1: ; -*- lexical-binding: t -*-
2: ;
3: ; syd.el --- Emacs Lisp implementation of the virtual Syd stat(2) interface
4: ;
5: ; Syd: rock-solid application kernel
6: ; src/syd.el: Emacs Lisp implementation of the virtual Syd stat(2) interface
7: ;
8: ; Copyright (c) 2023, 2024, 2025 Ali Polatel <alip@chesswob.org>
9: ;
10: ; SPDX-License-Identifier: GPL-3.0
11:
12: ; Define lock states as keywords
13: (defconst syd-lock-off :lock-off
14: "The sandbox lock is off, allowing all sandbox commands.")
15:
16: (defconst syd-lock-exec :lock-exec
17: "The sandbox lock is set to on for all processes except the initial process
18: \(syd exec child). This is the default state.")
19:
20: (defconst syd-lock-on :lock-on
21: "The sandbox lock is on, disallowing all sandbox commands.")
22:
23: ; Define sandbox actions as keywords
24: (defconst syd-action-allow :action-allow
25: "Allow system call.")
26:
27: (defconst syd-action-warn :action-warn
28: "Allow system call and warn.")
29:
30: (defconst syd-action-filter :action-filter
31: "Deny system call silently.")
32:
33: (defconst syd-action-deny :action-deny
34: "Deny system call and warn.")
35:
36: (defconst syd-action-panic :action-panic
37: "Deny system call, warn and panic the current Syd thread.")
38:
39: (defconst syd-action-stop :action-stop
40: "Deny system call, warn and stop offending process.")
41:
42: (defconst syd-action-abort :action-abort
43: "Deny system call, warn and abort offending process.")
44:
45: (defconst syd-action-kill :action-kill
46: "Deny system call, warn and kill offending process.")
47:
48: (defconst syd-action-exit :action-exit
49: "Warn, and exit Syd immediately with deny errno as exit value.")
50:
51: (defun syd-info ()
52: "Reads the state of the syd sandbox from /dev/syd and returns it as an alist.
53: If the `json' module is not available, returns nil."
54: (if (require 'json nil t)
55: (condition-case nil
56: (with-temp-buffer
57: (insert-file-contents "/dev/syd")
58: (with-no-warnings
59: (let ((json-object-type 'alist)
60: (json-array-type 'list)
61: (json-key-type 'symbol)
62: (json-false nil)
63: (json-null nil))
64: (json-read))))
65: (file-error
66: (message "Error reading /dev/syd.")
67: nil)
68: (json-error
69: (message "JSON decoding error.")
70: nil))
71: (progn
72: (message "JSON module not available.")
73: nil)))
74:
75: (defun syd-api ()
76: "Performs a syd API check."
77: (if (syd--stat "/dev/syd/3")
78: 3 ; API number on success
79: nil)) ; On error, return nil
80:
81: (defun syd-check ()
82: "Check if '/dev/syd' is a character device."
83: (syd--stat "/dev/syd"))
84:
85: (defun syd-panic ()
86: "Causes syd to exit immediately with code 127"
87: (syd--stat "/dev/syd/panic"))
88:
89: (defun syd-reset ()
90: "Causes syd to reset sandboxing to the default state."
91: (syd--stat "/dev/syd/reset"))
92:
93: (defun syd-load (fd)
94: "Causes syd to read configuration from the given file descriptor FD."
95: (let ((path (concat "/dev/syd/load/" (number-to-string fd))))
96: (syd--stat path)))
97:
98: (defun syd-lock (state)
99: "Sets the state of the sandbox lock.
100: STATE is one of the keywords :lock-off, :lock-exec, or :lock-on.
101: Returns t on success, nil on failure."
102: (cond
103: ((eq state syd-lock-off) (syd--stat "/dev/syd/lock:off"))
104: ((eq state syd-lock-exec) (syd--stat "/dev/syd/lock:exec"))
105: ((eq state syd-lock-on) (syd--stat "/dev/syd/lock:on"))
106: (t nil))) ; Invalid state
107:
108: (defun syd-enabled-stat ()
109: "Checks if Stat sandboxing is enabled."
110: (syd--stat "/dev/syd/sandbox/stat?"))
111:
112: (defun syd-enable-stat ()
113: "Enable Stat sandboxing."
114: (syd--stat "/dev/syd/sandbox/stat:on"))
115:
116: (defun syd-disable-stat ()
117: "Disable Stat sandboxing."
118: (syd--stat "/dev/syd/sandbox/stat:off"))
119:
120: (defun syd-enabled-read ()
121: "Checks if Read sandboxing is enabled."
122: (syd--stat "/dev/syd/sandbox/read?"))
123:
124: (defun syd-enable-read ()
125: "Enable Read sandboxing."
126: (syd--stat "/dev/syd/sandbox/read:on"))
127:
128: (defun syd-disable-read ()
129: "Disable Read sandboxing."
130: (syd--stat "/dev/syd/sandbox/read:off"))
131:
132: (defun syd-enabled-write ()
133: "Checks if Write sandboxing is enabled."
134: (syd--stat "/dev/syd/sandbox/write?"))
135:
136: (defun syd-enable-write ()
137: "Enable Write sandboxing."
138: (syd--stat "/dev/syd/sandbox/write:on"))
139:
140: (defun syd-disable-write ()
141: "Disable Write sandboxing."
142: (syd--stat "/dev/syd/sandbox/write:off"))
143:
144: (defun syd-enabled-exec ()
145: "Checks if Exec sandboxing is enabled."
146: (syd--stat "/dev/syd/sandbox/exec?"))
147:
148: (defun syd-enable-exec ()
149: "Enable Exec sandboxing."
150: (syd--stat "/dev/syd/sandbox/exec:on"))
151:
152: (defun syd-disable-exec ()
153: "Disable Exec sandboxing."
154: (syd--stat "/dev/syd/sandbox/exec:off"))
155:
156: (defun syd-enabled-ioctl ()
157: "Checks if Ioctl sandboxing is enabled."
158: (syd--stat "/dev/syd/sandbox/ioctl?"))
159:
160: (defun syd-enable-ioctl ()
161: "Enable Ioctl sandboxing."
162: (syd--stat "/dev/syd/sandbox/ioctl:on"))
163:
164: (defun syd-disable-ioctl ()
165: "Disable Ioctl sandboxing."
166: (syd--stat "/dev/syd/sandbox/ioctl:off"))
167:
168: (defun syd-enabled-create ()
169: "Checks if create sandboxing is enabled."
170: (syd--stat "/dev/syd/sandbox/create?"))
171:
172: (defun syd-enable-create ()
173: "Enable create sandboxing."
174: (syd--stat "/dev/syd/sandbox/create:on"))
175:
176: (defun syd-disable-create ()
177: "Disable create sandboxing."
178: (syd--stat "/dev/syd/sandbox/create:off"))
179:
180: (defun syd-enabled-delete ()
181: "Checks if delete sandboxing is enabled."
182: (syd--stat "/dev/syd/sandbox/delete?"))
183:
184: (defun syd-enable-delete ()
185: "Enable delete sandboxing."
186: (syd--stat "/dev/syd/sandbox/delete:on"))
187:
188: (defun syd-disable-delete ()
189: "Disable delete sandboxing."
190: (syd--stat "/dev/syd/sandbox/delete:off"))
191:
192: (defun syd-enabled-rename ()
193: "Checks if rename sandboxing is enabled."
194: (syd--stat "/dev/syd/sandbox/rename?"))
195:
196: (defun syd-enable-rename ()
197: "Enable rename sandboxing."
198: (syd--stat "/dev/syd/sandbox/rename:on"))
199:
200: (defun syd-disable-rename ()
201: "Disable rename sandboxing."
202: (syd--stat "/dev/syd/sandbox/rename:off"))
203:
204: (defun syd-enabled-symlink ()
205: "Checks if symlink sandboxing is enabled."
206: (syd--stat "/dev/syd/sandbox/symlink?"))
207:
208: (defun syd-enable-symlink ()
209: "Enable symlink sandboxing."
210: (syd--stat "/dev/syd/sandbox/symlink:on"))
211:
212: (defun syd-disable-symlink ()
213: "Disable symlink sandboxing."
214: (syd--stat "/dev/syd/sandbox/symlink:off"))
215:
216: (defun syd-enabled-truncate ()
217: "Checks if Truncate sandboxing is enabled."
218: (syd--stat "/dev/syd/sandbox/truncate?"))
219:
220: (defun syd-enable-truncate ()
221: "Enable Truncate sandboxing."
222: (syd--stat "/dev/syd/sandbox/truncate:on"))
223:
224: (defun syd-disable-truncate ()
225: "Disable Truncate sandboxing."
226: (syd--stat "/dev/syd/sandbox/truncate:off"))
227:
228: (defun syd-enabled-chdir ()
229: "Checks if chdir sandboxing is enabled."
230: (syd--stat "/dev/syd/sandbox/chdir?"))
231:
232: (defun syd-enable-chdir ()
233: "Enable chdir sandboxing."
234: (syd--stat "/dev/syd/sandbox/chdir:on"))
235:
236: (defun syd-disable-chdir ()
237: "Disable chdir sandboxing."
238: (syd--stat "/dev/syd/sandbox/chdir:off"))
239:
240: (defun syd-enabled-readdir ()
241: "Checks if readdir sandboxing is enabled."
242: (syd--stat "/dev/syd/sandbox/readdir?"))
243:
244: (defun syd-enable-readdir ()
245: "Enable readdir sandboxing."
246: (syd--stat "/dev/syd/sandbox/readdir:on"))
247:
248: (defun syd-disable-readdir ()
249: "Disable readdir sandboxing."
250: (syd--stat "/dev/syd/sandbox/readdir:off"))
251:
252: (defun syd-enabled-mkdir ()
253: "Checks if mkdir sandboxing is enabled."
254: (syd--stat "/dev/syd/sandbox/mkdir?"))
255:
256: (defun syd-enable-mkdir ()
257: "Enable mkdir sandboxing."
258: (syd--stat "/dev/syd/sandbox/mkdir:on"))
259:
260: (defun syd-disable-mkdir ()
261: "Disable mkdir sandboxing."
262: (syd--stat "/dev/syd/sandbox/mkdir:off"))
263:
264: (defun syd-enabled-rmdir ()
265: "Checks if rmdir sandboxing is enabled."
266: (syd--stat "/dev/syd/sandbox/rmdir?"))
267:
268: (defun syd-enable-rmdir ()
269: "Enable rmdir sandboxing."
270: (syd--stat "/dev/syd/sandbox/rmdir:on"))
271:
272: (defun syd-disable-rmdir ()
273: "Disable rmdir sandboxing."
274: (syd--stat "/dev/syd/sandbox/rmdir:off"))
275:
276: (defun syd-enabled-chown ()
277: "Checks if chown sandboxing is enabled."
278: (syd--stat "/dev/syd/sandbox/chown?"))
279:
280: (defun syd-enable-chown ()
281: "Enable chown sandboxing."
282: (syd--stat "/dev/syd/sandbox/chown:on"))
283:
284: (defun syd-disable-chown ()
285: "Disable chown sandboxing."
286: (syd--stat "/dev/syd/sandbox/chown:off"))
287:
288: (defun syd-enabled-chgrp ()
289: "Checks if chgrp sandboxing is enabled."
290: (syd--stat "/dev/syd/sandbox/chgrp?"))
291:
292: (defun syd-enable-chgrp ()
293: "Enable chgrp sandboxing."
294: (syd--stat "/dev/syd/sandbox/chgrp:on"))
295:
296: (defun syd-disable-chgrp ()
297: "Disable chgrp sandboxing."
298: (syd--stat "/dev/syd/sandbox/chgrp:off"))
299:
300: (defun syd-enabled-chmod ()
301: "Checks if chmod sandboxing is enabled."
302: (syd--stat "/dev/syd/sandbox/chmod?"))
303:
304: (defun syd-enable-chmod ()
305: "Enable chmod sandboxing."
306: (syd--stat "/dev/syd/sandbox/chmod:on"))
307:
308: (defun syd-disable-chmod ()
309: "Disable chmod sandboxing."
310: (syd--stat "/dev/syd/sandbox/chmod:off"))
311:
312: (defun syd-enabled-chattr ()
313: "Checks if chattr sandboxing is enabled."
314: (syd--stat "/dev/syd/sandbox/chattr?"))
315:
316: (defun syd-enable-chattr ()
317: "Enable chattr sandboxing."
318: (syd--stat "/dev/syd/sandbox/chattr:on"))
319:
320: (defun syd-disable-chattr ()
321: "Disable chattr sandboxing."
322: (syd--stat "/dev/syd/sandbox/chattr:off"))
323:
324: (defun syd-enabled-chroot ()
325: "Checks if chroot sandboxing is enabled."
326: (syd--stat "/dev/syd/sandbox/chroot?"))
327:
328: (defun syd-enable-chroot ()
329: "Enable chroot sandboxing."
330: (syd--stat "/dev/syd/sandbox/chroot:on"))
331:
332: (defun syd-disable-chroot ()
333: "Disable chroot sandboxing."
334: (syd--stat "/dev/syd/sandbox/chroot:off"))
335:
336: (defun syd-enabled-utime ()
337: "Checks if utime sandboxing is enabled."
338: (syd--stat "/dev/syd/sandbox/utime?"))
339:
340: (defun syd-enable-utime ()
341: "Enable utime sandboxing."
342: (syd--stat "/dev/syd/sandbox/utime:on"))
343:
344: (defun syd-disable-utime ()
345: "Disable utime sandboxing."
346: (syd--stat "/dev/syd/sandbox/utime:off"))
347:
348: (defun syd-enabled-mkbdev ()
349: "Checks if mkbdev sandboxing is enabled."
350: (syd--stat "/dev/syd/sandbox/mkbdev?"))
351:
352: (defun syd-enable-mkbdev ()
353: "Enable mkbdev sandboxing."
354: (syd--stat "/dev/syd/sandbox/mkbdev:on"))
355:
356: (defun syd-disable-mkbdev ()
357: "Disable mkbdev sandboxing."
358: (syd--stat "/dev/syd/sandbox/mkbdev:off"))
359:
360: (defun syd-enabled-mkcdev ()
361: "Checks if mkcdev sandboxing is enabled."
362: (syd--stat "/dev/syd/sandbox/mkcdev?"))
363:
364: (defun syd-enable-mkcdev ()
365: "Enable mkcdev sandboxing."
366: (syd--stat "/dev/syd/sandbox/mkcdev:on"))
367:
368: (defun syd-disable-mkcdev ()
369: "Disable mkcdev sandboxing."
370: (syd--stat "/dev/syd/sandbox/mkcdev:off"))
371:
372: (defun syd-enabled-mkfifo ()
373: "Checks if mkfifo sandboxing is enabled."
374: (syd--stat "/dev/syd/sandbox/mkfifo?"))
375:
376: (defun syd-enable-mkfifo ()
377: "Enable mkfifo sandboxing."
378: (syd--stat "/dev/syd/sandbox/mkfifo:on"))
379:
380: (defun syd-disable-mkfifo ()
381: "Disable mkfifo sandboxing."
382: (syd--stat "/dev/syd/sandbox/mkfifo:off"))
383:
384: (defun syd-enabled-mktemp ()
385: "Checks if mktemp sandboxing is enabled."
386: (syd--stat "/dev/syd/sandbox/mktemp?"))
387:
388: (defun syd-enable-mktemp ()
389: "Enable mktemp sandboxing."
390: (syd--stat "/dev/syd/sandbox/mktemp:on"))
391:
392: (defun syd-disable-mktemp ()
393: "Disable mktemp sandboxing."
394: (syd--stat "/dev/syd/sandbox/mktemp:off"))
395:
396: (defun syd-enabled-net ()
397: "Checks if Network sandboxing is enabled."
398: (syd--stat "/dev/syd/sandbox/net?"))
399:
400: (defun syd-enable-net ()
401: "Enable Network sandboxing."
402: (syd--stat "/dev/syd/sandbox/net:on"))
403:
404: (defun syd-disable-net ()
405: "Disable Network sandboxing."
406: (syd--stat "/dev/syd/sandbox/net:off"))
407:
408: (defun syd-enabled-lock ()
409: "Checks if lock sandboxing is enabled."
410: (syd--stat "/dev/syd/sandbox/lock?"))
411:
412: (defun syd-enabled-crypt ()
413: "Checks if crypt sandboxing is enabled."
414: (syd--stat "/dev/syd/sandbox/crypt?"))
415:
416: (defun syd-enabled-proxy ()
417: "Checks if proxy sandboxing is enabled."
418: (syd--stat "/dev/syd/sandbox/proxy?"))
419:
420: (defun syd-enabled-mem ()
421: "Checks if memory sandboxing is enabled."
422: (syd--stat "/dev/syd/sandbox/mem?"))
423:
424: (defun syd-enable-mem ()
425: "Enable memory sandboxing."
426: (syd--stat "/dev/syd/sandbox/mem:on"))
427:
428: (defun syd-disable-mem ()
429: "Disable memory sandboxing."
430: (syd--stat "/dev/syd/sandbox/mem:off"))
431:
432: (defun syd-enabled-pid ()
433: "Checks if PID sandboxing is enabled."
434: (syd--stat "/dev/syd/sandbox/pid?"))
435:
436: (defun syd-enable-pid ()
437: "Enable PID sandboxing."
438: (syd--stat "/dev/syd/sandbox/pid:on"))
439:
440: (defun syd-disable-pid ()
441: "Disable PID sandboxing."
442: (syd--stat "/dev/syd/sandbox/pid:off"))
443:
444: (defun syd-enabled-force ()
445: "Checks if force sandboxing is enabled."
446: (syd--stat "/dev/syd/sandbox/force?"))
447:
448: (defun syd-enable-force ()
449: "Enable force sandboxing."
450: (syd--stat "/dev/syd/sandbox/force:on"))
451:
452: (defun syd-disable-force ()
453: "Disable force sandboxing."
454: (syd--stat "/dev/syd/sandbox/force:off"))
455:
456: (defun syd-enabled-tpe ()
457: "Checks if TPE sandboxing is enabled."
458: (syd--stat "/dev/syd/sandbox/tpe?"))
459:
460: (defun syd-enable-tpe ()
461: "Enable TPE sandboxing."
462: (syd--stat "/dev/syd/sandbox/tpe:on"))
463:
464: (defun syd-disable-tpe ()
465: "Disable TPE sandboxing."
466: (syd--stat "/dev/syd/sandbox/tpe:off"))
467:
468: (defun syd-default-stat (action)
469: "Set default action for Stat sandboxing.
470: ACTION is a constant representing the sandboxing action."
471: (let ((action (cond
472: ((eq action :action-allow) "allow")
473: ((eq action :action-warn) "warn")
474: ((eq action :action-filter) "filter")
475: ((eq action :action-deny) "deny")
476: ((eq action :action-panic) "panic")
477: ((eq action :action-stop) "stop")
478: ((eq action :action-abort) "abort")
479: ((eq action :action-kill) "kill")
480: ((eq action :action-exit) "exit"))))
481: ; Only proceed if action is not nil
482: (when action
483: (let ((cmd (format "/dev/syd/default/stat:%s" action)))
484: ; Call syd--stat with the command
485: (syd--stat cmd)))))
486:
487: (defun syd-default-read (action)
488: "Set default action for Read sandboxing.
489: ACTION is a constant representing the sandboxing action."
490: (let ((action (cond
491: ((eq action :action-allow) "allow")
492: ((eq action :action-warn) "warn")
493: ((eq action :action-filter) "filter")
494: ((eq action :action-deny) "deny")
495: ((eq action :action-panic) "panic")
496: ((eq action :action-stop) "stop")
497: ((eq action :action-abort) "abort")
498: ((eq action :action-kill) "kill")
499: ((eq action :action-exit) "exit"))))
500: ; Only proceed if action is not nil
501: (when action
502: (let ((cmd (format "/dev/syd/default/read:%s" action)))
503: ; Call syd--stat with the command
504: (syd--stat cmd)))))
505:
506: (defun syd-default-write (action)
507: "Set default action for Write sandboxing.
508: ACTION is a constant representing the sandboxing action."
509: (let ((action (cond
510: ((eq action :action-allow) "allow")
511: ((eq action :action-warn) "warn")
512: ((eq action :action-filter) "filter")
513: ((eq action :action-deny) "deny")
514: ((eq action :action-panic) "panic")
515: ((eq action :action-stop) "stop")
516: ((eq action :action-abort) "abort")
517: ((eq action :action-kill) "kill")
518: ((eq action :action-exit) "exit"))))
519: ; Only proceed if action is not nil
520: (when action
521: (let ((cmd (format "/dev/syd/default/write:%s" action)))
522: ; Call syd--write with the command
523: (syd--stat cmd)))))
524:
525: (defun syd-default-exec (action)
526: "Set default action for Exec sandboxing.
527: ACTION is a constant representing the sandboxing action."
528: (let ((action (cond
529: ((eq action :action-allow) "allow")
530: ((eq action :action-warn) "warn")
531: ((eq action :action-filter) "filter")
532: ((eq action :action-deny) "deny")
533: ((eq action :action-panic) "panic")
534: ((eq action :action-stop) "stop")
535: ((eq action :action-abort) "abort")
536: ((eq action :action-kill) "kill")
537: ((eq action :action-exit) "exit"))))
538: ; Only proceed if action is not nil
539: (when action
540: (let ((cmd (format "/dev/syd/default/exec:%s" action)))
541: ; Call syd--exec with the command
542: (syd--stat cmd)))))
543:
544: (defun syd-default-ioctl (action)
545: "Set default action for Ioctl sandboxing.
546: ACTION is a constant representing the sandboxing action."
547: (let ((action (cond
548: ((eq action :action-allow) "allow")
549: ((eq action :action-warn) "warn")
550: ((eq action :action-filter) "filter")
551: ((eq action :action-deny) "deny")
552: ((eq action :action-panic) "panic")
553: ((eq action :action-stop) "stop")
554: ((eq action :action-abort) "abort")
555: ((eq action :action-kill) "kill")
556: ((eq action :action-exit) "exit"))))
557: ; Only proceed if action is not nil
558: (when action
559: (let ((cmd (format "/dev/syd/default/ioctl:%s" action)))
560: ; Call syd--ioctl with the command
561: (syd--stat cmd)))))
562:
563: (defun syd-default-create (action)
564: "Set default action for Create sandboxing.
565: ACTION is a constant representing the sandboxing action."
566: (let ((action (cond
567: ((eq action :action-allow) "allow")
568: ((eq action :action-warn) "warn")
569: ((eq action :action-filter) "filter")
570: ((eq action :action-deny) "deny")
571: ((eq action :action-panic) "panic")
572: ((eq action :action-stop) "stop")
573: ((eq action :action-abort) "abort")
574: ((eq action :action-kill) "kill")
575: ((eq action :action-exit) "exit"))))
576: ; Only proceed if action is not nil
577: (when action
578: (let ((cmd (format "/dev/syd/default/create:%s" action)))
579: ; Call syd--stat with the command
580: (syd--stat cmd)))))
581:
582: (defun syd-default-delete (action)
583: "Set default action for Delete sandboxing.
584: ACTION is a constant representing the sandboxing action."
585: (let ((action (cond
586: ((eq action :action-allow) "allow")
587: ((eq action :action-warn) "warn")
588: ((eq action :action-filter) "filter")
589: ((eq action :action-deny) "deny")
590: ((eq action :action-panic) "panic")
591: ((eq action :action-stop) "stop")
592: ((eq action :action-abort) "abort")
593: ((eq action :action-kill) "kill")
594: ((eq action :action-exit) "exit"))))
595: ; Only proceed if action is not nil
596: (when action
597: (let ((cmd (format "/dev/syd/default/delete:%s" action)))
598: ; Call syd--stat with the command
599: (syd--stat cmd)))))
600:
601: (defun syd-default-rename (action)
602: "Set default action for rename sandboxing.
603: ACTION is a constant representing the sandboxing action."
604: (let ((action (cond
605: ((eq action :action-allow) "allow")
606: ((eq action :action-warn) "warn")
607: ((eq action :action-filter) "filter")
608: ((eq action :action-deny) "deny")
609: ((eq action :action-panic) "panic")
610: ((eq action :action-stop) "stop")
611: ((eq action :action-abort) "abort")
612: ((eq action :action-kill) "kill")
613: ((eq action :action-exit) "exit"))))
614: ; Only proceed if action is not nil
615: (when action
616: (let ((cmd (format "/dev/syd/default/rename:%s" action)))
617: ; Call syd--stat with the command
618: (syd--stat cmd)))))
619:
620: (defun syd-default-symlink (action)
621: "Set default action for symlink sandboxing.
622: ACTION is a constant representing the sandboxing action."
623: (let ((action (cond
624: ((eq action :action-allow) "allow")
625: ((eq action :action-warn) "warn")
626: ((eq action :action-filter) "filter")
627: ((eq action :action-deny) "deny")
628: ((eq action :action-panic) "panic")
629: ((eq action :action-stop) "stop")
630: ((eq action :action-abort) "abort")
631: ((eq action :action-kill) "kill")
632: ((eq action :action-exit) "exit"))))
633: ; Only proceed if action is not nil
634: (when action
635: (let ((cmd (format "/dev/syd/default/symlink:%s" action)))
636: ; Call syd--stat with the command
637: (syd--stat cmd)))))
638:
639: (defun syd-default-truncate (action)
640: "Set default action for Truncate sandboxing.
641: ACTION is a constant representing the sandboxing action."
642: (let ((action (cond
643: ((eq action :action-allow) "allow")
644: ((eq action :action-warn) "warn")
645: ((eq action :action-filter) "filter")
646: ((eq action :action-deny) "deny")
647: ((eq action :action-panic) "panic")
648: ((eq action :action-stop) "stop")
649: ((eq action :action-abort) "abort")
650: ((eq action :action-kill) "kill")
651: ((eq action :action-exit) "exit"))))
652: ; Only proceed if action is not nil
653: (when action
654: (let ((cmd (format "/dev/syd/default/truncate:%s" action)))
655: ; Call syd--truncate with the command
656: (syd--stat cmd)))))
657:
658: (defun syd-default-chdir (action)
659: "Set default action for chdir sandboxing.
660: ACTION is a constant representing the sandboxing action."
661: (let ((action (cond
662: ((eq action :action-allow) "allow")
663: ((eq action :action-warn) "warn")
664: ((eq action :action-filter) "filter")
665: ((eq action :action-deny) "deny")
666: ((eq action :action-panic) "panic")
667: ((eq action :action-stop) "stop")
668: ((eq action :action-abort) "abort")
669: ((eq action :action-kill) "kill")
670: ((eq action :action-exit) "exit"))))
671: ; Only proceed if action is not nil
672: (when action
673: (let ((cmd (format "/dev/syd/default/chdir:%s" action)))
674: ; Call syd--chdir with the command
675: (syd--stat cmd)))))
676:
677: (defun syd-default-readdir (action)
678: "Set default action for readdir sandboxing.
679: ACTION is a constant representing the sandboxing action."
680: (let ((action (cond
681: ((eq action :action-allow) "allow")
682: ((eq action :action-warn) "warn")
683: ((eq action :action-filter) "filter")
684: ((eq action :action-deny) "deny")
685: ((eq action :action-panic) "panic")
686: ((eq action :action-stop) "stop")
687: ((eq action :action-abort) "abort")
688: ((eq action :action-kill) "kill")
689: ((eq action :action-exit) "exit"))))
690: ; Only proceed if action is not nil
691: (when action
692: (let ((cmd (format "/dev/syd/default/readdir:%s" action)))
693: ; Call syd--readdir with the command
694: (syd--stat cmd)))))
695:
696: (defun syd-default-mkdir (action)
697: "Set default action for mkdir sandboxing.
698: ACTION is a constant representing the sandboxing action."
699: (let ((action (cond
700: ((eq action :action-allow) "allow")
701: ((eq action :action-warn) "warn")
702: ((eq action :action-filter) "filter")
703: ((eq action :action-deny) "deny")
704: ((eq action :action-panic) "panic")
705: ((eq action :action-stop) "stop")
706: ((eq action :action-abort) "abort")
707: ((eq action :action-kill) "kill")
708: ((eq action :action-exit) "exit"))))
709: ; Only proceed if action is not nil
710: (when action
711: (let ((cmd (format "/dev/syd/default/mkdir:%s" action)))
712: ; Call syd--mkdir with the command
713: (syd--stat cmd)))))
714:
715: (defun syd-default-rmdir (action)
716: "Set default action for rmdir sandboxing.
717: ACTION is a constant representing the sandboxing action."
718: (let ((action (cond
719: ((eq action :action-allow) "allow")
720: ((eq action :action-warn) "warn")
721: ((eq action :action-filter) "filter")
722: ((eq action :action-deny) "deny")
723: ((eq action :action-panic) "panic")
724: ((eq action :action-stop) "stop")
725: ((eq action :action-abort) "abort")
726: ((eq action :action-kill) "kill")
727: ((eq action :action-exit) "exit"))))
728: ; Only proceed if action is not nil
729: (when action
730: (let ((cmd (format "/dev/syd/default/rmdir:%s" action)))
731: ; Call syd--rmdir with the command
732: (syd--stat cmd)))))
733:
734: (defun syd-default-chown (action)
735: "Set default action for Chown sandboxing.
736: ACTION is a constant representing the sandboxing action."
737: (let ((action (cond
738: ((eq action :action-allow) "allow")
739: ((eq action :action-warn) "warn")
740: ((eq action :action-filter) "filter")
741: ((eq action :action-deny) "deny")
742: ((eq action :action-panic) "panic")
743: ((eq action :action-stop) "stop")
744: ((eq action :action-abort) "abort")
745: ((eq action :action-kill) "kill")
746: ((eq action :action-exit) "exit"))))
747: ; Only proceed if action is not nil
748: (when action
749: (let ((cmd (format "/dev/syd/default/chown:%s" action)))
750: ; Call syd--stat with the command
751: (syd--stat cmd)))))
752:
753: (defun syd-default-chgrp (action)
754: "Set default action for Chgrp sandboxing.
755: ACTION is a constant representing the sandboxing action."
756: (let ((action (cond
757: ((eq action :action-allow) "allow")
758: ((eq action :action-warn) "warn")
759: ((eq action :action-filter) "filter")
760: ((eq action :action-deny) "deny")
761: ((eq action :action-panic) "panic")
762: ((eq action :action-stop) "stop")
763: ((eq action :action-abort) "abort")
764: ((eq action :action-kill) "kill")
765: ((eq action :action-exit) "exit"))))
766: ; Only proceed if action is not nil
767: (when action
768: (let ((cmd (format "/dev/syd/default/chgrp:%s" action)))
769: ; Call syd--stat with the command
770: (syd--stat cmd)))))
771:
772: (defun syd-default-chmod (action)
773: "Set default action for chmod sandboxing.
774: ACTION is a constant representing the sandboxing action."
775: (let ((action (cond
776: ((eq action :action-allow) "allow")
777: ((eq action :action-warn) "warn")
778: ((eq action :action-filter) "filter")
779: ((eq action :action-deny) "deny")
780: ((eq action :action-panic) "panic")
781: ((eq action :action-stop) "stop")
782: ((eq action :action-abort) "abort")
783: ((eq action :action-kill) "kill")
784: ((eq action :action-exit) "exit"))))
785: ; Only proceed if action is not nil
786: (when action
787: (let ((cmd (format "/dev/syd/default/chmod:%s" action)))
788: ; Call syd--stat with the command
789: (syd--stat cmd)))))
790:
791: (defun syd-default-chattr (action)
792: "Set default action for chattr sandboxing.
793: ACTION is a constant representing the sandboxing action."
794: (let ((action (cond
795: ((eq action :action-allow) "allow")
796: ((eq action :action-warn) "warn")
797: ((eq action :action-filter) "filter")
798: ((eq action :action-deny) "deny")
799: ((eq action :action-panic) "panic")
800: ((eq action :action-stop) "stop")
801: ((eq action :action-abort) "abort")
802: ((eq action :action-kill) "kill")
803: ((eq action :action-exit) "exit"))))
804: ; Only proceed if action is not nil
805: (when action
806: (let ((cmd (format "/dev/syd/default/chattr:%s" action)))
807: ; Call syd--stat with the command
808: (syd--stat cmd)))))
809:
810: (defun syd-default-chroot (action)
811: "Set default action for chroot sandboxing.
812: ACTION is a constant representing the sandboxing action."
813: (let ((action (cond
814: ((eq action :action-allow) "allow")
815: ((eq action :action-warn) "warn")
816: ((eq action :action-filter) "filter")
817: ((eq action :action-deny) "deny")
818: ((eq action :action-panic) "panic")
819: ((eq action :action-stop) "stop")
820: ((eq action :action-abort) "abort")
821: ((eq action :action-kill) "kill")
822: ((eq action :action-exit) "exit"))))
823: ; Only proceed if action is not nil
824: (when action
825: (let ((cmd (format "/dev/syd/default/chroot:%s" action)))
826: ; Call syd--stat with the command
827: (syd--stat cmd)))))
828:
829: (defun syd-default-utime (action)
830: "Set default action for utime sandboxing.
831: ACTION is a constant representing the sandboxing action."
832: (let ((action (cond
833: ((eq action :action-allow) "allow")
834: ((eq action :action-warn) "warn")
835: ((eq action :action-filter) "filter")
836: ((eq action :action-deny) "deny")
837: ((eq action :action-panic) "panic")
838: ((eq action :action-stop) "stop")
839: ((eq action :action-abort) "abort")
840: ((eq action :action-kill) "kill")
841: ((eq action :action-exit) "exit"))))
842: ; Only proceed if action is not nil
843: (when action
844: (let ((cmd (format "/dev/syd/default/utime:%s" action)))
845: ; Call syd--stat with the command
846: (syd--stat cmd)))))
847:
848: (defun syd-default-mkbdev (action)
849: "Set default action for mkbdev sandboxing.
850: ACTION is a constant representing the sandboxing action."
851: (let ((action (cond
852: ((eq action :action-allow) "allow")
853: ((eq action :action-warn) "warn")
854: ((eq action :action-filter) "filter")
855: ((eq action :action-deny) "deny")
856: ((eq action :action-panic) "panic")
857: ((eq action :action-stop) "stop")
858: ((eq action :action-abort) "abort")
859: ((eq action :action-kill) "kill")
860: ((eq action :action-exit) "exit"))))
861: ; Only proceed if action is not nil
862: (when action
863: (let ((cmd (format "/dev/syd/default/mkbdev:%s" action)))
864: ; Call syd--stat with the command
865: (syd--stat cmd)))))
866:
867: (defun syd-default-mkcdev (action)
868: "Set default action for mkcdev sandboxing.
869: ACTION is a constant representing the sandboxing action."
870: (let ((action (cond
871: ((eq action :action-allow) "allow")
872: ((eq action :action-warn) "warn")
873: ((eq action :action-filter) "filter")
874: ((eq action :action-deny) "deny")
875: ((eq action :action-panic) "panic")
876: ((eq action :action-stop) "stop")
877: ((eq action :action-abort) "abort")
878: ((eq action :action-kill) "kill")
879: ((eq action :action-exit) "exit"))))
880: ; Only proceed if action is not nil
881: (when action
882: (let ((cmd (format "/dev/syd/default/mkcdev:%s" action)))
883: ; Call syd--stat with the command
884: (syd--stat cmd)))))
885:
886: (defun syd-default-mkfifo (action)
887: "Set default action for mkfifo sandboxing.
888: ACTION is a constant representing the sandboxing action."
889: (let ((action (cond
890: ((eq action :action-allow) "allow")
891: ((eq action :action-warn) "warn")
892: ((eq action :action-filter) "filter")
893: ((eq action :action-deny) "deny")
894: ((eq action :action-panic) "panic")
895: ((eq action :action-stop) "stop")
896: ((eq action :action-abort) "abort")
897: ((eq action :action-kill) "kill")
898: ((eq action :action-exit) "exit"))))
899: ; Only proceed if action is not nil
900: (when action
901: (let ((cmd (format "/dev/syd/default/mkfifo:%s" action)))
902: ; Call syd--stat with the command
903: (syd--stat cmd)))))
904:
905: (defun syd-default-mktemp (action)
906: "Set default action for mktemp sandboxing.
907: ACTION is a constant representing the sandboxing action."
908: (let ((action (cond
909: ((eq action :action-allow) "allow")
910: ((eq action :action-warn) "warn")
911: ((eq action :action-filter) "filter")
912: ((eq action :action-deny) "deny")
913: ((eq action :action-panic) "panic")
914: ((eq action :action-stop) "stop")
915: ((eq action :action-abort) "abort")
916: ((eq action :action-kill) "kill")
917: ((eq action :action-exit) "exit"))))
918: ; Only proceed if action is not nil
919: (when action
920: (let ((cmd (format "/dev/syd/default/mktemp:%s" action)))
921: ; Call syd--stat with the command
922: (syd--stat cmd)))))
923:
924: (defun syd-default-net (action)
925: "Set default action for Network sandboxing.
926: ACTION is a constant representing the sandboxing action."
927: (let ((action (cond
928: ((eq action :action-allow) "allow")
929: ((eq action :action-warn) "warn")
930: ((eq action :action-filter) "filter")
931: ((eq action :action-deny) "deny")
932: ((eq action :action-panic) "panic")
933: ((eq action :action-stop) "stop")
934: ((eq action :action-abort) "abort")
935: ((eq action :action-kill) "kill")
936: ((eq action :action-exit) "exit"))))
937: ; Only proceed if action is not nil
938: (when action
939: (let ((cmd (format "/dev/syd/default/net:%s" action)))
940: ; Call syd--net with the command
941: (syd--stat cmd)))))
942:
943: ; TODO: syd-default-block!
944:
945: (defun syd-default-mem (action)
946: "Set default action for Memory sandboxing.
947: ACTION is a constant representing the sandboxing action."
948: (let ((action (cond
949: ((eq action :action-allow) "allow")
950: ((eq action :action-warn) "warn")
951: ((eq action :action-filter) "filter")
952: ((eq action :action-deny) "deny")
953: ((eq action :action-panic) "panic")
954: ((eq action :action-stop) "stop")
955: ((eq action :action-abort) "abort")
956: ((eq action :action-kill) "kill")
957: ((eq action :action-exit) "exit"))))
958: ; Only proceed if action is not nil
959: (when action
960: (let ((cmd (format "/dev/syd/default/mem:%s" action)))
961: ; Call syd--net with the command
962: (syd--stat cmd)))))
963:
964: (defun syd-default-pid (action)
965: "Set default action for PID sandboxing.
966: ACTION is a constant representing the sandboxing action."
967: (let ((action (cond
968: ((eq action :action-allow) "allow")
969: ((eq action :action-warn) "warn")
970: ((eq action :action-filter) "filter")
971: ((eq action :action-deny) "deny")
972: ((eq action :action-panic) "panic")
973: ((eq action :action-stop) "stop")
974: ((eq action :action-abort) "abort")
975: ((eq action :action-kill) "kill")
976: ((eq action :action-exit) "exit"))))
977: ; Only proceed if action is not nil
978: (when action
979: (let ((cmd (format "/dev/syd/default/pid:%s" action)))
980: ; Call syd--net with the command
981: (syd--stat cmd)))))
982:
983: (defun syd-default-force (action)
984: "Set default action for Force sandboxing.
985: ACTION is a constant representing the sandboxing action."
986: (let ((action (cond
987: ((eq action :action-allow) "allow")
988: ((eq action :action-warn) "warn")
989: ((eq action :action-filter) "filter")
990: ((eq action :action-deny) "deny")
991: ((eq action :action-panic) "panic")
992: ((eq action :action-stop) "stop")
993: ((eq action :action-abort) "abort")
994: ((eq action :action-kill) "kill")
995: ((eq action :action-exit) "exit"))))
996: ; Only proceed if action is not nil
997: (when action
998: (let ((cmd (format "/dev/syd/default/force:%s" action)))
999: ; Call syd--net with the command
1000: (syd--stat cmd)))))
1001:
1002: (defun syd-default-segvguard (action)
1003: "Set default action for SegvGuard.
1004: ACTION is a constant representing the sandboxing action."
1005: (let ((action (cond
1006: ((eq action :action-allow) "allow")
1007: ((eq action :action-warn) "warn")
1008: ((eq action :action-filter) "filter")
1009: ((eq action :action-deny) "deny")
1010: ((eq action :action-panic) "panic")
1011: ((eq action :action-stop) "stop")
1012: ((eq action :action-abort) "abort")
1013: ((eq action :action-kill) "kill")
1014: ((eq action :action-exit) "exit"))))
1015: ; Only proceed if action is not nil
1016: (when action
1017: (let ((cmd (format "/dev/syd/default/segvguard:%s" action)))
1018: ; Call syd--net with the command
1019: (syd--stat cmd)))))
1020:
1021: (defun syd-default-tpe (action)
1022: "Set default action for TPE sandboxing.
1023: ACTION is a constant representing the sandboxing action."
1024: (let ((action (cond
1025: ((eq action :action-allow) "allow")
1026: ((eq action :action-warn) "warn")
1027: ((eq action :action-filter) "filter")
1028: ((eq action :action-deny) "deny")
1029: ((eq action :action-panic) "panic")
1030: ((eq action :action-stop) "stop")
1031: ((eq action :action-abort) "abort")
1032: ((eq action :action-kill) "kill")
1033: ((eq action :action-exit) "exit"))))
1034: ; Only proceed if action is not nil
1035: (when action
1036: (let ((cmd (format "/dev/syd/default/tpe:%s" action)))
1037: ; Call syd--net with the command
1038: (syd--stat cmd)))))
1039:
1040: (defun syd-ioctl-deny (request)
1041: "Adds a request to the _ioctl_(2) denylist.
1042: REQUEST is the _ioctl_(2) request number to add to the denylist."
1043: (unless (numberp request)
1044: (error "Request must be a number"))
1045: (let ((path (format "/dev/syd/ioctl/deny+%d" request)))
1046: (syd--stat path)))
1047:
1048: (defun syd-stat-add (action glob)
1049: "Adds to the given actionlist of stat sandboxing.
1050: ACTION is a constant representing the sandboxing action.
1051: GLOB is a string representing the glob pattern."
1052: (let ((action (cond
1053: ((eq action :action-allow) "allow")
1054: ((eq action :action-warn) "warn")
1055: ((eq action :action-filter) "filter")
1056: ((eq action :action-deny) "deny")
1057: ((eq action :action-panic) "panic")
1058: ((eq action :action-stop) "stop")
1059: ((eq action :action-abort) "abort")
1060: ((eq action :action-kill) "kill")
1061: ((eq action :action-exit) "exit"))))
1062: ; Only proceed if action is not nil
1063: (when action
1064: ; Create the command string
1065: (let ((cmd (format "%s/stat" action)))
1066: ; Call syd--stat with the command
1067: (syd--stat (syd--rule cmd glob ?+))))))
1068:
1069: (defun syd-stat-del (action glob)
1070: "Removes the first matching entry from the end of the given actionlist
1071: of stat sandboxing.
1072: ACTION is a constant representing the sandboxing action.
1073: GLOB is a string representing the glob pattern."
1074: (let ((action (cond
1075: ((eq action :action-allow) "allow")
1076: ((eq action :action-warn) "warn")
1077: ((eq action :action-filter) "filter")
1078: ((eq action :action-deny) "deny")
1079: ((eq action :action-panic) "panic")
1080: ((eq action :action-stop) "stop")
1081: ((eq action :action-abort) "abort")
1082: ((eq action :action-kill) "kill")
1083: ((eq action :action-exit) "exit"))))
1084: ; Only proceed if action is not nil
1085: (when action
1086: ; Create the command string
1087: (let ((cmd (format "%s/stat" action)))
1088: ; Call syd--stat with the command
1089: (syd--stat (syd--rule cmd glob ?-))))))
1090:
1091: (defun syd-stat-rem (action glob)
1092: "Removes all matching entries from the given actionlist of stat sandboxing.
1093: ACTION is a constant representing the sandboxing action.
1094: GLOB is a string representing the glob pattern."
1095: (let ((action (cond
1096: ((eq action :action-allow) "allow")
1097: ((eq action :action-warn) "warn")
1098: ((eq action :action-filter) "filter")
1099: ((eq action :action-deny) "deny")
1100: ((eq action :action-panic) "panic")
1101: ((eq action :action-stop) "stop")
1102: ((eq action :action-abort) "abort")
1103: ((eq action :action-kill) "kill")
1104: ((eq action :action-exit) "exit"))))
1105: ; Only proceed if action is not nil
1106: (when action
1107: ; Create the command string
1108: (let ((cmd (format "%s/stat" action)))
1109: ; Call syd--stat with the command
1110: (syd--stat (syd--rule cmd glob ?^))))))
1111:
1112: (defun syd-read-add (action glob)
1113: "Adds to the given actionlist of read sandboxing.
1114: ACTION is a constant representing the sandboxing action.
1115: GLOB is a string representing the glob pattern."
1116: (let ((action (cond
1117: ((eq action :action-allow) "allow")
1118: ((eq action :action-warn) "warn")
1119: ((eq action :action-filter) "filter")
1120: ((eq action :action-deny) "deny")
1121: ((eq action :action-panic) "panic")
1122: ((eq action :action-stop) "stop")
1123: ((eq action :action-abort) "abort")
1124: ((eq action :action-kill) "kill")
1125: ((eq action :action-exit) "exit"))))
1126: ; Only proceed if action is not nil
1127: (when action
1128: ; Create the command string
1129: (let ((cmd (format "%s/read" action)))
1130: ; Call syd--stat with the command
1131: (syd--stat (syd--rule cmd glob ?+))))))
1132:
1133: (defun syd-read-del (action glob)
1134: "Removes the first matching entry from the end of the given actionlist
1135: of read sandboxing.
1136: ACTION is a constant representing the sandboxing action.
1137: GLOB is a string representing the glob pattern."
1138: (let ((action (cond
1139: ((eq action :action-allow) "allow")
1140: ((eq action :action-warn) "warn")
1141: ((eq action :action-filter) "filter")
1142: ((eq action :action-deny) "deny")
1143: ((eq action :action-panic) "panic")
1144: ((eq action :action-stop) "stop")
1145: ((eq action :action-abort) "abort")
1146: ((eq action :action-kill) "kill")
1147: ((eq action :action-exit) "exit"))))
1148: ; Only proceed if action is not nil
1149: (when action
1150: ; Create the command string
1151: (let ((cmd (format "%s/read" action)))
1152: ; Call syd--stat with the command
1153: (syd--stat (syd--rule cmd glob ?-))))))
1154:
1155: (defun syd-read-rem (action glob)
1156: "Removes all matching entries from the given actionlist of read sandboxing.
1157: ACTION is a constant representing the sandboxing action.
1158: GLOB is a string representing the glob pattern."
1159: (let ((action (cond
1160: ((eq action :action-allow) "allow")
1161: ((eq action :action-warn) "warn")
1162: ((eq action :action-filter) "filter")
1163: ((eq action :action-deny) "deny")
1164: ((eq action :action-panic) "panic")
1165: ((eq action :action-stop) "stop")
1166: ((eq action :action-abort) "abort")
1167: ((eq action :action-kill) "kill")
1168: ((eq action :action-exit) "exit"))))
1169: ; Only proceed if action is not nil
1170: (when action
1171: ; Create the command string
1172: (let ((cmd (format "%s/read" action)))
1173: ; Call syd--stat with the command
1174: (syd--stat (syd--rule cmd glob ?^))))))
1175:
1176: (defun syd-write-add (action glob)
1177: "Adds to the given actionlist of write sandboxing.
1178: ACTION is a constant representing the sandboxing action.
1179: GLOB is a string representing the glob pattern."
1180: (let ((action (cond
1181: ((eq action :action-allow) "allow")
1182: ((eq action :action-warn) "warn")
1183: ((eq action :action-filter) "filter")
1184: ((eq action :action-deny) "deny")
1185: ((eq action :action-panic) "panic")
1186: ((eq action :action-stop) "stop")
1187: ((eq action :action-abort) "abort")
1188: ((eq action :action-kill) "kill")
1189: ((eq action :action-exit) "exit"))))
1190: ; Only proceed if action is not nil
1191: (when action
1192: ; Create the command string
1193: (let ((cmd (format "%s/write" action)))
1194: ; Call syd--stat with the command
1195: (syd--stat (syd--rule cmd glob ?+))))))
1196:
1197: (defun syd-write-del (action glob)
1198: "Removes the first matching entry from the end of the given actionlist
1199: of write sandboxing.
1200: ACTION is a constant representing the sandboxing action.
1201: GLOB is a string representing the glob pattern."
1202: (let ((action (cond
1203: ((eq action :action-allow) "allow")
1204: ((eq action :action-warn) "warn")
1205: ((eq action :action-filter) "filter")
1206: ((eq action :action-deny) "deny")
1207: ((eq action :action-panic) "panic")
1208: ((eq action :action-stop) "stop")
1209: ((eq action :action-abort) "abort")
1210: ((eq action :action-kill) "kill")
1211: ((eq action :action-exit) "exit"))))
1212: ; Only proceed if action is not nil
1213: (when action
1214: ; Create the command string
1215: (let ((cmd (format "%s/write" action)))
1216: ; Call syd--stat with the command
1217: (syd--stat (syd--rule cmd glob ?-))))))
1218:
1219: (defun syd-write-rem (action glob)
1220: "Removes all matching entries from the given actionlist of write sandboxing.
1221: ACTION is a constant representing the sandboxing action.
1222: GLOB is a string representing the glob pattern."
1223: (let ((action (cond
1224: ((eq action :action-allow) "allow")
1225: ((eq action :action-warn) "warn")
1226: ((eq action :action-filter) "filter")
1227: ((eq action :action-deny) "deny")
1228: ((eq action :action-panic) "panic")
1229: ((eq action :action-stop) "stop")
1230: ((eq action :action-abort) "abort")
1231: ((eq action :action-kill) "kill")
1232: ((eq action :action-exit) "exit"))))
1233: ; Only proceed if action is not nil
1234: (when action
1235: ; Create the command string
1236: (let ((cmd (format "%s/write" action)))
1237: ; Call syd--stat with the command
1238: (syd--stat (syd--rule cmd glob ?^))))))
1239:
1240: (defun syd-exec-add (action glob)
1241: "Adds to the given actionlist of exec sandboxing.
1242: ACTION is a constant representing the sandboxing action.
1243: GLOB is a string representing the glob pattern."
1244: (let ((action (cond
1245: ((eq action :action-allow) "allow")
1246: ((eq action :action-warn) "warn")
1247: ((eq action :action-filter) "filter")
1248: ((eq action :action-deny) "deny")
1249: ((eq action :action-panic) "panic")
1250: ((eq action :action-stop) "stop")
1251: ((eq action :action-abort) "abort")
1252: ((eq action :action-kill) "kill")
1253: ((eq action :action-exit) "exit"))))
1254: ; Only proceed if action is not nil
1255: (when action
1256: ; Create the command string
1257: (let ((cmd (format "%s/exec" action)))
1258: ; Call syd--stat with the command
1259: (syd--stat (syd--rule cmd glob ?+))))))
1260:
1261: (defun syd-exec-del (action glob)
1262: "Removes the first matching entry from the end of the given actionlist
1263: of exec sandboxing.
1264: ACTION is a constant representing the sandboxing action.
1265: GLOB is a string representing the glob pattern."
1266: (let ((action (cond
1267: ((eq action :action-allow) "allow")
1268: ((eq action :action-warn) "warn")
1269: ((eq action :action-filter) "filter")
1270: ((eq action :action-deny) "deny")
1271: ((eq action :action-panic) "panic")
1272: ((eq action :action-stop) "stop")
1273: ((eq action :action-abort) "abort")
1274: ((eq action :action-kill) "kill")
1275: ((eq action :action-exit) "exit"))))
1276: ; Only proceed if action is not nil
1277: (when action
1278: ; Create the command string
1279: (let ((cmd (format "%s/exec" action)))
1280: ; Call syd--stat with the command
1281: (syd--stat (syd--rule cmd glob ?-))))))
1282:
1283: (defun syd-exec-rem (action glob)
1284: "Removes all matching entries from the given actionlist of exec sandboxing.
1285: ACTION is a constant representing the sandboxing action.
1286: GLOB is a string representing the glob pattern."
1287: (let ((action (cond
1288: ((eq action :action-allow) "allow")
1289: ((eq action :action-warn) "warn")
1290: ((eq action :action-filter) "filter")
1291: ((eq action :action-deny) "deny")
1292: ((eq action :action-panic) "panic")
1293: ((eq action :action-stop) "stop")
1294: ((eq action :action-abort) "abort")
1295: ((eq action :action-kill) "kill")
1296: ((eq action :action-exit) "exit"))))
1297: ; Only proceed if action is not nil
1298: (when action
1299: ; Create the command string
1300: (let ((cmd (format "%s/exec" action)))
1301: ; Call syd--stat with the command
1302: (syd--stat (syd--rule cmd glob ?^))))))
1303:
1304: (defun syd-ioctl-add (action glob)
1305: "Adds to the given actionlist of ioctl sandboxing.
1306: ACTION is a constant representing the sandboxing action.
1307: GLOB is a string representing the glob pattern."
1308: (let ((action (cond
1309: ((eq action :action-allow) "allow")
1310: ((eq action :action-warn) "warn")
1311: ((eq action :action-filter) "filter")
1312: ((eq action :action-deny) "deny")
1313: ((eq action :action-panic) "panic")
1314: ((eq action :action-stop) "stop")
1315: ((eq action :action-abort) "abort")
1316: ((eq action :action-kill) "kill")
1317: ((eq action :action-exit) "exit"))))
1318: ; Only proceed if action is not nil
1319: (when action
1320: ; Create the command string
1321: (let ((cmd (format "%s/ioctl" action)))
1322: ; Call syd--stat with the command
1323: (syd--stat (syd--rule cmd glob ?+))))))
1324:
1325: (defun syd-ioctl-del (action glob)
1326: "Removes the first matching entry from the end of the given actionlist
1327: of ioctl sandboxing.
1328: ACTION is a constant representing the sandboxing action.
1329: GLOB is a string representing the glob pattern."
1330: (let ((action (cond
1331: ((eq action :action-allow) "allow")
1332: ((eq action :action-warn) "warn")
1333: ((eq action :action-filter) "filter")
1334: ((eq action :action-deny) "deny")
1335: ((eq action :action-panic) "panic")
1336: ((eq action :action-stop) "stop")
1337: ((eq action :action-abort) "abort")
1338: ((eq action :action-kill) "kill")
1339: ((eq action :action-exit) "exit"))))
1340: ; Only proceed if action is not nil
1341: (when action
1342: ; Create the command string
1343: (let ((cmd (format "%s/ioctl" action)))
1344: ; Call syd--stat with the command
1345: (syd--stat (syd--rule cmd glob ?-))))))
1346:
1347: (defun syd-ioctl-rem (action glob)
1348: "Removes all matching entries from the given actionlist of ioctl sandboxing.
1349: ACTION is a constant representing the sandboxing action.
1350: GLOB is a string representing the glob pattern."
1351: (let ((action (cond
1352: ((eq action :action-allow) "allow")
1353: ((eq action :action-warn) "warn")
1354: ((eq action :action-filter) "filter")
1355: ((eq action :action-deny) "deny")
1356: ((eq action :action-panic) "panic")
1357: ((eq action :action-stop) "stop")
1358: ((eq action :action-abort) "abort")
1359: ((eq action :action-kill) "kill")
1360: ((eq action :action-exit) "exit"))))
1361: ; Only proceed if action is not nil
1362: (when action
1363: ; Create the command string
1364: (let ((cmd (format "%s/ioctl" action)))
1365: ; Call syd--stat with the command
1366: (syd--stat (syd--rule cmd glob ?^))))))
1367:
1368: (defun syd-create-add (action glob)
1369: "Adds to the given actionlist of create sandboxing.
1370: ACTION is a constant representing the sandboxing action.
1371: GLOB is a string representing the glob pattern."
1372: (let ((action (cond
1373: ((eq action :action-allow) "allow")
1374: ((eq action :action-warn) "warn")
1375: ((eq action :action-filter) "filter")
1376: ((eq action :action-deny) "deny")
1377: ((eq action :action-panic) "panic")
1378: ((eq action :action-stop) "stop")
1379: ((eq action :action-abort) "abort")
1380: ((eq action :action-kill) "kill")
1381: ((eq action :action-exit) "exit"))))
1382: ; Only proceed if action is not nil
1383: (when action
1384: ; Create the command string
1385: (let ((cmd (format "%s/create" action)))
1386: ; Call syd--stat with the command
1387: (syd--stat (syd--rule cmd glob ?+))))))
1388:
1389: (defun syd-create-del (action glob)
1390: "Removes the first matching entry from the end of the given actionlist
1391: of create sandboxing.
1392: ACTION is a constant representing the sandboxing action.
1393: GLOB is a string representing the glob pattern."
1394: (let ((action (cond
1395: ((eq action :action-allow) "allow")
1396: ((eq action :action-warn) "warn")
1397: ((eq action :action-filter) "filter")
1398: ((eq action :action-deny) "deny")
1399: ((eq action :action-panic) "panic")
1400: ((eq action :action-stop) "stop")
1401: ((eq action :action-abort) "abort")
1402: ((eq action :action-kill) "kill")
1403: ((eq action :action-exit) "exit"))))
1404: ; Only proceed if action is not nil
1405: (when action
1406: ; Create the command string
1407: (let ((cmd (format "%s/create" action)))
1408: ; Call syd--stat with the command
1409: (syd--stat (syd--rule cmd glob ?-))))))
1410:
1411: (defun syd-create-rem (action glob)
1412: "Removes all matching entries from the given actionlist of create sandboxing.
1413: ACTION is a constant representing the sandboxing action.
1414: GLOB is a string representing the glob pattern."
1415: (let ((action (cond
1416: ((eq action :action-allow) "allow")
1417: ((eq action :action-warn) "warn")
1418: ((eq action :action-filter) "filter")
1419: ((eq action :action-deny) "deny")
1420: ((eq action :action-panic) "panic")
1421: ((eq action :action-stop) "stop")
1422: ((eq action :action-abort) "abort")
1423: ((eq action :action-kill) "kill")
1424: ((eq action :action-exit) "exit"))))
1425: ; Only proceed if action is not nil
1426: (when action
1427: ; Create the command string
1428: (let ((cmd (format "%s/create" action)))
1429: ; Call syd--stat with the command
1430: (syd--stat (syd--rule cmd glob ?^))))))
1431:
1432: (defun syd-delete-add (action glob)
1433: "Adds to the given actionlist of delete sandboxing.
1434: ACTION is a constant representing the sandboxing action.
1435: GLOB is a string representing the glob pattern."
1436: (let ((action (cond
1437: ((eq action :action-allow) "allow")
1438: ((eq action :action-warn) "warn")
1439: ((eq action :action-filter) "filter")
1440: ((eq action :action-deny) "deny")
1441: ((eq action :action-panic) "panic")
1442: ((eq action :action-stop) "stop")
1443: ((eq action :action-abort) "abort")
1444: ((eq action :action-kill) "kill")
1445: ((eq action :action-exit) "exit"))))
1446: ; Only proceed if action is not nil
1447: (when action
1448: ; delete the command string
1449: (let ((cmd (format "%s/delete" action)))
1450: ; Call syd--stat with the command
1451: (syd--stat (syd--rule cmd glob ?+))))))
1452:
1453: (defun syd-delete-del (action glob)
1454: "Removes the first matching entry from the end of the given actionlist
1455: of delete sandboxing.
1456: ACTION is a constant representing the sandboxing action.
1457: GLOB is a string representing the glob pattern."
1458: (let ((action (cond
1459: ((eq action :action-allow) "allow")
1460: ((eq action :action-warn) "warn")
1461: ((eq action :action-filter) "filter")
1462: ((eq action :action-deny) "deny")
1463: ((eq action :action-panic) "panic")
1464: ((eq action :action-stop) "stop")
1465: ((eq action :action-abort) "abort")
1466: ((eq action :action-kill) "kill")
1467: ((eq action :action-exit) "exit"))))
1468: ; Only proceed if action is not nil
1469: (when action
1470: ; delete the command string
1471: (let ((cmd (format "%s/delete" action)))
1472: ; Call syd--stat with the command
1473: (syd--stat (syd--rule cmd glob ?-))))))
1474:
1475: (defun syd-delete-rem (action glob)
1476: "Removes all matching entries from the given actionlist of delete sandboxing.
1477: ACTION is a constant representing the sandboxing action.
1478: GLOB is a string representing the glob pattern."
1479: (let ((action (cond
1480: ((eq action :action-allow) "allow")
1481: ((eq action :action-warn) "warn")
1482: ((eq action :action-filter) "filter")
1483: ((eq action :action-deny) "deny")
1484: ((eq action :action-panic) "panic")
1485: ((eq action :action-stop) "stop")
1486: ((eq action :action-abort) "abort")
1487: ((eq action :action-kill) "kill")
1488: ((eq action :action-exit) "exit"))))
1489: ; Only proceed if action is not nil
1490: (when action
1491: ; delete the command string
1492: (let ((cmd (format "%s/delete" action)))
1493: ; Call syd--stat with the command
1494: (syd--stat (syd--rule cmd glob ?^))))))
1495:
1496: (defun syd-rename-add (action glob)
1497: "Adds to the given actionlist of rename sandboxing.
1498: ACTION is a constant representing the sandboxing action.
1499: GLOB is a string representing the glob pattern."
1500: (let ((action (cond
1501: ((eq action :action-allow) "allow")
1502: ((eq action :action-warn) "warn")
1503: ((eq action :action-filter) "filter")
1504: ((eq action :action-deny) "deny")
1505: ((eq action :action-panic) "panic")
1506: ((eq action :action-stop) "stop")
1507: ((eq action :action-abort) "abort")
1508: ((eq action :action-kill) "kill")
1509: ((eq action :action-exit) "exit"))))
1510: ; Only proceed if action is not nil
1511: (when action
1512: ; rename the command string
1513: (let ((cmd (format "%s/rename" action)))
1514: ; Call syd--stat with the command
1515: (syd--stat (syd--rule cmd glob ?+))))))
1516:
1517: (defun syd-rename-del (action glob)
1518: "Removes the first matching entry from the end of the given actionlist
1519: of rename sandboxing.
1520: ACTION is a constant representing the sandboxing action.
1521: GLOB is a string representing the glob pattern."
1522: (let ((action (cond
1523: ((eq action :action-allow) "allow")
1524: ((eq action :action-warn) "warn")
1525: ((eq action :action-filter) "filter")
1526: ((eq action :action-deny) "deny")
1527: ((eq action :action-panic) "panic")
1528: ((eq action :action-stop) "stop")
1529: ((eq action :action-abort) "abort")
1530: ((eq action :action-kill) "kill")
1531: ((eq action :action-exit) "exit"))))
1532: ; Only proceed if action is not nil
1533: (when action
1534: ; rename the command string
1535: (let ((cmd (format "%s/rename" action)))
1536: ; Call syd--stat with the command
1537: (syd--stat (syd--rule cmd glob ?-))))))
1538:
1539: (defun syd-rename-rem (action glob)
1540: "Removes all matching entries from the given actionlist of rename sandboxing.
1541: ACTION is a constant representing the sandboxing action.
1542: GLOB is a string representing the glob pattern."
1543: (let ((action (cond
1544: ((eq action :action-allow) "allow")
1545: ((eq action :action-warn) "warn")
1546: ((eq action :action-filter) "filter")
1547: ((eq action :action-deny) "deny")
1548: ((eq action :action-panic) "panic")
1549: ((eq action :action-stop) "stop")
1550: ((eq action :action-abort) "abort")
1551: ((eq action :action-kill) "kill")
1552: ((eq action :action-exit) "exit"))))
1553: ; Only proceed if action is not nil
1554: (when action
1555: ; rename the command string
1556: (let ((cmd (format "%s/rename" action)))
1557: ; Call syd--stat with the command
1558: (syd--stat (syd--rule cmd glob ?^))))))
1559:
1560: (defun syd-symlink-add (action glob)
1561: "Adds to the given actionlist of symlink sandboxing.
1562: ACTION is a constant representing the sandboxing action.
1563: GLOB is a string representing the glob pattern."
1564: (let ((action (cond
1565: ((eq action :action-allow) "allow")
1566: ((eq action :action-warn) "warn")
1567: ((eq action :action-filter) "filter")
1568: ((eq action :action-deny) "deny")
1569: ((eq action :action-panic) "panic")
1570: ((eq action :action-stop) "stop")
1571: ((eq action :action-abort) "abort")
1572: ((eq action :action-kill) "kill")
1573: ((eq action :action-exit) "exit"))))
1574: ; Only proceed if action is not nil
1575: (when action
1576: ; symlink the command string
1577: (let ((cmd (format "%s/symlink" action)))
1578: ; Call syd--stat with the command
1579: (syd--stat (syd--rule cmd glob ?+))))))
1580:
1581: (defun syd-symlink-del (action glob)
1582: "Removes the first matching entry from the end of the given actionlist
1583: of symlink sandboxing.
1584: ACTION is a constant representing the sandboxing action.
1585: GLOB is a string representing the glob pattern."
1586: (let ((action (cond
1587: ((eq action :action-allow) "allow")
1588: ((eq action :action-warn) "warn")
1589: ((eq action :action-filter) "filter")
1590: ((eq action :action-deny) "deny")
1591: ((eq action :action-panic) "panic")
1592: ((eq action :action-stop) "stop")
1593: ((eq action :action-abort) "abort")
1594: ((eq action :action-kill) "kill")
1595: ((eq action :action-exit) "exit"))))
1596: ; Only proceed if action is not nil
1597: (when action
1598: ; symlink the command string
1599: (let ((cmd (format "%s/symlink" action)))
1600: ; Call syd--stat with the command
1601: (syd--stat (syd--rule cmd glob ?-))))))
1602:
1603: (defun syd-symlink-rem (action glob)
1604: "Removes all matching entries from the given actionlist of symlink sandboxing.
1605: ACTION is a constant representing the sandboxing action.
1606: GLOB is a string representing the glob pattern."
1607: (let ((action (cond
1608: ((eq action :action-allow) "allow")
1609: ((eq action :action-warn) "warn")
1610: ((eq action :action-filter) "filter")
1611: ((eq action :action-deny) "deny")
1612: ((eq action :action-panic) "panic")
1613: ((eq action :action-stop) "stop")
1614: ((eq action :action-abort) "abort")
1615: ((eq action :action-kill) "kill")
1616: ((eq action :action-exit) "exit"))))
1617: ; Only proceed if action is not nil
1618: (when action
1619: ; symlink the command string
1620: (let ((cmd (format "%s/symlink" action)))
1621: ; Call syd--stat with the command
1622: (syd--stat (syd--rule cmd glob ?^))))))
1623:
1624: (defun syd-truncate-add (action glob)
1625: "Adds to the given actionlist of truncate sandboxing.
1626: ACTION is a constant representing the sandboxing action.
1627: GLOB is a string representing the glob pattern."
1628: (let ((action (cond
1629: ((eq action :action-allow) "allow")
1630: ((eq action :action-warn) "warn")
1631: ((eq action :action-filter) "filter")
1632: ((eq action :action-deny) "deny")
1633: ((eq action :action-panic) "panic")
1634: ((eq action :action-stop) "stop")
1635: ((eq action :action-abort) "abort")
1636: ((eq action :action-kill) "kill")
1637: ((eq action :action-exit) "exit"))))
1638: ; Only proceed if action is not nil
1639: (when action
1640: ; truncate the command string
1641: (let ((cmd (format "%s/truncate" action)))
1642: ; Call syd--stat with the command
1643: (syd--stat (syd--rule cmd glob ?+))))))
1644:
1645: (defun syd-truncate-del (action glob)
1646: "Removes the first matching entry from the end of the given actionlist
1647: of truncate sandboxing.
1648: ACTION is a constant representing the sandboxing action.
1649: GLOB is a string representing the glob pattern."
1650: (let ((action (cond
1651: ((eq action :action-allow) "allow")
1652: ((eq action :action-warn) "warn")
1653: ((eq action :action-filter) "filter")
1654: ((eq action :action-deny) "deny")
1655: ((eq action :action-panic) "panic")
1656: ((eq action :action-stop) "stop")
1657: ((eq action :action-abort) "abort")
1658: ((eq action :action-kill) "kill")
1659: ((eq action :action-exit) "exit"))))
1660: ; Only proceed if action is not nil
1661: (when action
1662: ; truncate the command string
1663: (let ((cmd (format "%s/truncate" action)))
1664: ; Call syd--stat with the command
1665: (syd--stat (syd--rule cmd glob ?-))))))
1666:
1667: (defun syd-truncate-rem (action glob)
1668: "Removes all matching entries from the given actionlist of truncate sandboxing.
1669: ACTION is a constant representing the sandboxing action.
1670: GLOB is a string representing the glob pattern."
1671: (let ((action (cond
1672: ((eq action :action-allow) "allow")
1673: ((eq action :action-warn) "warn")
1674: ((eq action :action-filter) "filter")
1675: ((eq action :action-deny) "deny")
1676: ((eq action :action-panic) "panic")
1677: ((eq action :action-stop) "stop")
1678: ((eq action :action-abort) "abort")
1679: ((eq action :action-kill) "kill")
1680: ((eq action :action-exit) "exit"))))
1681: ; Only proceed if action is not nil
1682: (when action
1683: ; truncate the command string
1684: (let ((cmd (format "%s/truncate" action)))
1685: ; Call syd--stat with the command
1686: (syd--stat (syd--rule cmd glob ?^))))))
1687:
1688: (defun syd-chdir-add (action glob)
1689: "Adds to the given actionlist of chdir sandboxing.
1690: ACTION is a constant representing the sandboxing action.
1691: GLOB is a string representing the glob pattern."
1692: (let ((action (cond
1693: ((eq action :action-allow) "allow")
1694: ((eq action :action-warn) "warn")
1695: ((eq action :action-filter) "filter")
1696: ((eq action :action-deny) "deny")
1697: ((eq action :action-panic) "panic")
1698: ((eq action :action-stop) "stop")
1699: ((eq action :action-abort) "abort")
1700: ((eq action :action-kill) "kill")
1701: ((eq action :action-exit) "exit"))))
1702: ; Only proceed if action is not nil
1703: (when action
1704: ; chdir the command string
1705: (let ((cmd (format "%s/chdir" action)))
1706: ; Call syd--stat with the command
1707: (syd--stat (syd--rule cmd glob ?+))))))
1708:
1709: (defun syd-chdir-del (action glob)
1710: "Removes the first matching entry from the end of the given actionlist
1711: of chdir sandboxing.
1712: ACTION is a constant representing the sandboxing action.
1713: GLOB is a string representing the glob pattern."
1714: (let ((action (cond
1715: ((eq action :action-allow) "allow")
1716: ((eq action :action-warn) "warn")
1717: ((eq action :action-filter) "filter")
1718: ((eq action :action-deny) "deny")
1719: ((eq action :action-panic) "panic")
1720: ((eq action :action-stop) "stop")
1721: ((eq action :action-abort) "abort")
1722: ((eq action :action-kill) "kill")
1723: ((eq action :action-exit) "exit"))))
1724: ; Only proceed if action is not nil
1725: (when action
1726: ; chdir the command string
1727: (let ((cmd (format "%s/chdir" action)))
1728: ; Call syd--stat with the command
1729: (syd--stat (syd--rule cmd glob ?-))))))
1730:
1731: (defun syd-chdir-rem (action glob)
1732: "Removes all matching entries from the given actionlist of chdir sandboxing.
1733: ACTION is a constant representing the sandboxing action.
1734: GLOB is a string representing the glob pattern."
1735: (let ((action (cond
1736: ((eq action :action-allow) "allow")
1737: ((eq action :action-warn) "warn")
1738: ((eq action :action-filter) "filter")
1739: ((eq action :action-deny) "deny")
1740: ((eq action :action-panic) "panic")
1741: ((eq action :action-stop) "stop")
1742: ((eq action :action-abort) "abort")
1743: ((eq action :action-kill) "kill")
1744: ((eq action :action-exit) "exit"))))
1745: ; Only proceed if action is not nil
1746: (when action
1747: ; chdir the command string
1748: (let ((cmd (format "%s/chdir" action)))
1749: ; Call syd--stat with the command
1750: (syd--stat (syd--rule cmd glob ?^))))))
1751:
1752: (defun syd-readdir-add (action glob)
1753: "Adds to the given actionlist of readdir sandboxing.
1754: ACTION is a constant representing the sandboxing action.
1755: GLOB is a string representing the glob pattern."
1756: (let ((action (cond
1757: ((eq action :action-allow) "allow")
1758: ((eq action :action-warn) "warn")
1759: ((eq action :action-filter) "filter")
1760: ((eq action :action-deny) "deny")
1761: ((eq action :action-panic) "panic")
1762: ((eq action :action-stop) "stop")
1763: ((eq action :action-abort) "abort")
1764: ((eq action :action-kill) "kill")
1765: ((eq action :action-exit) "exit"))))
1766: ; Only proceed if action is not nil
1767: (when action
1768: ; readdir the command string
1769: (let ((cmd (format "%s/readdir" action)))
1770: ; Call syd--stat with the command
1771: (syd--stat (syd--rule cmd glob ?+))))))
1772:
1773: (defun syd-readdir-del (action glob)
1774: "Removes the first matching entry from the end of the given actionlist
1775: of readdir sandboxing.
1776: ACTION is a constant representing the sandboxing action.
1777: GLOB is a string representing the glob pattern."
1778: (let ((action (cond
1779: ((eq action :action-allow) "allow")
1780: ((eq action :action-warn) "warn")
1781: ((eq action :action-filter) "filter")
1782: ((eq action :action-deny) "deny")
1783: ((eq action :action-panic) "panic")
1784: ((eq action :action-stop) "stop")
1785: ((eq action :action-abort) "abort")
1786: ((eq action :action-kill) "kill")
1787: ((eq action :action-exit) "exit"))))
1788: ; Only proceed if action is not nil
1789: (when action
1790: ; readdir the command string
1791: (let ((cmd (format "%s/readdir" action)))
1792: ; Call syd--stat with the command
1793: (syd--stat (syd--rule cmd glob ?-))))))
1794:
1795: (defun syd-readdir-rem (action glob)
1796: "Removes all matching entries from the given actionlist of readdir sandboxing.
1797: ACTION is a constant representing the sandboxing action.
1798: GLOB is a string representing the glob pattern."
1799: (let ((action (cond
1800: ((eq action :action-allow) "allow")
1801: ((eq action :action-warn) "warn")
1802: ((eq action :action-filter) "filter")
1803: ((eq action :action-deny) "deny")
1804: ((eq action :action-panic) "panic")
1805: ((eq action :action-stop) "stop")
1806: ((eq action :action-abort) "abort")
1807: ((eq action :action-kill) "kill")
1808: ((eq action :action-exit) "exit"))))
1809: ; Only proceed if action is not nil
1810: (when action
1811: ; readdir the command string
1812: (let ((cmd (format "%s/readdir" action)))
1813: ; Call syd--stat with the command
1814: (syd--stat (syd--rule cmd glob ?^))))))
1815:
1816: (defun syd-readdir-add (action glob)
1817: "Adds to the given actionlist of readdir sandboxing.
1818: ACTION is a constant representing the sandboxing action.
1819: GLOB is a string representing the glob pattern."
1820: (let ((action (cond
1821: ((eq action :action-allow) "allow")
1822: ((eq action :action-warn) "warn")
1823: ((eq action :action-filter) "filter")
1824: ((eq action :action-deny) "deny")
1825: ((eq action :action-panic) "panic")
1826: ((eq action :action-stop) "stop")
1827: ((eq action :action-abort) "abort")
1828: ((eq action :action-kill) "kill")
1829: ((eq action :action-exit) "exit"))))
1830: ; Only proceed if action is not nil
1831: (when action
1832: ; readdir the command string
1833: (let ((cmd (format "%s/readdir" action)))
1834: ; Call syd--stat with the command
1835: (syd--stat (syd--rule cmd glob ?+))))))
1836:
1837: (defun syd-readdir-del (action glob)
1838: "Removes the first matching entry from the end of the given actionlist
1839: of readdir sandboxing.
1840: ACTION is a constant representing the sandboxing action.
1841: GLOB is a string representing the glob pattern."
1842: (let ((action (cond
1843: ((eq action :action-allow) "allow")
1844: ((eq action :action-warn) "warn")
1845: ((eq action :action-filter) "filter")
1846: ((eq action :action-deny) "deny")
1847: ((eq action :action-panic) "panic")
1848: ((eq action :action-stop) "stop")
1849: ((eq action :action-abort) "abort")
1850: ((eq action :action-kill) "kill")
1851: ((eq action :action-exit) "exit"))))
1852: ; Only proceed if action is not nil
1853: (when action
1854: ; readdir the command string
1855: (let ((cmd (format "%s/readdir" action)))
1856: ; Call syd--stat with the command
1857: (syd--stat (syd--rule cmd glob ?-))))))
1858:
1859: (defun syd-readdir-rem (action glob)
1860: "Removes all matching entries from the given actionlist of readdir sandboxing.
1861: ACTION is a constant representing the sandboxing action.
1862: GLOB is a string representing the glob pattern."
1863: (let ((action (cond
1864: ((eq action :action-allow) "allow")
1865: ((eq action :action-warn) "warn")
1866: ((eq action :action-filter) "filter")
1867: ((eq action :action-deny) "deny")
1868: ((eq action :action-panic) "panic")
1869: ((eq action :action-stop) "stop")
1870: ((eq action :action-abort) "abort")
1871: ((eq action :action-kill) "kill")
1872: ((eq action :action-exit) "exit"))))
1873: ; Only proceed if action is not nil
1874: (when action
1875: ; readdir the command string
1876: (let ((cmd (format "%s/readdir" action)))
1877: ; Call syd--stat with the command
1878: (syd--stat (syd--rule cmd glob ?^))))))
1879:
1880: (defun syd-mkdir-add (action glob)
1881: "Adds to the given actionlist of mkdir sandboxing.
1882: ACTION is a constant representing the sandboxing action.
1883: GLOB is a string representing the glob pattern."
1884: (let ((action (cond
1885: ((eq action :action-allow) "allow")
1886: ((eq action :action-warn) "warn")
1887: ((eq action :action-filter) "filter")
1888: ((eq action :action-deny) "deny")
1889: ((eq action :action-panic) "panic")
1890: ((eq action :action-stop) "stop")
1891: ((eq action :action-abort) "abort")
1892: ((eq action :action-kill) "kill")
1893: ((eq action :action-exit) "exit"))))
1894: ; Only proceed if action is not nil
1895: (when action
1896: ; mkdir the command string
1897: (let ((cmd (format "%s/mkdir" action)))
1898: ; Call syd--stat with the command
1899: (syd--stat (syd--rule cmd glob ?+))))))
1900:
1901: (defun syd-mkdir-del (action glob)
1902: "Removes the first matching entry from the end of the given actionlist
1903: of mkdir sandboxing.
1904: ACTION is a constant representing the sandboxing action.
1905: GLOB is a string representing the glob pattern."
1906: (let ((action (cond
1907: ((eq action :action-allow) "allow")
1908: ((eq action :action-warn) "warn")
1909: ((eq action :action-filter) "filter")
1910: ((eq action :action-deny) "deny")
1911: ((eq action :action-panic) "panic")
1912: ((eq action :action-stop) "stop")
1913: ((eq action :action-abort) "abort")
1914: ((eq action :action-kill) "kill")
1915: ((eq action :action-exit) "exit"))))
1916: ; Only proceed if action is not nil
1917: (when action
1918: ; mkdir the command string
1919: (let ((cmd (format "%s/mkdir" action)))
1920: ; Call syd--stat with the command
1921: (syd--stat (syd--rule cmd glob ?-))))))
1922:
1923: (defun syd-mkdir-rem (action glob)
1924: "Removes all matching entries from the given actionlist of mkdir sandboxing.
1925: ACTION is a constant representing the sandboxing action.
1926: GLOB is a string representing the glob pattern."
1927: (let ((action (cond
1928: ((eq action :action-allow) "allow")
1929: ((eq action :action-warn) "warn")
1930: ((eq action :action-filter) "filter")
1931: ((eq action :action-deny) "deny")
1932: ((eq action :action-panic) "panic")
1933: ((eq action :action-stop) "stop")
1934: ((eq action :action-abort) "abort")
1935: ((eq action :action-kill) "kill")
1936: ((eq action :action-exit) "exit"))))
1937: ; Only proceed if action is not nil
1938: (when action
1939: ; mkdir the command string
1940: (let ((cmd (format "%s/mkdir" action)))
1941: ; Call syd--stat with the command
1942: (syd--stat (syd--rule cmd glob ?^))))))
1943:
1944: (defun syd-rmdir-add (action glob)
1945: "Adds to the given actionlist of rmdir sandboxing.
1946: ACTION is a constant representing the sandboxing action.
1947: GLOB is a string representing the glob pattern."
1948: (let ((action (cond
1949: ((eq action :action-allow) "allow")
1950: ((eq action :action-warn) "warn")
1951: ((eq action :action-filter) "filter")
1952: ((eq action :action-deny) "deny")
1953: ((eq action :action-panic) "panic")
1954: ((eq action :action-stop) "stop")
1955: ((eq action :action-abort) "abort")
1956: ((eq action :action-kill) "kill")
1957: ((eq action :action-exit) "exit"))))
1958: ; Only proceed if action is not nil
1959: (when action
1960: ; rmdir the command string
1961: (let ((cmd (format "%s/rmdir" action)))
1962: ; Call syd--stat with the command
1963: (syd--stat (syd--rule cmd glob ?+))))))
1964:
1965: (defun syd-rmdir-del (action glob)
1966: "Removes the first matching entry from the end of the given actionlist
1967: of rmdir sandboxing.
1968: ACTION is a constant representing the sandboxing action.
1969: GLOB is a string representing the glob pattern."
1970: (let ((action (cond
1971: ((eq action :action-allow) "allow")
1972: ((eq action :action-warn) "warn")
1973: ((eq action :action-filter) "filter")
1974: ((eq action :action-deny) "deny")
1975: ((eq action :action-panic) "panic")
1976: ((eq action :action-stop) "stop")
1977: ((eq action :action-abort) "abort")
1978: ((eq action :action-kill) "kill")
1979: ((eq action :action-exit) "exit"))))
1980: ; Only proceed if action is not nil
1981: (when action
1982: ; rmdir the command string
1983: (let ((cmd (format "%s/rmdir" action)))
1984: ; Call syd--stat with the command
1985: (syd--stat (syd--rule cmd glob ?-))))))
1986:
1987: (defun syd-rmdir-rem (action glob)
1988: "Removes all matching entries from the given actionlist of rmdir sandboxing.
1989: ACTION is a constant representing the sandboxing action.
1990: GLOB is a string representing the glob pattern."
1991: (let ((action (cond
1992: ((eq action :action-allow) "allow")
1993: ((eq action :action-warn) "warn")
1994: ((eq action :action-filter) "filter")
1995: ((eq action :action-deny) "deny")
1996: ((eq action :action-panic) "panic")
1997: ((eq action :action-stop) "stop")
1998: ((eq action :action-abort) "abort")
1999: ((eq action :action-kill) "kill")
2000: ((eq action :action-exit) "exit"))))
2001: ; Only proceed if action is not nil
2002: (when action
2003: ; rmdir the command string
2004: (let ((cmd (format "%s/rmdir" action)))
2005: ; Call syd--stat with the command
2006: (syd--stat (syd--rule cmd glob ?^))))))
2007:
2008: (defun syd-chown-add (action glob)
2009: "Adds to the given actionlist of chown sandboxing.
2010: ACTION is a constant representing the sandboxing action.
2011: GLOB is a string representing the glob pattern."
2012: (let ((action (cond
2013: ((eq action :action-allow) "allow")
2014: ((eq action :action-warn) "warn")
2015: ((eq action :action-filter) "filter")
2016: ((eq action :action-deny) "deny")
2017: ((eq action :action-panic) "panic")
2018: ((eq action :action-stop) "stop")
2019: ((eq action :action-abort) "abort")
2020: ((eq action :action-kill) "kill")
2021: ((eq action :action-exit) "exit"))))
2022: ; Only proceed if action is not nil
2023: (when action
2024: ; Create the command string
2025: (let ((cmd (format "%s/chown" action)))
2026: ; Call syd--stat with the command
2027: (syd--stat (syd--rule cmd glob ?+))))))
2028:
2029: (defun syd-chown-del (action glob)
2030: "Removes the first matching entry from the end of the given actionlist
2031: of chown sandboxing.
2032: ACTION is a constant representing the sandboxing action.
2033: GLOB is a string representing the glob pattern."
2034: (let ((action (cond
2035: ((eq action :action-allow) "allow")
2036: ((eq action :action-warn) "warn")
2037: ((eq action :action-filter) "filter")
2038: ((eq action :action-deny) "deny")
2039: ((eq action :action-panic) "panic")
2040: ((eq action :action-stop) "stop")
2041: ((eq action :action-abort) "abort")
2042: ((eq action :action-kill) "kill")
2043: ((eq action :action-exit) "exit"))))
2044: ; Only proceed if action is not nil
2045: (when action
2046: ; Create the command string
2047: (let ((cmd (format "%s/chown" action)))
2048: ; Call syd--stat with the command
2049: (syd--stat (syd--rule cmd glob ?-))))))
2050:
2051: (defun syd-chown-rem (action glob)
2052: "Removes all matching entries from the given actionlist of chown sandboxing.
2053: ACTION is a constant representing the sandboxing action.
2054: GLOB is a string representing the glob pattern."
2055: (let ((action (cond
2056: ((eq action :action-allow) "allow")
2057: ((eq action :action-warn) "warn")
2058: ((eq action :action-filter) "filter")
2059: ((eq action :action-deny) "deny")
2060: ((eq action :action-panic) "panic")
2061: ((eq action :action-stop) "stop")
2062: ((eq action :action-abort) "abort")
2063: ((eq action :action-kill) "kill")
2064: ((eq action :action-exit) "exit"))))
2065: ; Only proceed if action is not nil
2066: (when action
2067: ; Create the command string
2068: (let ((cmd (format "%s/chown" action)))
2069: ; Call syd--stat with the command
2070: (syd--stat (syd--rule cmd glob ?^))))))
2071:
2072: (defun syd-chgrp-add (action glob)
2073: "Adds to the given actionlist of chgrp sandboxing.
2074: ACTION is a constant representing the sandboxing action.
2075: GLOB is a string representing the glob pattern."
2076: (let ((action (cond
2077: ((eq action :action-allow) "allow")
2078: ((eq action :action-warn) "warn")
2079: ((eq action :action-filter) "filter")
2080: ((eq action :action-deny) "deny")
2081: ((eq action :action-panic) "panic")
2082: ((eq action :action-stop) "stop")
2083: ((eq action :action-abort) "abort")
2084: ((eq action :action-kill) "kill")
2085: ((eq action :action-exit) "exit"))))
2086: ; Only proceed if action is not nil
2087: (when action
2088: ; Create the command string
2089: (let ((cmd (format "%s/chgrp" action)))
2090: ; Call syd--stat with the command
2091: (syd--stat (syd--rule cmd glob ?+))))))
2092:
2093: (defun syd-chgrp-del (action glob)
2094: "Removes the first matching entry from the end of the given actionlist
2095: of chgrp sandboxing.
2096: ACTION is a constant representing the sandboxing action.
2097: GLOB is a string representing the glob pattern."
2098: (let ((action (cond
2099: ((eq action :action-allow) "allow")
2100: ((eq action :action-warn) "warn")
2101: ((eq action :action-filter) "filter")
2102: ((eq action :action-deny) "deny")
2103: ((eq action :action-panic) "panic")
2104: ((eq action :action-stop) "stop")
2105: ((eq action :action-abort) "abort")
2106: ((eq action :action-kill) "kill")
2107: ((eq action :action-exit) "exit"))))
2108: ; Only proceed if action is not nil
2109: (when action
2110: ; Create the command string
2111: (let ((cmd (format "%s/chgrp" action)))
2112: ; Call syd--stat with the command
2113: (syd--stat (syd--rule cmd glob ?-))))))
2114:
2115: (defun syd-chgrp-rem (action glob)
2116: "Removes all matching entries from the given actionlist of chgrp sandboxing.
2117: ACTION is a constant representing the sandboxing action.
2118: GLOB is a string representing the glob pattern."
2119: (let ((action (cond
2120: ((eq action :action-allow) "allow")
2121: ((eq action :action-warn) "warn")
2122: ((eq action :action-filter) "filter")
2123: ((eq action :action-deny) "deny")
2124: ((eq action :action-panic) "panic")
2125: ((eq action :action-stop) "stop")
2126: ((eq action :action-abort) "abort")
2127: ((eq action :action-kill) "kill")
2128: ((eq action :action-exit) "exit"))))
2129: ; Only proceed if action is not nil
2130: (when action
2131: ; Create the command string
2132: (let ((cmd (format "%s/chgrp" action)))
2133: ; Call syd--stat with the command
2134: (syd--stat (syd--rule cmd glob ?^))))))
2135:
2136: (defun syd-chmod-add (action glob)
2137: "Adds to the given actionlist of chmod sandboxing.
2138: ACTION is a constant representing the sandboxing action.
2139: GLOB is a string representing the glob pattern."
2140: (let ((action (cond
2141: ((eq action :action-allow) "allow")
2142: ((eq action :action-warn) "warn")
2143: ((eq action :action-filter) "filter")
2144: ((eq action :action-deny) "deny")
2145: ((eq action :action-panic) "panic")
2146: ((eq action :action-stop) "stop")
2147: ((eq action :action-abort) "abort")
2148: ((eq action :action-kill) "kill")
2149: ((eq action :action-exit) "exit"))))
2150: ; Only proceed if action is not nil
2151: (when action
2152: ; Create the command string
2153: (let ((cmd (format "%s/chmod" action)))
2154: ; Call syd--stat with the command
2155: (syd--stat (syd--rule cmd glob ?+))))))
2156:
2157: (defun syd-chmod-del (action glob)
2158: "Removes the first matching entry from the end of the given actionlist
2159: of chmod sandboxing.
2160: ACTION is a constant representing the sandboxing action.
2161: GLOB is a string representing the glob pattern."
2162: (let ((action (cond
2163: ((eq action :action-allow) "allow")
2164: ((eq action :action-warn) "warn")
2165: ((eq action :action-filter) "filter")
2166: ((eq action :action-deny) "deny")
2167: ((eq action :action-panic) "panic")
2168: ((eq action :action-stop) "stop")
2169: ((eq action :action-abort) "abort")
2170: ((eq action :action-kill) "kill")
2171: ((eq action :action-exit) "exit"))))
2172: ; Only proceed if action is not nil
2173: (when action
2174: ; Create the command string
2175: (let ((cmd (format "%s/chmod" action)))
2176: ; Call syd--stat with the command
2177: (syd--stat (syd--rule cmd glob ?-))))))
2178:
2179: (defun syd-chmod-rem (action glob)
2180: "Removes all matching entries from the given actionlist of chmod sandboxing.
2181: ACTION is a constant representing the sandboxing action.
2182: GLOB is a string representing the glob pattern."
2183: (let ((action (cond
2184: ((eq action :action-allow) "allow")
2185: ((eq action :action-warn) "warn")
2186: ((eq action :action-filter) "filter")
2187: ((eq action :action-deny) "deny")
2188: ((eq action :action-panic) "panic")
2189: ((eq action :action-stop) "stop")
2190: ((eq action :action-abort) "abort")
2191: ((eq action :action-kill) "kill")
2192: ((eq action :action-exit) "exit"))))
2193: ; Only proceed if action is not nil
2194: (when action
2195: ; Create the command string
2196: (let ((cmd (format "%s/chmod" action)))
2197: ; Call syd--stat with the command
2198: (syd--stat (syd--rule cmd glob ?^))))))
2199:
2200: (defun syd-chattr-add (action glob)
2201: "Adds to the given actionlist of chattr sandboxing.
2202: ACTION is a constant representing the sandboxing action.
2203: GLOB is a string representing the glob pattern."
2204: (let ((action (cond
2205: ((eq action :action-allow) "allow")
2206: ((eq action :action-warn) "warn")
2207: ((eq action :action-filter) "filter")
2208: ((eq action :action-deny) "deny")
2209: ((eq action :action-panic) "panic")
2210: ((eq action :action-stop) "stop")
2211: ((eq action :action-abort) "abort")
2212: ((eq action :action-kill) "kill")
2213: ((eq action :action-exit) "exit"))))
2214: ; Only proceed if action is not nil
2215: (when action
2216: ; Create the command string
2217: (let ((cmd (format "%s/chattr" action)))
2218: ; Call syd--stat with the command
2219: (syd--stat (syd--rule cmd glob ?+))))))
2220:
2221: (defun syd-chattr-del (action glob)
2222: "Removes the first matching entry from the end of the given actionlist
2223: of chattr sandboxing.
2224: ACTION is a constant representing the sandboxing action.
2225: GLOB is a string representing the glob pattern."
2226: (let ((action (cond
2227: ((eq action :action-allow) "allow")
2228: ((eq action :action-warn) "warn")
2229: ((eq action :action-filter) "filter")
2230: ((eq action :action-deny) "deny")
2231: ((eq action :action-panic) "panic")
2232: ((eq action :action-stop) "stop")
2233: ((eq action :action-abort) "abort")
2234: ((eq action :action-kill) "kill")
2235: ((eq action :action-exit) "exit"))))
2236: ; Only proceed if action is not nil
2237: (when action
2238: ; Create the command string
2239: (let ((cmd (format "%s/chattr" action)))
2240: ; Call syd--stat with the command
2241: (syd--stat (syd--rule cmd glob ?-))))))
2242:
2243: (defun syd-chattr-rem (action glob)
2244: "Removes all matching entries from the given actionlist of chattr sandboxing.
2245: ACTION is a constant representing the sandboxing action.
2246: GLOB is a string representing the glob pattern."
2247: (let ((action (cond
2248: ((eq action :action-allow) "allow")
2249: ((eq action :action-warn) "warn")
2250: ((eq action :action-filter) "filter")
2251: ((eq action :action-deny) "deny")
2252: ((eq action :action-panic) "panic")
2253: ((eq action :action-stop) "stop")
2254: ((eq action :action-abort) "abort")
2255: ((eq action :action-kill) "kill")
2256: ((eq action :action-exit) "exit"))))
2257: ; Only proceed if action is not nil
2258: (when action
2259: ; Create the command string
2260: (let ((cmd (format "%s/chattr" action)))
2261: ; Call syd--stat with the command
2262: (syd--stat (syd--rule cmd glob ?^))))))
2263:
2264: (defun syd-chroot-add (action glob)
2265: "Adds to the given actionlist of chroot sandboxing.
2266: ACTION is a constant representing the sandboxing action.
2267: GLOB is a string representing the glob pattern."
2268: (let ((action (cond
2269: ((eq action :action-allow) "allow")
2270: ((eq action :action-warn) "warn")
2271: ((eq action :action-filter) "filter")
2272: ((eq action :action-deny) "deny")
2273: ((eq action :action-panic) "panic")
2274: ((eq action :action-stop) "stop")
2275: ((eq action :action-abort) "abort")
2276: ((eq action :action-kill) "kill")
2277: ((eq action :action-exit) "exit"))))
2278: ; Only proceed if action is not nil
2279: (when action
2280: ; Create the command string
2281: (let ((cmd (format "%s/chroot" action)))
2282: ; Call syd--stat with the command
2283: (syd--stat (syd--rule cmd glob ?+))))))
2284:
2285: (defun syd-chroot-del (action glob)
2286: "Removes the first matching entry from the end of the given actionlist
2287: of chroot sandboxing.
2288: ACTION is a constant representing the sandboxing action.
2289: GLOB is a string representing the glob pattern."
2290: (let ((action (cond
2291: ((eq action :action-allow) "allow")
2292: ((eq action :action-warn) "warn")
2293: ((eq action :action-filter) "filter")
2294: ((eq action :action-deny) "deny")
2295: ((eq action :action-panic) "panic")
2296: ((eq action :action-stop) "stop")
2297: ((eq action :action-abort) "abort")
2298: ((eq action :action-kill) "kill")
2299: ((eq action :action-exit) "exit"))))
2300: ; Only proceed if action is not nil
2301: (when action
2302: ; Create the command string
2303: (let ((cmd (format "%s/chroot" action)))
2304: ; Call syd--stat with the command
2305: (syd--stat (syd--rule cmd glob ?-))))))
2306:
2307: (defun syd-chroot-rem (action glob)
2308: "Removes all matching entries from the given actionlist of chroot sandboxing.
2309: ACTION is a constant representing the sandboxing action.
2310: GLOB is a string representing the glob pattern."
2311: (let ((action (cond
2312: ((eq action :action-allow) "allow")
2313: ((eq action :action-warn) "warn")
2314: ((eq action :action-filter) "filter")
2315: ((eq action :action-deny) "deny")
2316: ((eq action :action-panic) "panic")
2317: ((eq action :action-stop) "stop")
2318: ((eq action :action-abort) "abort")
2319: ((eq action :action-kill) "kill")
2320: ((eq action :action-exit) "exit"))))
2321: ; Only proceed if action is not nil
2322: (when action
2323: ; Create the command string
2324: (let ((cmd (format "%s/chroot" action)))
2325: ; Call syd--stat with the command
2326: (syd--stat (syd--rule cmd glob ?^))))))
2327:
2328: (defun syd-utime-add (action glob)
2329: "Adds to the given actionlist of utime sandboxing.
2330: ACTION is a constant representing the sandboxing action.
2331: GLOB is a string representing the glob pattern."
2332: (let ((action (cond
2333: ((eq action :action-allow) "allow")
2334: ((eq action :action-warn) "warn")
2335: ((eq action :action-filter) "filter")
2336: ((eq action :action-deny) "deny")
2337: ((eq action :action-panic) "panic")
2338: ((eq action :action-stop) "stop")
2339: ((eq action :action-abort) "abort")
2340: ((eq action :action-kill) "kill")
2341: ((eq action :action-exit) "exit"))))
2342: ; Only proceed if action is not nil
2343: (when action
2344: ; Create the command string
2345: (let ((cmd (format "%s/utime" action)))
2346: ; Call syd--stat with the command
2347: (syd--stat (syd--rule cmd glob ?+))))))
2348:
2349: (defun syd-utime-del (action glob)
2350: "Removes the first matching entry from the end of the given actionlist
2351: of utime sandboxing.
2352: ACTION is a constant representing the sandboxing action.
2353: GLOB is a string representing the glob pattern."
2354: (let ((action (cond
2355: ((eq action :action-allow) "allow")
2356: ((eq action :action-warn) "warn")
2357: ((eq action :action-filter) "filter")
2358: ((eq action :action-deny) "deny")
2359: ((eq action :action-panic) "panic")
2360: ((eq action :action-stop) "stop")
2361: ((eq action :action-abort) "abort")
2362: ((eq action :action-kill) "kill")
2363: ((eq action :action-exit) "exit"))))
2364: ; Only proceed if action is not nil
2365: (when action
2366: ; Create the command string
2367: (let ((cmd (format "%s/utime" action)))
2368: ; Call syd--stat with the command
2369: (syd--stat (syd--rule cmd glob ?-))))))
2370:
2371: (defun syd-utime-rem (action glob)
2372: "Removes all matching entries from the given actionlist of utime sandboxing.
2373: ACTION is a constant representing the sandboxing action.
2374: GLOB is a string representing the glob pattern."
2375: (let ((action (cond
2376: ((eq action :action-allow) "allow")
2377: ((eq action :action-warn) "warn")
2378: ((eq action :action-filter) "filter")
2379: ((eq action :action-deny) "deny")
2380: ((eq action :action-panic) "panic")
2381: ((eq action :action-stop) "stop")
2382: ((eq action :action-abort) "abort")
2383: ((eq action :action-kill) "kill")
2384: ((eq action :action-exit) "exit"))))
2385: ; Only proceed if action is not nil
2386: (when action
2387: ; Create the command string
2388: (let ((cmd (format "%s/utime" action)))
2389: ; Call syd--stat with the command
2390: (syd--stat (syd--rule cmd glob ?^))))))
2391:
2392: (defun syd-mkbdev-add (action glob)
2393: "Adds to the given actionlist of mkbdev sandboxing.
2394: ACTION is a constant representing the sandboxing action.
2395: GLOB is a string representing the glob pattern."
2396: (let ((action (cond
2397: ((eq action :action-allow) "allow")
2398: ((eq action :action-warn) "warn")
2399: ((eq action :action-filter) "filter")
2400: ((eq action :action-deny) "deny")
2401: ((eq action :action-panic) "panic")
2402: ((eq action :action-stop) "stop")
2403: ((eq action :action-abort) "abort")
2404: ((eq action :action-kill) "kill")
2405: ((eq action :action-exit) "exit"))))
2406: ; Only proceed if action is not nil
2407: (when action
2408: ; Create the command string
2409: (let ((cmd (format "%s/mkbdev" action)))
2410: ; Call syd--stat with the command
2411: (syd--stat (syd--rule cmd glob ?+))))))
2412:
2413: (defun syd-mkbdev-del (action glob)
2414: "Removes the first matching entry from the end of the given actionlist
2415: of mkbdev sandboxing.
2416: ACTION is a constant representing the sandboxing action.
2417: GLOB is a string representing the glob pattern."
2418: (let ((action (cond
2419: ((eq action :action-allow) "allow")
2420: ((eq action :action-warn) "warn")
2421: ((eq action :action-filter) "filter")
2422: ((eq action :action-deny) "deny")
2423: ((eq action :action-panic) "panic")
2424: ((eq action :action-stop) "stop")
2425: ((eq action :action-abort) "abort")
2426: ((eq action :action-kill) "kill")
2427: ((eq action :action-exit) "exit"))))
2428: ; Only proceed if action is not nil
2429: (when action
2430: ; Create the command string
2431: (let ((cmd (format "%s/mkbdev" action)))
2432: ; Call syd--stat with the command
2433: (syd--stat (syd--rule cmd glob ?-))))))
2434:
2435: (defun syd-mkbdev-rem (action glob)
2436: "Removes all matching entries from the given actionlist of mkbdev sandboxing.
2437: ACTION is a constant representing the sandboxing action.
2438: GLOB is a string representing the glob pattern."
2439: (let ((action (cond
2440: ((eq action :action-allow) "allow")
2441: ((eq action :action-warn) "warn")
2442: ((eq action :action-filter) "filter")
2443: ((eq action :action-deny) "deny")
2444: ((eq action :action-panic) "panic")
2445: ((eq action :action-stop) "stop")
2446: ((eq action :action-abort) "abort")
2447: ((eq action :action-kill) "kill")
2448: ((eq action :action-exit) "exit"))))
2449: ; Only proceed if action is not nil
2450: (when action
2451: ; Create the command string
2452: (let ((cmd (format "%s/mkbdev" action)))
2453: ; Call syd--stat with the command
2454: (syd--stat (syd--rule cmd glob ?^))))))
2455:
2456: (defun syd-mkcdev-add (action glob)
2457: "Adds to the given actionlist of mkcdev sandboxing.
2458: ACTION is a constant representing the sandboxing action.
2459: GLOB is a string representing the glob pattern."
2460: (let ((action (cond
2461: ((eq action :action-allow) "allow")
2462: ((eq action :action-warn) "warn")
2463: ((eq action :action-filter) "filter")
2464: ((eq action :action-deny) "deny")
2465: ((eq action :action-panic) "panic")
2466: ((eq action :action-stop) "stop")
2467: ((eq action :action-abort) "abort")
2468: ((eq action :action-kill) "kill")
2469: ((eq action :action-exit) "exit"))))
2470: ; Only proceed if action is not nil
2471: (when action
2472: ; Create the command string
2473: (let ((cmd (format "%s/mkcdev" action)))
2474: ; Call syd--stat with the command
2475: (syd--stat (syd--rule cmd glob ?+))))))
2476:
2477: (defun syd-mkcdev-del (action glob)
2478: "Removes the first matching entry from the end of the given actionlist
2479: of mkcdev sandboxing.
2480: ACTION is a constant representing the sandboxing action.
2481: GLOB is a string representing the glob pattern."
2482: (let ((action (cond
2483: ((eq action :action-allow) "allow")
2484: ((eq action :action-warn) "warn")
2485: ((eq action :action-filter) "filter")
2486: ((eq action :action-deny) "deny")
2487: ((eq action :action-panic) "panic")
2488: ((eq action :action-stop) "stop")
2489: ((eq action :action-abort) "abort")
2490: ((eq action :action-kill) "kill")
2491: ((eq action :action-exit) "exit"))))
2492: ; Only proceed if action is not nil
2493: (when action
2494: ; Create the command string
2495: (let ((cmd (format "%s/mkcdev" action)))
2496: ; Call syd--stat with the command
2497: (syd--stat (syd--rule cmd glob ?-))))))
2498:
2499: (defun syd-mkcdev-rem (action glob)
2500: "Removes all matching entries from the given actionlist of mkcdev sandboxing.
2501: ACTION is a constant representing the sandboxing action.
2502: GLOB is a string representing the glob pattern."
2503: (let ((action (cond
2504: ((eq action :action-allow) "allow")
2505: ((eq action :action-warn) "warn")
2506: ((eq action :action-filter) "filter")
2507: ((eq action :action-deny) "deny")
2508: ((eq action :action-panic) "panic")
2509: ((eq action :action-stop) "stop")
2510: ((eq action :action-abort) "abort")
2511: ((eq action :action-kill) "kill")
2512: ((eq action :action-exit) "exit"))))
2513: ; Only proceed if action is not nil
2514: (when action
2515: ; Create the command string
2516: (let ((cmd (format "%s/mkcdev" action)))
2517: ; Call syd--stat with the command
2518: (syd--stat (syd--rule cmd glob ?^))))))
2519:
2520: (defun syd-mkfifo-add (action glob)
2521: "Adds to the given actionlist of mkfifo sandboxing.
2522: ACTION is a constant representing the sandboxing action.
2523: GLOB is a string representing the glob pattern."
2524: (let ((action (cond
2525: ((eq action :action-allow) "allow")
2526: ((eq action :action-warn) "warn")
2527: ((eq action :action-filter) "filter")
2528: ((eq action :action-deny) "deny")
2529: ((eq action :action-panic) "panic")
2530: ((eq action :action-stop) "stop")
2531: ((eq action :action-abort) "abort")
2532: ((eq action :action-kill) "kill")
2533: ((eq action :action-exit) "exit"))))
2534: ; Only proceed if action is not nil
2535: (when action
2536: ; Create the command string
2537: (let ((cmd (format "%s/mkfifo" action)))
2538: ; Call syd--stat with the command
2539: (syd--stat (syd--rule cmd glob ?+))))))
2540:
2541: (defun syd-mkfifo-del (action glob)
2542: "Removes the first matching entry from the end of the given actionlist
2543: of mkfifo sandboxing.
2544: ACTION is a constant representing the sandboxing action.
2545: GLOB is a string representing the glob pattern."
2546: (let ((action (cond
2547: ((eq action :action-allow) "allow")
2548: ((eq action :action-warn) "warn")
2549: ((eq action :action-filter) "filter")
2550: ((eq action :action-deny) "deny")
2551: ((eq action :action-panic) "panic")
2552: ((eq action :action-stop) "stop")
2553: ((eq action :action-abort) "abort")
2554: ((eq action :action-kill) "kill")
2555: ((eq action :action-exit) "exit"))))
2556: ; Only proceed if action is not nil
2557: (when action
2558: ; Create the command string
2559: (let ((cmd (format "%s/mkfifo" action)))
2560: ; Call syd--stat with the command
2561: (syd--stat (syd--rule cmd glob ?-))))))
2562:
2563: (defun syd-mkfifo-rem (action glob)
2564: "Removes all matching entries from the given actionlist of mkfifo sandboxing.
2565: ACTION is a constant representing the sandboxing action.
2566: GLOB is a string representing the glob pattern."
2567: (let ((action (cond
2568: ((eq action :action-allow) "allow")
2569: ((eq action :action-warn) "warn")
2570: ((eq action :action-filter) "filter")
2571: ((eq action :action-deny) "deny")
2572: ((eq action :action-panic) "panic")
2573: ((eq action :action-stop) "stop")
2574: ((eq action :action-abort) "abort")
2575: ((eq action :action-kill) "kill")
2576: ((eq action :action-exit) "exit"))))
2577: ; Only proceed if action is not nil
2578: (when action
2579: ; Create the command string
2580: (let ((cmd (format "%s/mkfifo" action)))
2581: ; Call syd--stat with the command
2582: (syd--stat (syd--rule cmd glob ?^))))))
2583:
2584: (defun syd-mktemp-add (action glob)
2585: "Adds to the given actionlist of mktemp sandboxing.
2586: ACTION is a constant representing the sandboxing action.
2587: GLOB is a string representing the glob pattern."
2588: (let ((action (cond
2589: ((eq action :action-allow) "allow")
2590: ((eq action :action-warn) "warn")
2591: ((eq action :action-filter) "filter")
2592: ((eq action :action-deny) "deny")
2593: ((eq action :action-panic) "panic")
2594: ((eq action :action-stop) "stop")
2595: ((eq action :action-abort) "abort")
2596: ((eq action :action-kill) "kill")
2597: ((eq action :action-exit) "exit"))))
2598: ; Only proceed if action is not nil
2599: (when action
2600: ; Create the command string
2601: (let ((cmd (format "%s/mktemp" action)))
2602: ; Call syd--stat with the command
2603: (syd--stat (syd--rule cmd glob ?+))))))
2604:
2605: (defun syd-mktemp-del (action glob)
2606: "Removes the first matching entry from the end of the given actionlist
2607: of mktemp sandboxing.
2608: ACTION is a constant representing the sandboxing action.
2609: GLOB is a string representing the glob pattern."
2610: (let ((action (cond
2611: ((eq action :action-allow) "allow")
2612: ((eq action :action-warn) "warn")
2613: ((eq action :action-filter) "filter")
2614: ((eq action :action-deny) "deny")
2615: ((eq action :action-panic) "panic")
2616: ((eq action :action-stop) "stop")
2617: ((eq action :action-abort) "abort")
2618: ((eq action :action-kill) "kill")
2619: ((eq action :action-exit) "exit"))))
2620: ; Only proceed if action is not nil
2621: (when action
2622: ; Create the command string
2623: (let ((cmd (format "%s/mktemp" action)))
2624: ; Call syd--stat with the command
2625: (syd--stat (syd--rule cmd glob ?-))))))
2626:
2627: (defun syd-mktemp-rem (action glob)
2628: "Removes all matching entries from the given actionlist of mktemp sandboxing.
2629: ACTION is a constant representing the sandboxing action.
2630: GLOB is a string representing the glob pattern."
2631: (let ((action (cond
2632: ((eq action :action-allow) "allow")
2633: ((eq action :action-warn) "warn")
2634: ((eq action :action-filter) "filter")
2635: ((eq action :action-deny) "deny")
2636: ((eq action :action-panic) "panic")
2637: ((eq action :action-stop) "stop")
2638: ((eq action :action-abort) "abort")
2639: ((eq action :action-kill) "kill")
2640: ((eq action :action-exit) "exit"))))
2641: ; Only proceed if action is not nil
2642: (when action
2643: ; Create the command string
2644: (let ((cmd (format "%s/mktemp" action)))
2645: ; Call syd--stat with the command
2646: (syd--stat (syd--rule cmd glob ?^))))))
2647:
2648: (defun syd-net-bind-add (action addr)
2649: "Adds to the given actionlist of net/bind sandboxing.
2650: ACTION is a constant representing the sandboxing action.
2651: ADDR is a string representing the address pattern."
2652: (let ((action (cond
2653: ((eq action :action-allow) "allow")
2654: ((eq action :action-warn) "warn")
2655: ((eq action :action-filter) "filter")
2656: ((eq action :action-deny) "deny")
2657: ((eq action :action-panic) "panic")
2658: ((eq action :action-stop) "stop")
2659: ((eq action :action-abort) "abort")
2660: ((eq action :action-kill) "kill")
2661: ((eq action :action-exit) "exit"))))
2662: ; Only proceed if action is not nil
2663: (when action
2664: ; Create the command string
2665: (let ((cmd (format "%s/net/bind" action)))
2666: ; Call syd--stat with the command
2667: (syd--stat (syd--rule cmd addr ?+))))))
2668:
2669: (defun syd-net-bind-del (action addr)
2670: "Removes the first matching entry from the end of the given actionlist
2671: of net/bind sandboxing.
2672: ACTION is a constant representing the sandboxing action.
2673: ADDR is a string representing the address pattern."
2674: (let ((action (cond
2675: ((eq action :action-allow) "allow")
2676: ((eq action :action-warn) "warn")
2677: ((eq action :action-filter) "filter")
2678: ((eq action :action-deny) "deny")
2679: ((eq action :action-panic) "panic")
2680: ((eq action :action-stop) "stop")
2681: ((eq action :action-abort) "abort")
2682: ((eq action :action-kill) "kill")
2683: ((eq action :action-exit) "exit"))))
2684: ; Only proceed if action is not nil
2685: (when action
2686: ; Create the command string
2687: (let ((cmd (format "%s/net/bind" action)))
2688: ; Call syd--stat with the command
2689: (syd--stat (syd--rule cmd addr ?-))))))
2690:
2691: (defun syd-net-bind-rem (action addr)
2692: "Removes all matching entries from the given actionlist of net/bind sandboxing.
2693: ACTION is a constant representing the sandboxing action.
2694: ADDR is a string representing the address pattern."
2695: (let ((action (cond
2696: ((eq action :action-allow) "allow")
2697: ((eq action :action-warn) "warn")
2698: ((eq action :action-filter) "filter")
2699: ((eq action :action-deny) "deny")
2700: ((eq action :action-panic) "panic")
2701: ((eq action :action-stop) "stop")
2702: ((eq action :action-abort) "abort")
2703: ((eq action :action-kill) "kill")
2704: ((eq action :action-exit) "exit"))))
2705: ; Only proceed if action is not nil
2706: (when action
2707: ; Create the command string
2708: (let ((cmd (format "%s/net/bind" action)))
2709: ; Call syd--stat with the command
2710: (syd--stat (syd--rule cmd addr ?^))))))
2711:
2712: (defun syd-net-connect-add (action addr)
2713: "Adds to the given actionlist of net/connect sandboxing.
2714: ACTION is a constant representing the sandboxing action.
2715: ADDR is a string representing the address pattern."
2716: (let ((action (cond
2717: ((eq action :action-allow) "allow")
2718: ((eq action :action-warn) "warn")
2719: ((eq action :action-filter) "filter")
2720: ((eq action :action-deny) "deny")
2721: ((eq action :action-panic) "panic")
2722: ((eq action :action-stop) "stop")
2723: ((eq action :action-abort) "abort")
2724: ((eq action :action-kill) "kill")
2725: ((eq action :action-exit) "exit"))))
2726: ; Only proceed if action is not nil
2727: (when action
2728: ; Create the command string
2729: (let ((cmd (format "%s/net/connect" action)))
2730: ; Call syd--stat with the command
2731: (syd--stat (syd--rule cmd addr ?+))))))
2732:
2733: (defun syd-net-connect-del (action addr)
2734: "Removes the first matching entry from the end of the given actionlist
2735: of net/connect sandboxing.
2736: ACTION is a constant representing the sandboxing action.
2737: ADDR is a string representing the address pattern."
2738: (let ((action (cond
2739: ((eq action :action-allow) "allow")
2740: ((eq action :action-warn) "warn")
2741: ((eq action :action-filter) "filter")
2742: ((eq action :action-deny) "deny")
2743: ((eq action :action-panic) "panic")
2744: ((eq action :action-stop) "stop")
2745: ((eq action :action-abort) "abort")
2746: ((eq action :action-kill) "kill")
2747: ((eq action :action-exit) "exit"))))
2748: ; Only proceed if action is not nil
2749: (when action
2750: ; Create the command string
2751: (let ((cmd (format "%s/net/connect" action)))
2752: ; Call syd--stat with the command
2753: (syd--stat (syd--rule cmd addr ?-))))))
2754:
2755: (defun syd-net-connect-rem (action addr)
2756: "Removes all matching entries from the given actionlist of net/connect
2757: sandboxing.
2758: ACTION is a constant representing the sandboxing action.
2759: ADDR is a string representing the address pattern."
2760: (let ((action (cond
2761: ((eq action :action-allow) "allow")
2762: ((eq action :action-warn) "warn")
2763: ((eq action :action-filter) "filter")
2764: ((eq action :action-deny) "deny")
2765: ((eq action :action-panic) "panic")
2766: ((eq action :action-stop) "stop")
2767: ((eq action :action-abort) "abort")
2768: ((eq action :action-kill) "kill")
2769: ((eq action :action-exit) "exit"))))
2770: ; Only proceed if action is not nil
2771: (when action
2772: ; Create the command string
2773: (let ((cmd (format "%s/net/connect" action)))
2774: ; Call syd--stat with the command
2775: (syd--stat (syd--rule cmd addr ?^))))))
2776:
2777: (defun syd-net-sendfd-add (action addr)
2778: "Adds to the given actionlist of net/sendfd sandboxing.
2779: ACTION is a constant representing the sandboxing action.
2780: ADDR is a string representing the address pattern."
2781: (let ((action (cond
2782: ((eq action :action-allow) "allow")
2783: ((eq action :action-warn) "warn")
2784: ((eq action :action-filter) "filter")
2785: ((eq action :action-deny) "deny")
2786: ((eq action :action-panic) "panic")
2787: ((eq action :action-stop) "stop")
2788: ((eq action :action-abort) "abort")
2789: ((eq action :action-kill) "kill")
2790: ((eq action :action-exit) "exit"))))
2791: ; Only proceed if action is not nil
2792: (when action
2793: ; Create the command string
2794: (let ((cmd (format "%s/net/sendfd" action)))
2795: ; Call syd--stat with the command
2796: (syd--stat (syd--rule cmd addr ?+))))))
2797:
2798: (defun syd-net-sendfd-del (action addr)
2799: "Removes the first matching entry from the end of the given actionlist
2800: of net/sendfd sandboxing.
2801: ACTION is a constant representing the sandboxing action.
2802: ADDR is a string representing the address pattern."
2803: (let ((action (cond
2804: ((eq action :action-allow) "allow")
2805: ((eq action :action-warn) "warn")
2806: ((eq action :action-filter) "filter")
2807: ((eq action :action-deny) "deny")
2808: ((eq action :action-panic) "panic")
2809: ((eq action :action-stop) "stop")
2810: ((eq action :action-abort) "abort")
2811: ((eq action :action-kill) "kill")
2812: ((eq action :action-exit) "exit"))))
2813: ; Only proceed if action is not nil
2814: (when action
2815: ; Create the command string
2816: (let ((cmd (format "%s/net/sendfd" action)))
2817: ; Call syd--stat with the command
2818: (syd--stat (syd--rule cmd addr ?-))))))
2819:
2820: (defun syd-net-sendfd-rem (action addr)
2821: "Removes all matching entries from the given actionlist of net/sendfd sandboxing.
2822: ACTION is a constant representing the sandboxing action.
2823: ADDR is a string representing the address pattern."
2824: (let ((action (cond
2825: ((eq action :action-allow) "allow")
2826: ((eq action :action-warn) "warn")
2827: ((eq action :action-filter) "filter")
2828: ((eq action :action-deny) "deny")
2829: ((eq action :action-panic) "panic")
2830: ((eq action :action-stop) "stop")
2831: ((eq action :action-abort) "abort")
2832: ((eq action :action-kill) "kill")
2833: ((eq action :action-exit) "exit"))))
2834: ; Only proceed if action is not nil
2835: (when action
2836: ; Create the command string
2837: (let ((cmd (format "%s/net/sendfd" action)))
2838: ; Call syd--stat with the command
2839: (syd--stat (syd--rule cmd addr ?^))))))
2840:
2841: (defun syd-net-link-add (action addr)
2842: "Adds to the given actionlist of net/link sandboxing.
2843: ACTION is a constant representing the sandboxing action.
2844: ADDR is a string representing the address pattern."
2845: (let ((action (cond
2846: ((eq action :action-allow) "allow")
2847: ((eq action :action-warn) "warn")
2848: ((eq action :action-filter) "filter")
2849: ((eq action :action-deny) "deny")
2850: ((eq action :action-panic) "panic")
2851: ((eq action :action-stop) "stop")
2852: ((eq action :action-abort) "abort")
2853: ((eq action :action-kill) "kill")
2854: ((eq action :action-exit) "exit"))))
2855: ; Only proceed if action is not nil
2856: (when action
2857: ; Create the command string
2858: (let ((cmd (format "%s/net/link" action)))
2859: ; Call syd--stat with the command
2860: (syd--stat (syd--rule cmd addr ?+))))))
2861:
2862: (defun syd-net-link-del (action addr)
2863: "Removes the first matching entry from the end of the given actionlist
2864: of net/link sandboxing.
2865: ACTION is a constant representing the sandboxing action.
2866: ADDR is a string representing the address pattern."
2867: (let ((action (cond
2868: ((eq action :action-allow) "allow")
2869: ((eq action :action-warn) "warn")
2870: ((eq action :action-filter) "filter")
2871: ((eq action :action-deny) "deny")
2872: ((eq action :action-panic) "panic")
2873: ((eq action :action-stop) "stop")
2874: ((eq action :action-abort) "abort")
2875: ((eq action :action-kill) "kill")
2876: ((eq action :action-exit) "exit"))))
2877: ; Only proceed if action is not nil
2878: (when action
2879: ; Create the command string
2880: (let ((cmd (format "%s/net/link" action)))
2881: ; Call syd--stat with the command
2882: (syd--stat (syd--rule cmd addr ?-))))))
2883:
2884: (defun syd-net-link-rem (action addr)
2885: "Removes all matching entries from the given actionlist of net/link sandboxing.
2886: ACTION is a constant representing the sandboxing action.
2887: ADDR is a string representing the address pattern."
2888: (let ((action (cond
2889: ((eq action :action-allow) "allow")
2890: ((eq action :action-warn) "warn")
2891: ((eq action :action-filter) "filter")
2892: ((eq action :action-deny) "deny")
2893: ((eq action :action-panic) "panic")
2894: ((eq action :action-stop) "stop")
2895: ((eq action :action-abort) "abort")
2896: ((eq action :action-kill) "kill")
2897: ((eq action :action-exit) "exit"))))
2898: ; Only proceed if action is not nil
2899: (when action
2900: ; Create the command string
2901: (let ((cmd (format "%s/net/link" action)))
2902: ; Call syd--stat with the command
2903: (syd--stat (syd--rule cmd addr ?^))))))
2904:
2905: (defun syd-force-add (path hash action)
2906: "Adds an entry to the Integrity Force map for Force Sandboxing.
2907: PATH is a fully-qualified file name.
2908: HASH is a hexadecimal encoded checksum.
2909: ACTION is one of :action-warn, :action-filter, :action-deny, :action-panic, :action-stop, :action-abort, :action-kill, or :action-exit."
2910: (let ((action (cond ((eq action :action-warn) "warn")
2911: ((eq action :action-filter) "filter")
2912: ((eq action :action-deny) "deny")
2913: ((eq action :action-deny) "panic")
2914: ((eq action :action-stop) "stop")
2915: ((eq action :action-abort) "abort")
2916: ((eq action :action-kill) "kill")
2917: ((eq action :action-kill) "exit"))))
2918: ; Only proceed if action is not nil
2919: (when action
2920: ; Create the command string
2921: (let ((cmd (format "/dev/syd/force+%s:%s:%s" path hash action)))
2922: ; Call syd--stat with the command
2923: (syd--stat cmd)))))
2924:
2925: (defun syd-force-del (path)
2926: "Removes an entry from the Integrity Force map for Force Sandboxing.
2927: PATH is a fully-qualified file name."
2928: ; Create the command string
2929: (let ((cmd (format "/dev/syd/force-%s" path)))
2930: ; Call syd--stat with the command
2931: (syd--stat cmd)))
2932:
2933: (defun syd-force-clr ()
2934: "Clears the Integrity Force map for Force Sandboxing."
2935: (syd--stat "/dev/syd/force^"))
2936:
2937: (defun syd-mem-max (size)
2938: "Set syd maximum per-process memory usage limit.
2939: SIZE can be an integer or a string representing the memory limit."
2940: (let ((size-str (cond ((integerp size) (number-to-string size))
2941: ((stringp size) size)
2942: (t (error "Size must be an integer or a string")))))
2943: (syd--stat (syd--rule "mem/max" size-str ?:))))
2944:
2945: (defun syd-mem-vm-max (size)
2946: "Set syd maximum per-process virtual memory usage limit.
2947: SIZE can be an integer or a string representing the memory limit."
2948: (let ((size-str (cond ((integerp size) (number-to-string size))
2949: ((stringp size) size)
2950: (t (error "Size must be an integer or a string")))))
2951: (syd--stat (syd--rule "mem/vm_max" size-str ?:))))
2952:
2953: (defun syd-pid-max (size)
2954: "Set syd maximum process ID limit for PID sandboxing.
2955: SIZE is a number representing the PID limit."
2956: (unless (numberp size)
2957: (error "Size must be a number"))
2958: (let ((path (format "/dev/syd/pid/max:%d" size)))
2959: (syd--stat path)))
2960:
2961: (defun syd-segvguard-expiry (timeout)
2962: "Specify SegvGuard entry expiry timeout in seconds.
2963: Setting this timeout to 0 effectively disables SegvGuard.
2964: TIMEOUT is a number representing the timeout in seconds."
2965: (unless (numberp timeout)
2966: (error "Timeout must be a number"))
2967: (let ((path (format "/dev/syd/segvguard/expiry:%d" timeout)))
2968: (syd--stat path)))
2969:
2970: (defun syd-segvguard-suspension (timeout)
2971: "Specify SegvGuard entry suspension timeout in seconds.
2972: TIMEOUT is a number representing the timeout in seconds."
2973: (unless (numberp timeout)
2974: (error "Timeout must be a number"))
2975: (let ((path (format "/dev/syd/segvguard/suspension:%d" timeout)))
2976: (syd--stat path)))
2977:
2978: (defun syd-segvguard-maxcrashes (limit)
2979: "Specify SegvGuard max number of crashes before suspension.
2980: LIMIT is a number representing the crash limit."
2981: (unless (numberp limit)
2982: (error "Limit must be a number"))
2983: (let ((path (format "/dev/syd/segvguard/maxcrashes:%d" limit)))
2984: (syd--stat path)))
2985:
2986: (defun syd-exec (file argv)
2987: "Execute a command outside the sandbox without sandboxing.
2988: FILE is the file path of the command as a string.
2989: ARGV is a list of strings representing the arguments to the command."
2990: (unless (stringp file)
2991: (error "File must be a string"))
2992: (let ((all-strings t))
2993: (dolist (arg argv)
2994: (unless (stringp arg)
2995: (setq all-strings nil)))
2996: (unless all-strings
2997: (error "All elements in ARGV must be strings")))
2998:
2999: (let ((cmd (mapconcat 'identity (cons file argv) "\x1F")))
3000: (syd--stat (concat "/dev/syd/cmd/exec!" cmd))))
3001:
3002: (defun syd--rule (rule elem op)
3003: "Helper function to construct a path for syd operations.
3004: RULE is a string representing the rule.
3005: ELEM is a string representing the element.
3006: OP is a character representing the operation."
3007: (unless (member op '(?+ ?- ?^ ?:))
3008: (error "Invalid operation"))
3009: (when (string-empty-p elem)
3010: (error "Element cannot be empty"))
3011: (concat "/dev/syd/" rule (char-to-string op) elem))
3012:
3013: (defun syd--stat (path)
3014: "Check if the file at PATH exists using `file-modes'."
3015: (condition-case nil
3016: (not (null (file-modes path)))
3017: (error nil))) ; On error, return nil
3018:
3019: (provide 'syd)
3020: ; syd.el ends here
3021:
06/09/2025 17:06:08, src/syd.el, Ali Polatel