17 @@ //! Built-in [`RuleSet`](crate::RuleSet)s +pub mod basic; +pub mod danger_zone; +pub mod kill; +pub mod network; +pub mod pipes; +pub mod systemio; +pub mod time; + +pub use { + basic::BasicCapabilities, kill::Kill, network::Networking, systemio::SystemIO, time::Time, +}; + /// A struct whose purpose is to make you read the documentation for the function you're calling. /// If you're reading this, go read the documentation for the function that is returning this /// object. @@ -16,23 +28,6 @@ impl<T> YesReally<T> { /// Make a [`YesReally`]. pub fn new(inner: T) -> YesReally<T> { - YesReally { - inner, - } + YesReally { inner } } } - -pub mod basic; -pub use basic::BasicCapabilities; - -pub mod systemio; -pub use systemio::SystemIO; - -pub mod network; -pub use network::Networking; - -pub mod time; -pub use time::Time; - -pub mod danger_zone; -pub mod pipes;