1: ; -*- lexical-binding: t -*-
2: ;
3: ; syd.el --- Emacs Lisp implementation of the virtual Syd stat(2) interface
4: ;
5: ; Syd: rock-solid application kernel
6: ; src/syd.el: Emacs Lisp implementation of the virtual Syd stat(2) interface
7: ;
8: ; Copyright (c) 2023, 2024, 2025 Ali Polatel <alip@chesswob.org>
9: ;
10: ; SPDX-License-Identifier: GPL-3.0
11:
12: ; Define lock states as keywords
13: (defconst syd-lock-off :lock-off
14: "The sandbox lock is off, allowing all sandbox commands.")
15:
16: (defconst syd-lock-exec :lock-exec
17: "The sandbox lock is set to on for all processes except the initial process
18: \(syd exec child). This is the default state.")
19:
20: (defconst syd-lock-on :lock-on
21: "The sandbox lock is on, disallowing all sandbox commands.")
22:
23: ; Define sandbox actions as keywords
24: (defconst syd-action-allow :action-allow
25: "Allow system call.")
26:
27: (defconst syd-action-warn :action-warn
28: "Allow system call and warn.")
29:
30: (defconst syd-action-filter :action-filter
31: "Deny system call silently.")
32:
33: (defconst syd-action-deny :action-deny
34: "Deny system call and warn.")
35:
36: (defconst syd-action-panic :action-panic
37: "Deny system call, warn and panic the current Syd thread.")
38:
39: (defconst syd-action-stop :action-stop
40: "Deny system call, warn and stop offending process.")
41:
42: (defconst syd-action-abort :action-abort
43: "Deny system call, warn and abort offending process.")
44:
45: (defconst syd-action-kill :action-kill
46: "Deny system call, warn and kill offending process.")
47:
48: (defconst syd-action-exit :action-exit
49: "Warn, and exit Syd immediately with deny errno as exit value.")
50:
51: (defun syd-info ()
52: "Reads the state of the syd sandbox from /dev/syd and returns it as an alist.
53: If the `json' module is not available, returns nil."
54: (if (require 'json nil t)
55: (condition-case nil
56: (with-temp-buffer
57: (insert-file-contents "/dev/syd")
58: (with-no-warnings
59: (let ((json-object-type 'alist)
60: (json-array-type 'list)
61: (json-key-type 'symbol)
62: (json-false nil)
63: (json-null nil))
64: (json-read))))
65: (file-error
66: (message "Error reading /dev/syd.")
67: nil)
68: (json-error
69: (message "JSON decoding error.")
70: nil))
71: (progn
72: (message "JSON module not available.")
73: nil)))
74:
75: (defun syd-api ()
76: "Performs a syd API check."
77: (if (syd--stat "/dev/syd/3")
78: 3 ; API number on success
79: nil)) ; On error, return nil
80:
81: (defun syd-check ()
82: "Check if '/dev/syd' is a character device."
83: (syd--stat "/dev/syd"))
84:
85: (defun syd-panic ()
86: "Causes syd to exit immediately with code 127"
87: (syd--stat "/dev/syd/panic"))
88:
89: (defun syd-reset ()
90: "Causes syd to reset sandboxing to the default state."
91: (syd--stat "/dev/syd/reset"))
92:
93: (defun syd-load (fd)
94: "Causes syd to read configuration from the given file descriptor FD."
95: (let ((path (concat "/dev/syd/load/" (number-to-string fd))))
96: (syd--stat path)))
97:
98: (defun syd-lock (state)
99: "Sets the state of the sandbox lock.
100: STATE is one of the keywords :lock-off, :lock-exec, or :lock-on.
101: Returns t on success, nil on failure."
102: (cond
103: ((eq state syd-lock-off) (syd--stat "/dev/syd/lock:off"))
104: ((eq state syd-lock-exec) (syd--stat "/dev/syd/lock:exec"))
105: ((eq state syd-lock-on) (syd--stat "/dev/syd/lock:on"))
106: (t nil))) ; Invalid state
107:
108: (defun syd-enabled-walk ()
109: "Checks if Walk sandboxing is enabled."
110: (syd--stat "/dev/syd/sandbox/walk?"))
111:
112: (defun syd-enable-walk ()
113: "Enable Walk sandboxing."
114: (syd--stat "/dev/syd/sandbox/walk:on"))
115:
116: (defun syd-disable-walk ()
117: "Disable Walk sandboxing."
118: (syd--stat "/dev/syd/sandbox/walk:off"))
119:
120: (defun syd-enabled-stat ()
121: "Checks if Stat sandboxing is enabled."
122: (syd--stat "/dev/syd/sandbox/stat?"))
123:
124: (defun syd-enable-stat ()
125: "Enable Stat sandboxing."
126: (syd--stat "/dev/syd/sandbox/stat:on"))
127:
128: (defun syd-disable-stat ()
129: "Disable Stat sandboxing."
130: (syd--stat "/dev/syd/sandbox/stat:off"))
131:
132: (defun syd-enabled-read ()
133: "Checks if Read sandboxing is enabled."
134: (syd--stat "/dev/syd/sandbox/read?"))
135:
136: (defun syd-enable-read ()
137: "Enable Read sandboxing."
138: (syd--stat "/dev/syd/sandbox/read:on"))
139:
140: (defun syd-disable-read ()
141: "Disable Read sandboxing."
142: (syd--stat "/dev/syd/sandbox/read:off"))
143:
144: (defun syd-enabled-write ()
145: "Checks if Write sandboxing is enabled."
146: (syd--stat "/dev/syd/sandbox/write?"))
147:
148: (defun syd-enable-write ()
149: "Enable Write sandboxing."
150: (syd--stat "/dev/syd/sandbox/write:on"))
151:
152: (defun syd-disable-write ()
153: "Disable Write sandboxing."
154: (syd--stat "/dev/syd/sandbox/write:off"))
155:
156: (defun syd-enabled-exec ()
157: "Checks if Exec sandboxing is enabled."
158: (syd--stat "/dev/syd/sandbox/exec?"))
159:
160: (defun syd-enable-exec ()
161: "Enable Exec sandboxing."
162: (syd--stat "/dev/syd/sandbox/exec:on"))
163:
164: (defun syd-disable-exec ()
165: "Disable Exec sandboxing."
166: (syd--stat "/dev/syd/sandbox/exec:off"))
167:
168: (defun syd-enabled-ioctl ()
169: "Checks if Ioctl sandboxing is enabled."
170: (syd--stat "/dev/syd/sandbox/ioctl?"))
171:
172: (defun syd-enable-ioctl ()
173: "Enable Ioctl sandboxing."
174: (syd--stat "/dev/syd/sandbox/ioctl:on"))
175:
176: (defun syd-disable-ioctl ()
177: "Disable Ioctl sandboxing."
178: (syd--stat "/dev/syd/sandbox/ioctl:off"))
179:
180: (defun syd-enabled-create ()
181: "Checks if create sandboxing is enabled."
182: (syd--stat "/dev/syd/sandbox/create?"))
183:
184: (defun syd-enable-create ()
185: "Enable create sandboxing."
186: (syd--stat "/dev/syd/sandbox/create:on"))
187:
188: (defun syd-disable-create ()
189: "Disable create sandboxing."
190: (syd--stat "/dev/syd/sandbox/create:off"))
191:
192: (defun syd-enabled-delete ()
193: "Checks if delete sandboxing is enabled."
194: (syd--stat "/dev/syd/sandbox/delete?"))
195:
196: (defun syd-enable-delete ()
197: "Enable delete sandboxing."
198: (syd--stat "/dev/syd/sandbox/delete:on"))
199:
200: (defun syd-disable-delete ()
201: "Disable delete sandboxing."
202: (syd--stat "/dev/syd/sandbox/delete:off"))
203:
204: (defun syd-enabled-rename ()
205: "Checks if rename sandboxing is enabled."
206: (syd--stat "/dev/syd/sandbox/rename?"))
207:
208: (defun syd-enable-rename ()
209: "Enable rename sandboxing."
210: (syd--stat "/dev/syd/sandbox/rename:on"))
211:
212: (defun syd-disable-rename ()
213: "Disable rename sandboxing."
214: (syd--stat "/dev/syd/sandbox/rename:off"))
215:
216: (defun syd-enabled-symlink ()
217: "Checks if symlink sandboxing is enabled."
218: (syd--stat "/dev/syd/sandbox/symlink?"))
219:
220: (defun syd-enable-symlink ()
221: "Enable symlink sandboxing."
222: (syd--stat "/dev/syd/sandbox/symlink:on"))
223:
224: (defun syd-disable-symlink ()
225: "Disable symlink sandboxing."
226: (syd--stat "/dev/syd/sandbox/symlink:off"))
227:
228: (defun syd-enabled-truncate ()
229: "Checks if Truncate sandboxing is enabled."
230: (syd--stat "/dev/syd/sandbox/truncate?"))
231:
232: (defun syd-enable-truncate ()
233: "Enable Truncate sandboxing."
234: (syd--stat "/dev/syd/sandbox/truncate:on"))
235:
236: (defun syd-disable-truncate ()
237: "Disable Truncate sandboxing."
238: (syd--stat "/dev/syd/sandbox/truncate:off"))
239:
240: (defun syd-enabled-chdir ()
241: "Checks if chdir sandboxing is enabled."
242: (syd--stat "/dev/syd/sandbox/chdir?"))
243:
244: (defun syd-enable-chdir ()
245: "Enable chdir sandboxing."
246: (syd--stat "/dev/syd/sandbox/chdir:on"))
247:
248: (defun syd-disable-chdir ()
249: "Disable chdir sandboxing."
250: (syd--stat "/dev/syd/sandbox/chdir:off"))
251:
252: (defun syd-enabled-readdir ()
253: "Checks if readdir sandboxing is enabled."
254: (syd--stat "/dev/syd/sandbox/readdir?"))
255:
256: (defun syd-enable-readdir ()
257: "Enable readdir sandboxing."
258: (syd--stat "/dev/syd/sandbox/readdir:on"))
259:
260: (defun syd-disable-readdir ()
261: "Disable readdir sandboxing."
262: (syd--stat "/dev/syd/sandbox/readdir:off"))
263:
264: (defun syd-enabled-mkdir ()
265: "Checks if mkdir sandboxing is enabled."
266: (syd--stat "/dev/syd/sandbox/mkdir?"))
267:
268: (defun syd-enable-mkdir ()
269: "Enable mkdir sandboxing."
270: (syd--stat "/dev/syd/sandbox/mkdir:on"))
271:
272: (defun syd-disable-mkdir ()
273: "Disable mkdir sandboxing."
274: (syd--stat "/dev/syd/sandbox/mkdir:off"))
275:
276: (defun syd-enabled-rmdir ()
277: "Checks if rmdir sandboxing is enabled."
278: (syd--stat "/dev/syd/sandbox/rmdir?"))
279:
280: (defun syd-enable-rmdir ()
281: "Enable rmdir sandboxing."
282: (syd--stat "/dev/syd/sandbox/rmdir:on"))
283:
284: (defun syd-disable-rmdir ()
285: "Disable rmdir sandboxing."
286: (syd--stat "/dev/syd/sandbox/rmdir:off"))
287:
288: (defun syd-enabled-chown ()
289: "Checks if chown sandboxing is enabled."
290: (syd--stat "/dev/syd/sandbox/chown?"))
291:
292: (defun syd-enable-chown ()
293: "Enable chown sandboxing."
294: (syd--stat "/dev/syd/sandbox/chown:on"))
295:
296: (defun syd-disable-chown ()
297: "Disable chown sandboxing."
298: (syd--stat "/dev/syd/sandbox/chown:off"))
299:
300: (defun syd-enabled-chgrp ()
301: "Checks if chgrp sandboxing is enabled."
302: (syd--stat "/dev/syd/sandbox/chgrp?"))
303:
304: (defun syd-enable-chgrp ()
305: "Enable chgrp sandboxing."
306: (syd--stat "/dev/syd/sandbox/chgrp:on"))
307:
308: (defun syd-disable-chgrp ()
309: "Disable chgrp sandboxing."
310: (syd--stat "/dev/syd/sandbox/chgrp:off"))
311:
312: (defun syd-enabled-chmod ()
313: "Checks if chmod sandboxing is enabled."
314: (syd--stat "/dev/syd/sandbox/chmod?"))
315:
316: (defun syd-enable-chmod ()
317: "Enable chmod sandboxing."
318: (syd--stat "/dev/syd/sandbox/chmod:on"))
319:
320: (defun syd-disable-chmod ()
321: "Disable chmod sandboxing."
322: (syd--stat "/dev/syd/sandbox/chmod:off"))
323:
324: (defun syd-enabled-chattr ()
325: "Checks if chattr sandboxing is enabled."
326: (syd--stat "/dev/syd/sandbox/chattr?"))
327:
328: (defun syd-enable-chattr ()
329: "Enable chattr sandboxing."
330: (syd--stat "/dev/syd/sandbox/chattr:on"))
331:
332: (defun syd-disable-chattr ()
333: "Disable chattr sandboxing."
334: (syd--stat "/dev/syd/sandbox/chattr:off"))
335:
336: (defun syd-enabled-chroot ()
337: "Checks if chroot sandboxing is enabled."
338: (syd--stat "/dev/syd/sandbox/chroot?"))
339:
340: (defun syd-enable-chroot ()
341: "Enable chroot sandboxing."
342: (syd--stat "/dev/syd/sandbox/chroot:on"))
343:
344: (defun syd-disable-chroot ()
345: "Disable chroot sandboxing."
346: (syd--stat "/dev/syd/sandbox/chroot:off"))
347:
348: (defun syd-enabled-utime ()
349: "Checks if utime sandboxing is enabled."
350: (syd--stat "/dev/syd/sandbox/utime?"))
351:
352: (defun syd-enable-utime ()
353: "Enable utime sandboxing."
354: (syd--stat "/dev/syd/sandbox/utime:on"))
355:
356: (defun syd-disable-utime ()
357: "Disable utime sandboxing."
358: (syd--stat "/dev/syd/sandbox/utime:off"))
359:
360: (defun syd-enabled-mkbdev ()
361: "Checks if mkbdev sandboxing is enabled."
362: (syd--stat "/dev/syd/sandbox/mkbdev?"))
363:
364: (defun syd-enable-mkbdev ()
365: "Enable mkbdev sandboxing."
366: (syd--stat "/dev/syd/sandbox/mkbdev:on"))
367:
368: (defun syd-disable-mkbdev ()
369: "Disable mkbdev sandboxing."
370: (syd--stat "/dev/syd/sandbox/mkbdev:off"))
371:
372: (defun syd-enabled-mkcdev ()
373: "Checks if mkcdev sandboxing is enabled."
374: (syd--stat "/dev/syd/sandbox/mkcdev?"))
375:
376: (defun syd-enable-mkcdev ()
377: "Enable mkcdev sandboxing."
378: (syd--stat "/dev/syd/sandbox/mkcdev:on"))
379:
380: (defun syd-disable-mkcdev ()
381: "Disable mkcdev sandboxing."
382: (syd--stat "/dev/syd/sandbox/mkcdev:off"))
383:
384: (defun syd-enabled-mkfifo ()
385: "Checks if mkfifo sandboxing is enabled."
386: (syd--stat "/dev/syd/sandbox/mkfifo?"))
387:
388: (defun syd-enable-mkfifo ()
389: "Enable mkfifo sandboxing."
390: (syd--stat "/dev/syd/sandbox/mkfifo:on"))
391:
392: (defun syd-disable-mkfifo ()
393: "Disable mkfifo sandboxing."
394: (syd--stat "/dev/syd/sandbox/mkfifo:off"))
395:
396: (defun syd-enabled-mktemp ()
397: "Checks if mktemp sandboxing is enabled."
398: (syd--stat "/dev/syd/sandbox/mktemp?"))
399:
400: (defun syd-enable-mktemp ()
401: "Enable mktemp sandboxing."
402: (syd--stat "/dev/syd/sandbox/mktemp:on"))
403:
404: (defun syd-disable-mktemp ()
405: "Disable mktemp sandboxing."
406: (syd--stat "/dev/syd/sandbox/mktemp:off"))
407:
408: (defun syd-enabled-net ()
409: "Checks if Network sandboxing is enabled."
410: (syd--stat "/dev/syd/sandbox/net?"))
411:
412: (defun syd-enable-net ()
413: "Enable Network sandboxing."
414: (syd--stat "/dev/syd/sandbox/net:on"))
415:
416: (defun syd-disable-net ()
417: "Disable Network sandboxing."
418: (syd--stat "/dev/syd/sandbox/net:off"))
419:
420: (defun syd-enabled-lock ()
421: "Checks if lock sandboxing is enabled."
422: (syd--stat "/dev/syd/sandbox/lock?"))
423:
424: (defun syd-enabled-crypt ()
425: "Checks if crypt sandboxing is enabled."
426: (syd--stat "/dev/syd/sandbox/crypt?"))
427:
428: (defun syd-enabled-proxy ()
429: "Checks if proxy sandboxing is enabled."
430: (syd--stat "/dev/syd/sandbox/proxy?"))
431:
432: (defun syd-enabled-mem ()
433: "Checks if memory sandboxing is enabled."
434: (syd--stat "/dev/syd/sandbox/mem?"))
435:
436: (defun syd-enable-mem ()
437: "Enable memory sandboxing."
438: (syd--stat "/dev/syd/sandbox/mem:on"))
439:
440: (defun syd-disable-mem ()
441: "Disable memory sandboxing."
442: (syd--stat "/dev/syd/sandbox/mem:off"))
443:
444: (defun syd-enabled-pid ()
445: "Checks if PID sandboxing is enabled."
446: (syd--stat "/dev/syd/sandbox/pid?"))
447:
448: (defun syd-enable-pid ()
449: "Enable PID sandboxing."
450: (syd--stat "/dev/syd/sandbox/pid:on"))
451:
452: (defun syd-disable-pid ()
453: "Disable PID sandboxing."
454: (syd--stat "/dev/syd/sandbox/pid:off"))
455:
456: (defun syd-enabled-force ()
457: "Checks if force sandboxing is enabled."
458: (syd--stat "/dev/syd/sandbox/force?"))
459:
460: (defun syd-enable-force ()
461: "Enable force sandboxing."
462: (syd--stat "/dev/syd/sandbox/force:on"))
463:
464: (defun syd-disable-force ()
465: "Disable force sandboxing."
466: (syd--stat "/dev/syd/sandbox/force:off"))
467:
468: (defun syd-enabled-tpe ()
469: "Checks if TPE sandboxing is enabled."
470: (syd--stat "/dev/syd/sandbox/tpe?"))
471:
472: (defun syd-enable-tpe ()
473: "Enable TPE sandboxing."
474: (syd--stat "/dev/syd/sandbox/tpe:on"))
475:
476: (defun syd-disable-tpe ()
477: "Disable TPE sandboxing."
478: (syd--stat "/dev/syd/sandbox/tpe:off"))
479:
480: (defun syd-default-walk (action)
481: "Set default action for Walk sandboxing.
482: ACTION is a constant representing the sandboxing action."
483: (let ((action (cond
484: ((eq action :action-allow) "allow")
485: ((eq action :action-warn) "warn")
486: ((eq action :action-filter) "filter")
487: ((eq action :action-deny) "deny")
488: ((eq action :action-panic) "panic")
489: ((eq action :action-stop) "stop")
490: ((eq action :action-abort) "abort")
491: ((eq action :action-kill) "kill")
492: ((eq action :action-exit) "exit"))))
493: ; Only proceed if action is not nil
494: (when action
495: (let ((cmd (format "/dev/syd/default/walk:%s" action)))
496: ; Call syd--stat with the command
497: (syd--stat cmd)))))
498:
499: (defun syd-default-stat (action)
500: "Set default action for Stat sandboxing.
501: ACTION is a constant representing the sandboxing action."
502: (let ((action (cond
503: ((eq action :action-allow) "allow")
504: ((eq action :action-warn) "warn")
505: ((eq action :action-filter) "filter")
506: ((eq action :action-deny) "deny")
507: ((eq action :action-panic) "panic")
508: ((eq action :action-stop) "stop")
509: ((eq action :action-abort) "abort")
510: ((eq action :action-kill) "kill")
511: ((eq action :action-exit) "exit"))))
512: ; Only proceed if action is not nil
513: (when action
514: (let ((cmd (format "/dev/syd/default/stat:%s" action)))
515: ; Call syd--stat with the command
516: (syd--stat cmd)))))
517:
518: (defun syd-default-read (action)
519: "Set default action for Read sandboxing.
520: ACTION is a constant representing the sandboxing action."
521: (let ((action (cond
522: ((eq action :action-allow) "allow")
523: ((eq action :action-warn) "warn")
524: ((eq action :action-filter) "filter")
525: ((eq action :action-deny) "deny")
526: ((eq action :action-panic) "panic")
527: ((eq action :action-stop) "stop")
528: ((eq action :action-abort) "abort")
529: ((eq action :action-kill) "kill")
530: ((eq action :action-exit) "exit"))))
531: ; Only proceed if action is not nil
532: (when action
533: (let ((cmd (format "/dev/syd/default/read:%s" action)))
534: ; Call syd--stat with the command
535: (syd--stat cmd)))))
536:
537: (defun syd-default-write (action)
538: "Set default action for Write sandboxing.
539: ACTION is a constant representing the sandboxing action."
540: (let ((action (cond
541: ((eq action :action-allow) "allow")
542: ((eq action :action-warn) "warn")
543: ((eq action :action-filter) "filter")
544: ((eq action :action-deny) "deny")
545: ((eq action :action-panic) "panic")
546: ((eq action :action-stop) "stop")
547: ((eq action :action-abort) "abort")
548: ((eq action :action-kill) "kill")
549: ((eq action :action-exit) "exit"))))
550: ; Only proceed if action is not nil
551: (when action
552: (let ((cmd (format "/dev/syd/default/write:%s" action)))
553: ; Call syd--write with the command
554: (syd--stat cmd)))))
555:
556: (defun syd-default-exec (action)
557: "Set default action for Exec sandboxing.
558: ACTION is a constant representing the sandboxing action."
559: (let ((action (cond
560: ((eq action :action-allow) "allow")
561: ((eq action :action-warn) "warn")
562: ((eq action :action-filter) "filter")
563: ((eq action :action-deny) "deny")
564: ((eq action :action-panic) "panic")
565: ((eq action :action-stop) "stop")
566: ((eq action :action-abort) "abort")
567: ((eq action :action-kill) "kill")
568: ((eq action :action-exit) "exit"))))
569: ; Only proceed if action is not nil
570: (when action
571: (let ((cmd (format "/dev/syd/default/exec:%s" action)))
572: ; Call syd--exec with the command
573: (syd--stat cmd)))))
574:
575: (defun syd-default-ioctl (action)
576: "Set default action for Ioctl sandboxing.
577: ACTION is a constant representing the sandboxing action."
578: (let ((action (cond
579: ((eq action :action-allow) "allow")
580: ((eq action :action-warn) "warn")
581: ((eq action :action-filter) "filter")
582: ((eq action :action-deny) "deny")
583: ((eq action :action-panic) "panic")
584: ((eq action :action-stop) "stop")
585: ((eq action :action-abort) "abort")
586: ((eq action :action-kill) "kill")
587: ((eq action :action-exit) "exit"))))
588: ; Only proceed if action is not nil
589: (when action
590: (let ((cmd (format "/dev/syd/default/ioctl:%s" action)))
591: ; Call syd--ioctl with the command
592: (syd--stat cmd)))))
593:
594: (defun syd-default-create (action)
595: "Set default action for Create sandboxing.
596: ACTION is a constant representing the sandboxing action."
597: (let ((action (cond
598: ((eq action :action-allow) "allow")
599: ((eq action :action-warn) "warn")
600: ((eq action :action-filter) "filter")
601: ((eq action :action-deny) "deny")
602: ((eq action :action-panic) "panic")
603: ((eq action :action-stop) "stop")
604: ((eq action :action-abort) "abort")
605: ((eq action :action-kill) "kill")
606: ((eq action :action-exit) "exit"))))
607: ; Only proceed if action is not nil
608: (when action
609: (let ((cmd (format "/dev/syd/default/create:%s" action)))
610: ; Call syd--stat with the command
611: (syd--stat cmd)))))
612:
613: (defun syd-default-delete (action)
614: "Set default action for Delete sandboxing.
615: ACTION is a constant representing the sandboxing action."
616: (let ((action (cond
617: ((eq action :action-allow) "allow")
618: ((eq action :action-warn) "warn")
619: ((eq action :action-filter) "filter")
620: ((eq action :action-deny) "deny")
621: ((eq action :action-panic) "panic")
622: ((eq action :action-stop) "stop")
623: ((eq action :action-abort) "abort")
624: ((eq action :action-kill) "kill")
625: ((eq action :action-exit) "exit"))))
626: ; Only proceed if action is not nil
627: (when action
628: (let ((cmd (format "/dev/syd/default/delete:%s" action)))
629: ; Call syd--stat with the command
630: (syd--stat cmd)))))
631:
632: (defun syd-default-rename (action)
633: "Set default action for rename sandboxing.
634: ACTION is a constant representing the sandboxing action."
635: (let ((action (cond
636: ((eq action :action-allow) "allow")
637: ((eq action :action-warn) "warn")
638: ((eq action :action-filter) "filter")
639: ((eq action :action-deny) "deny")
640: ((eq action :action-panic) "panic")
641: ((eq action :action-stop) "stop")
642: ((eq action :action-abort) "abort")
643: ((eq action :action-kill) "kill")
644: ((eq action :action-exit) "exit"))))
645: ; Only proceed if action is not nil
646: (when action
647: (let ((cmd (format "/dev/syd/default/rename:%s" action)))
648: ; Call syd--stat with the command
649: (syd--stat cmd)))))
650:
651: (defun syd-default-symlink (action)
652: "Set default action for symlink sandboxing.
653: ACTION is a constant representing the sandboxing action."
654: (let ((action (cond
655: ((eq action :action-allow) "allow")
656: ((eq action :action-warn) "warn")
657: ((eq action :action-filter) "filter")
658: ((eq action :action-deny) "deny")
659: ((eq action :action-panic) "panic")
660: ((eq action :action-stop) "stop")
661: ((eq action :action-abort) "abort")
662: ((eq action :action-kill) "kill")
663: ((eq action :action-exit) "exit"))))
664: ; Only proceed if action is not nil
665: (when action
666: (let ((cmd (format "/dev/syd/default/symlink:%s" action)))
667: ; Call syd--stat with the command
668: (syd--stat cmd)))))
669:
670: (defun syd-default-truncate (action)
671: "Set default action for Truncate sandboxing.
672: ACTION is a constant representing the sandboxing action."
673: (let ((action (cond
674: ((eq action :action-allow) "allow")
675: ((eq action :action-warn) "warn")
676: ((eq action :action-filter) "filter")
677: ((eq action :action-deny) "deny")
678: ((eq action :action-panic) "panic")
679: ((eq action :action-stop) "stop")
680: ((eq action :action-abort) "abort")
681: ((eq action :action-kill) "kill")
682: ((eq action :action-exit) "exit"))))
683: ; Only proceed if action is not nil
684: (when action
685: (let ((cmd (format "/dev/syd/default/truncate:%s" action)))
686: ; Call syd--truncate with the command
687: (syd--stat cmd)))))
688:
689: (defun syd-default-chdir (action)
690: "Set default action for chdir sandboxing.
691: ACTION is a constant representing the sandboxing action."
692: (let ((action (cond
693: ((eq action :action-allow) "allow")
694: ((eq action :action-warn) "warn")
695: ((eq action :action-filter) "filter")
696: ((eq action :action-deny) "deny")
697: ((eq action :action-panic) "panic")
698: ((eq action :action-stop) "stop")
699: ((eq action :action-abort) "abort")
700: ((eq action :action-kill) "kill")
701: ((eq action :action-exit) "exit"))))
702: ; Only proceed if action is not nil
703: (when action
704: (let ((cmd (format "/dev/syd/default/chdir:%s" action)))
705: ; Call syd--chdir with the command
706: (syd--stat cmd)))))
707:
708: (defun syd-default-readdir (action)
709: "Set default action for readdir sandboxing.
710: ACTION is a constant representing the sandboxing action."
711: (let ((action (cond
712: ((eq action :action-allow) "allow")
713: ((eq action :action-warn) "warn")
714: ((eq action :action-filter) "filter")
715: ((eq action :action-deny) "deny")
716: ((eq action :action-panic) "panic")
717: ((eq action :action-stop) "stop")
718: ((eq action :action-abort) "abort")
719: ((eq action :action-kill) "kill")
720: ((eq action :action-exit) "exit"))))
721: ; Only proceed if action is not nil
722: (when action
723: (let ((cmd (format "/dev/syd/default/readdir:%s" action)))
724: ; Call syd--readdir with the command
725: (syd--stat cmd)))))
726:
727: (defun syd-default-mkdir (action)
728: "Set default action for mkdir sandboxing.
729: ACTION is a constant representing the sandboxing action."
730: (let ((action (cond
731: ((eq action :action-allow) "allow")
732: ((eq action :action-warn) "warn")
733: ((eq action :action-filter) "filter")
734: ((eq action :action-deny) "deny")
735: ((eq action :action-panic) "panic")
736: ((eq action :action-stop) "stop")
737: ((eq action :action-abort) "abort")
738: ((eq action :action-kill) "kill")
739: ((eq action :action-exit) "exit"))))
740: ; Only proceed if action is not nil
741: (when action
742: (let ((cmd (format "/dev/syd/default/mkdir:%s" action)))
743: ; Call syd--mkdir with the command
744: (syd--stat cmd)))))
745:
746: (defun syd-default-rmdir (action)
747: "Set default action for rmdir sandboxing.
748: ACTION is a constant representing the sandboxing action."
749: (let ((action (cond
750: ((eq action :action-allow) "allow")
751: ((eq action :action-warn) "warn")
752: ((eq action :action-filter) "filter")
753: ((eq action :action-deny) "deny")
754: ((eq action :action-panic) "panic")
755: ((eq action :action-stop) "stop")
756: ((eq action :action-abort) "abort")
757: ((eq action :action-kill) "kill")
758: ((eq action :action-exit) "exit"))))
759: ; Only proceed if action is not nil
760: (when action
761: (let ((cmd (format "/dev/syd/default/rmdir:%s" action)))
762: ; Call syd--rmdir with the command
763: (syd--stat cmd)))))
764:
765: (defun syd-default-chown (action)
766: "Set default action for Chown sandboxing.
767: ACTION is a constant representing the sandboxing action."
768: (let ((action (cond
769: ((eq action :action-allow) "allow")
770: ((eq action :action-warn) "warn")
771: ((eq action :action-filter) "filter")
772: ((eq action :action-deny) "deny")
773: ((eq action :action-panic) "panic")
774: ((eq action :action-stop) "stop")
775: ((eq action :action-abort) "abort")
776: ((eq action :action-kill) "kill")
777: ((eq action :action-exit) "exit"))))
778: ; Only proceed if action is not nil
779: (when action
780: (let ((cmd (format "/dev/syd/default/chown:%s" action)))
781: ; Call syd--stat with the command
782: (syd--stat cmd)))))
783:
784: (defun syd-default-chgrp (action)
785: "Set default action for Chgrp sandboxing.
786: ACTION is a constant representing the sandboxing action."
787: (let ((action (cond
788: ((eq action :action-allow) "allow")
789: ((eq action :action-warn) "warn")
790: ((eq action :action-filter) "filter")
791: ((eq action :action-deny) "deny")
792: ((eq action :action-panic) "panic")
793: ((eq action :action-stop) "stop")
794: ((eq action :action-abort) "abort")
795: ((eq action :action-kill) "kill")
796: ((eq action :action-exit) "exit"))))
797: ; Only proceed if action is not nil
798: (when action
799: (let ((cmd (format "/dev/syd/default/chgrp:%s" action)))
800: ; Call syd--stat with the command
801: (syd--stat cmd)))))
802:
803: (defun syd-default-chmod (action)
804: "Set default action for chmod sandboxing.
805: ACTION is a constant representing the sandboxing action."
806: (let ((action (cond
807: ((eq action :action-allow) "allow")
808: ((eq action :action-warn) "warn")
809: ((eq action :action-filter) "filter")
810: ((eq action :action-deny) "deny")
811: ((eq action :action-panic) "panic")
812: ((eq action :action-stop) "stop")
813: ((eq action :action-abort) "abort")
814: ((eq action :action-kill) "kill")
815: ((eq action :action-exit) "exit"))))
816: ; Only proceed if action is not nil
817: (when action
818: (let ((cmd (format "/dev/syd/default/chmod:%s" action)))
819: ; Call syd--stat with the command
820: (syd--stat cmd)))))
821:
822: (defun syd-default-chattr (action)
823: "Set default action for chattr sandboxing.
824: ACTION is a constant representing the sandboxing action."
825: (let ((action (cond
826: ((eq action :action-allow) "allow")
827: ((eq action :action-warn) "warn")
828: ((eq action :action-filter) "filter")
829: ((eq action :action-deny) "deny")
830: ((eq action :action-panic) "panic")
831: ((eq action :action-stop) "stop")
832: ((eq action :action-abort) "abort")
833: ((eq action :action-kill) "kill")
834: ((eq action :action-exit) "exit"))))
835: ; Only proceed if action is not nil
836: (when action
837: (let ((cmd (format "/dev/syd/default/chattr:%s" action)))
838: ; Call syd--stat with the command
839: (syd--stat cmd)))))
840:
841: (defun syd-default-chroot (action)
842: "Set default action for chroot sandboxing.
843: ACTION is a constant representing the sandboxing action."
844: (let ((action (cond
845: ((eq action :action-allow) "allow")
846: ((eq action :action-warn) "warn")
847: ((eq action :action-filter) "filter")
848: ((eq action :action-deny) "deny")
849: ((eq action :action-panic) "panic")
850: ((eq action :action-stop) "stop")
851: ((eq action :action-abort) "abort")
852: ((eq action :action-kill) "kill")
853: ((eq action :action-exit) "exit"))))
854: ; Only proceed if action is not nil
855: (when action
856: (let ((cmd (format "/dev/syd/default/chroot:%s" action)))
857: ; Call syd--stat with the command
858: (syd--stat cmd)))))
859:
860: (defun syd-default-utime (action)
861: "Set default action for utime sandboxing.
862: ACTION is a constant representing the sandboxing action."
863: (let ((action (cond
864: ((eq action :action-allow) "allow")
865: ((eq action :action-warn) "warn")
866: ((eq action :action-filter) "filter")
867: ((eq action :action-deny) "deny")
868: ((eq action :action-panic) "panic")
869: ((eq action :action-stop) "stop")
870: ((eq action :action-abort) "abort")
871: ((eq action :action-kill) "kill")
872: ((eq action :action-exit) "exit"))))
873: ; Only proceed if action is not nil
874: (when action
875: (let ((cmd (format "/dev/syd/default/utime:%s" action)))
876: ; Call syd--stat with the command
877: (syd--stat cmd)))))
878:
879: (defun syd-default-mkbdev (action)
880: "Set default action for mkbdev sandboxing.
881: ACTION is a constant representing the sandboxing action."
882: (let ((action (cond
883: ((eq action :action-allow) "allow")
884: ((eq action :action-warn) "warn")
885: ((eq action :action-filter) "filter")
886: ((eq action :action-deny) "deny")
887: ((eq action :action-panic) "panic")
888: ((eq action :action-stop) "stop")
889: ((eq action :action-abort) "abort")
890: ((eq action :action-kill) "kill")
891: ((eq action :action-exit) "exit"))))
892: ; Only proceed if action is not nil
893: (when action
894: (let ((cmd (format "/dev/syd/default/mkbdev:%s" action)))
895: ; Call syd--stat with the command
896: (syd--stat cmd)))))
897:
898: (defun syd-default-mkcdev (action)
899: "Set default action for mkcdev sandboxing.
900: ACTION is a constant representing the sandboxing action."
901: (let ((action (cond
902: ((eq action :action-allow) "allow")
903: ((eq action :action-warn) "warn")
904: ((eq action :action-filter) "filter")
905: ((eq action :action-deny) "deny")
906: ((eq action :action-panic) "panic")
907: ((eq action :action-stop) "stop")
908: ((eq action :action-abort) "abort")
909: ((eq action :action-kill) "kill")
910: ((eq action :action-exit) "exit"))))
911: ; Only proceed if action is not nil
912: (when action
913: (let ((cmd (format "/dev/syd/default/mkcdev:%s" action)))
914: ; Call syd--stat with the command
915: (syd--stat cmd)))))
916:
917: (defun syd-default-mkfifo (action)
918: "Set default action for mkfifo sandboxing.
919: ACTION is a constant representing the sandboxing action."
920: (let ((action (cond
921: ((eq action :action-allow) "allow")
922: ((eq action :action-warn) "warn")
923: ((eq action :action-filter) "filter")
924: ((eq action :action-deny) "deny")
925: ((eq action :action-panic) "panic")
926: ((eq action :action-stop) "stop")
927: ((eq action :action-abort) "abort")
928: ((eq action :action-kill) "kill")
929: ((eq action :action-exit) "exit"))))
930: ; Only proceed if action is not nil
931: (when action
932: (let ((cmd (format "/dev/syd/default/mkfifo:%s" action)))
933: ; Call syd--stat with the command
934: (syd--stat cmd)))))
935:
936: (defun syd-default-mktemp (action)
937: "Set default action for mktemp sandboxing.
938: ACTION is a constant representing the sandboxing action."
939: (let ((action (cond
940: ((eq action :action-allow) "allow")
941: ((eq action :action-warn) "warn")
942: ((eq action :action-filter) "filter")
943: ((eq action :action-deny) "deny")
944: ((eq action :action-panic) "panic")
945: ((eq action :action-stop) "stop")
946: ((eq action :action-abort) "abort")
947: ((eq action :action-kill) "kill")
948: ((eq action :action-exit) "exit"))))
949: ; Only proceed if action is not nil
950: (when action
951: (let ((cmd (format "/dev/syd/default/mktemp:%s" action)))
952: ; Call syd--stat with the command
953: (syd--stat cmd)))))
954:
955: (defun syd-default-net (action)
956: "Set default action for Network sandboxing.
957: ACTION is a constant representing the sandboxing action."
958: (let ((action (cond
959: ((eq action :action-allow) "allow")
960: ((eq action :action-warn) "warn")
961: ((eq action :action-filter) "filter")
962: ((eq action :action-deny) "deny")
963: ((eq action :action-panic) "panic")
964: ((eq action :action-stop) "stop")
965: ((eq action :action-abort) "abort")
966: ((eq action :action-kill) "kill")
967: ((eq action :action-exit) "exit"))))
968: ; Only proceed if action is not nil
969: (when action
970: (let ((cmd (format "/dev/syd/default/net:%s" action)))
971: ; Call syd--net with the command
972: (syd--stat cmd)))))
973:
974: ; TODO: syd-default-block!
975:
976: (defun syd-default-mem (action)
977: "Set default action for Memory sandboxing.
978: ACTION is a constant representing the sandboxing action."
979: (let ((action (cond
980: ((eq action :action-allow) "allow")
981: ((eq action :action-warn) "warn")
982: ((eq action :action-filter) "filter")
983: ((eq action :action-deny) "deny")
984: ((eq action :action-panic) "panic")
985: ((eq action :action-stop) "stop")
986: ((eq action :action-abort) "abort")
987: ((eq action :action-kill) "kill")
988: ((eq action :action-exit) "exit"))))
989: ; Only proceed if action is not nil
990: (when action
991: (let ((cmd (format "/dev/syd/default/mem:%s" action)))
992: ; Call syd--net with the command
993: (syd--stat cmd)))))
994:
995: (defun syd-default-pid (action)
996: "Set default action for PID sandboxing.
997: ACTION is a constant representing the sandboxing action."
998: (let ((action (cond
999: ((eq action :action-allow) "allow")
1000: ((eq action :action-warn) "warn")
1001: ((eq action :action-filter) "filter")
1002: ((eq action :action-deny) "deny")
1003: ((eq action :action-panic) "panic")
1004: ((eq action :action-stop) "stop")
1005: ((eq action :action-abort) "abort")
1006: ((eq action :action-kill) "kill")
1007: ((eq action :action-exit) "exit"))))
1008: ; Only proceed if action is not nil
1009: (when action
1010: (let ((cmd (format "/dev/syd/default/pid:%s" action)))
1011: ; Call syd--net with the command
1012: (syd--stat cmd)))))
1013:
1014: (defun syd-default-force (action)
1015: "Set default action for Force sandboxing.
1016: ACTION is a constant representing the sandboxing action."
1017: (let ((action (cond
1018: ((eq action :action-allow) "allow")
1019: ((eq action :action-warn) "warn")
1020: ((eq action :action-filter) "filter")
1021: ((eq action :action-deny) "deny")
1022: ((eq action :action-panic) "panic")
1023: ((eq action :action-stop) "stop")
1024: ((eq action :action-abort) "abort")
1025: ((eq action :action-kill) "kill")
1026: ((eq action :action-exit) "exit"))))
1027: ; Only proceed if action is not nil
1028: (when action
1029: (let ((cmd (format "/dev/syd/default/force:%s" action)))
1030: ; Call syd--net with the command
1031: (syd--stat cmd)))))
1032:
1033: (defun syd-default-segvguard (action)
1034: "Set default action for SegvGuard.
1035: ACTION is a constant representing the sandboxing action."
1036: (let ((action (cond
1037: ((eq action :action-allow) "allow")
1038: ((eq action :action-warn) "warn")
1039: ((eq action :action-filter) "filter")
1040: ((eq action :action-deny) "deny")
1041: ((eq action :action-panic) "panic")
1042: ((eq action :action-stop) "stop")
1043: ((eq action :action-abort) "abort")
1044: ((eq action :action-kill) "kill")
1045: ((eq action :action-exit) "exit"))))
1046: ; Only proceed if action is not nil
1047: (when action
1048: (let ((cmd (format "/dev/syd/default/segvguard:%s" action)))
1049: ; Call syd--net with the command
1050: (syd--stat cmd)))))
1051:
1052: (defun syd-default-tpe (action)
1053: "Set default action for TPE sandboxing.
1054: ACTION is a constant representing the sandboxing action."
1055: (let ((action (cond
1056: ((eq action :action-allow) "allow")
1057: ((eq action :action-warn) "warn")
1058: ((eq action :action-filter) "filter")
1059: ((eq action :action-deny) "deny")
1060: ((eq action :action-panic) "panic")
1061: ((eq action :action-stop) "stop")
1062: ((eq action :action-abort) "abort")
1063: ((eq action :action-kill) "kill")
1064: ((eq action :action-exit) "exit"))))
1065: ; Only proceed if action is not nil
1066: (when action
1067: (let ((cmd (format "/dev/syd/default/tpe:%s" action)))
1068: ; Call syd--net with the command
1069: (syd--stat cmd)))))
1070:
1071: (defun syd-ioctl-deny (request)
1072: "Adds a request to the _ioctl_(2) denylist.
1073: REQUEST is the _ioctl_(2) request number to add to the denylist."
1074: (unless (numberp request)
1075: (error "Request must be a number"))
1076: (let ((path (format "/dev/syd/ioctl/deny+%d" request)))
1077: (syd--stat path)))
1078:
1079: (defun syd-walk-add (action glob)
1080: "Adds to the given actionlist of walk sandboxing.
1081: ACTION is a constant representing the sandboxing action.
1082: GLOB is a string representing the glob pattern."
1083: (let ((action (cond
1084: ((eq action :action-allow) "allow")
1085: ((eq action :action-warn) "warn")
1086: ((eq action :action-filter) "filter")
1087: ((eq action :action-deny) "deny")
1088: ((eq action :action-panic) "panic")
1089: ((eq action :action-stop) "stop")
1090: ((eq action :action-abort) "abort")
1091: ((eq action :action-kill) "kill")
1092: ((eq action :action-exit) "exit"))))
1093: ; Only proceed if action is not nil
1094: (when action
1095: ; Create the command string
1096: (let ((cmd (format "%s/walk" action)))
1097: ; Call syd--stat with the command
1098: (syd--stat (syd--rule cmd glob ?+))))))
1099:
1100: (defun syd-walk-del (action glob)
1101: "Removes the first matching entry from the end of the given actionlist
1102: of walk sandboxing.
1103: ACTION is a constant representing the sandboxing action.
1104: GLOB is a string representing the glob pattern."
1105: (let ((action (cond
1106: ((eq action :action-allow) "allow")
1107: ((eq action :action-warn) "warn")
1108: ((eq action :action-filter) "filter")
1109: ((eq action :action-deny) "deny")
1110: ((eq action :action-panic) "panic")
1111: ((eq action :action-stop) "stop")
1112: ((eq action :action-abort) "abort")
1113: ((eq action :action-kill) "kill")
1114: ((eq action :action-exit) "exit"))))
1115: ; Only proceed if action is not nil
1116: (when action
1117: ; Create the command string
1118: (let ((cmd (format "%s/walk" action)))
1119: ; Call syd--stat with the command
1120: (syd--stat (syd--rule cmd glob ?-))))))
1121:
1122: (defun syd-walk-rem (action glob)
1123: "Removes all matching entries from the given actionlist of walk sandboxing.
1124: ACTION is a constant representing the sandboxing action.
1125: GLOB is a string representing the glob pattern."
1126: (let ((action (cond
1127: ((eq action :action-allow) "allow")
1128: ((eq action :action-warn) "warn")
1129: ((eq action :action-filter) "filter")
1130: ((eq action :action-deny) "deny")
1131: ((eq action :action-panic) "panic")
1132: ((eq action :action-stop) "stop")
1133: ((eq action :action-abort) "abort")
1134: ((eq action :action-kill) "kill")
1135: ((eq action :action-exit) "exit"))))
1136: ; Only proceed if action is not nil
1137: (when action
1138: ; Create the command string
1139: (let ((cmd (format "%s/walk" action)))
1140: ; Call syd--stat with the command
1141: (syd--stat (syd--rule cmd glob ?^))))))
1142:
1143: (defun syd-stat-add (action glob)
1144: "Adds to the given actionlist of stat sandboxing.
1145: ACTION is a constant representing the sandboxing action.
1146: GLOB is a string representing the glob pattern."
1147: (let ((action (cond
1148: ((eq action :action-allow) "allow")
1149: ((eq action :action-warn) "warn")
1150: ((eq action :action-filter) "filter")
1151: ((eq action :action-deny) "deny")
1152: ((eq action :action-panic) "panic")
1153: ((eq action :action-stop) "stop")
1154: ((eq action :action-abort) "abort")
1155: ((eq action :action-kill) "kill")
1156: ((eq action :action-exit) "exit"))))
1157: ; Only proceed if action is not nil
1158: (when action
1159: ; Create the command string
1160: (let ((cmd (format "%s/stat" action)))
1161: ; Call syd--stat with the command
1162: (syd--stat (syd--rule cmd glob ?+))))))
1163:
1164: (defun syd-stat-del (action glob)
1165: "Removes the first matching entry from the end of the given actionlist
1166: of stat sandboxing.
1167: ACTION is a constant representing the sandboxing action.
1168: GLOB is a string representing the glob pattern."
1169: (let ((action (cond
1170: ((eq action :action-allow) "allow")
1171: ((eq action :action-warn) "warn")
1172: ((eq action :action-filter) "filter")
1173: ((eq action :action-deny) "deny")
1174: ((eq action :action-panic) "panic")
1175: ((eq action :action-stop) "stop")
1176: ((eq action :action-abort) "abort")
1177: ((eq action :action-kill) "kill")
1178: ((eq action :action-exit) "exit"))))
1179: ; Only proceed if action is not nil
1180: (when action
1181: ; Create the command string
1182: (let ((cmd (format "%s/stat" action)))
1183: ; Call syd--stat with the command
1184: (syd--stat (syd--rule cmd glob ?-))))))
1185:
1186: (defun syd-stat-rem (action glob)
1187: "Removes all matching entries from the given actionlist of stat sandboxing.
1188: ACTION is a constant representing the sandboxing action.
1189: GLOB is a string representing the glob pattern."
1190: (let ((action (cond
1191: ((eq action :action-allow) "allow")
1192: ((eq action :action-warn) "warn")
1193: ((eq action :action-filter) "filter")
1194: ((eq action :action-deny) "deny")
1195: ((eq action :action-panic) "panic")
1196: ((eq action :action-stop) "stop")
1197: ((eq action :action-abort) "abort")
1198: ((eq action :action-kill) "kill")
1199: ((eq action :action-exit) "exit"))))
1200: ; Only proceed if action is not nil
1201: (when action
1202: ; Create the command string
1203: (let ((cmd (format "%s/stat" action)))
1204: ; Call syd--stat with the command
1205: (syd--stat (syd--rule cmd glob ?^))))))
1206:
1207: (defun syd-read-add (action glob)
1208: "Adds to the given actionlist of read sandboxing.
1209: ACTION is a constant representing the sandboxing action.
1210: GLOB is a string representing the glob pattern."
1211: (let ((action (cond
1212: ((eq action :action-allow) "allow")
1213: ((eq action :action-warn) "warn")
1214: ((eq action :action-filter) "filter")
1215: ((eq action :action-deny) "deny")
1216: ((eq action :action-panic) "panic")
1217: ((eq action :action-stop) "stop")
1218: ((eq action :action-abort) "abort")
1219: ((eq action :action-kill) "kill")
1220: ((eq action :action-exit) "exit"))))
1221: ; Only proceed if action is not nil
1222: (when action
1223: ; Create the command string
1224: (let ((cmd (format "%s/read" action)))
1225: ; Call syd--stat with the command
1226: (syd--stat (syd--rule cmd glob ?+))))))
1227:
1228: (defun syd-read-del (action glob)
1229: "Removes the first matching entry from the end of the given actionlist
1230: of read sandboxing.
1231: ACTION is a constant representing the sandboxing action.
1232: GLOB is a string representing the glob pattern."
1233: (let ((action (cond
1234: ((eq action :action-allow) "allow")
1235: ((eq action :action-warn) "warn")
1236: ((eq action :action-filter) "filter")
1237: ((eq action :action-deny) "deny")
1238: ((eq action :action-panic) "panic")
1239: ((eq action :action-stop) "stop")
1240: ((eq action :action-abort) "abort")
1241: ((eq action :action-kill) "kill")
1242: ((eq action :action-exit) "exit"))))
1243: ; Only proceed if action is not nil
1244: (when action
1245: ; Create the command string
1246: (let ((cmd (format "%s/read" action)))
1247: ; Call syd--stat with the command
1248: (syd--stat (syd--rule cmd glob ?-))))))
1249:
1250: (defun syd-read-rem (action glob)
1251: "Removes all matching entries from the given actionlist of read sandboxing.
1252: ACTION is a constant representing the sandboxing action.
1253: GLOB is a string representing the glob pattern."
1254: (let ((action (cond
1255: ((eq action :action-allow) "allow")
1256: ((eq action :action-warn) "warn")
1257: ((eq action :action-filter) "filter")
1258: ((eq action :action-deny) "deny")
1259: ((eq action :action-panic) "panic")
1260: ((eq action :action-stop) "stop")
1261: ((eq action :action-abort) "abort")
1262: ((eq action :action-kill) "kill")
1263: ((eq action :action-exit) "exit"))))
1264: ; Only proceed if action is not nil
1265: (when action
1266: ; Create the command string
1267: (let ((cmd (format "%s/read" action)))
1268: ; Call syd--stat with the command
1269: (syd--stat (syd--rule cmd glob ?^))))))
1270:
1271: (defun syd-write-add (action glob)
1272: "Adds to the given actionlist of write sandboxing.
1273: ACTION is a constant representing the sandboxing action.
1274: GLOB is a string representing the glob pattern."
1275: (let ((action (cond
1276: ((eq action :action-allow) "allow")
1277: ((eq action :action-warn) "warn")
1278: ((eq action :action-filter) "filter")
1279: ((eq action :action-deny) "deny")
1280: ((eq action :action-panic) "panic")
1281: ((eq action :action-stop) "stop")
1282: ((eq action :action-abort) "abort")
1283: ((eq action :action-kill) "kill")
1284: ((eq action :action-exit) "exit"))))
1285: ; Only proceed if action is not nil
1286: (when action
1287: ; Create the command string
1288: (let ((cmd (format "%s/write" action)))
1289: ; Call syd--stat with the command
1290: (syd--stat (syd--rule cmd glob ?+))))))
1291:
1292: (defun syd-write-del (action glob)
1293: "Removes the first matching entry from the end of the given actionlist
1294: of write sandboxing.
1295: ACTION is a constant representing the sandboxing action.
1296: GLOB is a string representing the glob pattern."
1297: (let ((action (cond
1298: ((eq action :action-allow) "allow")
1299: ((eq action :action-warn) "warn")
1300: ((eq action :action-filter) "filter")
1301: ((eq action :action-deny) "deny")
1302: ((eq action :action-panic) "panic")
1303: ((eq action :action-stop) "stop")
1304: ((eq action :action-abort) "abort")
1305: ((eq action :action-kill) "kill")
1306: ((eq action :action-exit) "exit"))))
1307: ; Only proceed if action is not nil
1308: (when action
1309: ; Create the command string
1310: (let ((cmd (format "%s/write" action)))
1311: ; Call syd--stat with the command
1312: (syd--stat (syd--rule cmd glob ?-))))))
1313:
1314: (defun syd-write-rem (action glob)
1315: "Removes all matching entries from the given actionlist of write sandboxing.
1316: ACTION is a constant representing the sandboxing action.
1317: GLOB is a string representing the glob pattern."
1318: (let ((action (cond
1319: ((eq action :action-allow) "allow")
1320: ((eq action :action-warn) "warn")
1321: ((eq action :action-filter) "filter")
1322: ((eq action :action-deny) "deny")
1323: ((eq action :action-panic) "panic")
1324: ((eq action :action-stop) "stop")
1325: ((eq action :action-abort) "abort")
1326: ((eq action :action-kill) "kill")
1327: ((eq action :action-exit) "exit"))))
1328: ; Only proceed if action is not nil
1329: (when action
1330: ; Create the command string
1331: (let ((cmd (format "%s/write" action)))
1332: ; Call syd--stat with the command
1333: (syd--stat (syd--rule cmd glob ?^))))))
1334:
1335: (defun syd-exec-add (action glob)
1336: "Adds to the given actionlist of exec sandboxing.
1337: ACTION is a constant representing the sandboxing action.
1338: GLOB is a string representing the glob pattern."
1339: (let ((action (cond
1340: ((eq action :action-allow) "allow")
1341: ((eq action :action-warn) "warn")
1342: ((eq action :action-filter) "filter")
1343: ((eq action :action-deny) "deny")
1344: ((eq action :action-panic) "panic")
1345: ((eq action :action-stop) "stop")
1346: ((eq action :action-abort) "abort")
1347: ((eq action :action-kill) "kill")
1348: ((eq action :action-exit) "exit"))))
1349: ; Only proceed if action is not nil
1350: (when action
1351: ; Create the command string
1352: (let ((cmd (format "%s/exec" action)))
1353: ; Call syd--stat with the command
1354: (syd--stat (syd--rule cmd glob ?+))))))
1355:
1356: (defun syd-exec-del (action glob)
1357: "Removes the first matching entry from the end of the given actionlist
1358: of exec sandboxing.
1359: ACTION is a constant representing the sandboxing action.
1360: GLOB is a string representing the glob pattern."
1361: (let ((action (cond
1362: ((eq action :action-allow) "allow")
1363: ((eq action :action-warn) "warn")
1364: ((eq action :action-filter) "filter")
1365: ((eq action :action-deny) "deny")
1366: ((eq action :action-panic) "panic")
1367: ((eq action :action-stop) "stop")
1368: ((eq action :action-abort) "abort")
1369: ((eq action :action-kill) "kill")
1370: ((eq action :action-exit) "exit"))))
1371: ; Only proceed if action is not nil
1372: (when action
1373: ; Create the command string
1374: (let ((cmd (format "%s/exec" action)))
1375: ; Call syd--stat with the command
1376: (syd--stat (syd--rule cmd glob ?-))))))
1377:
1378: (defun syd-exec-rem (action glob)
1379: "Removes all matching entries from the given actionlist of exec sandboxing.
1380: ACTION is a constant representing the sandboxing action.
1381: GLOB is a string representing the glob pattern."
1382: (let ((action (cond
1383: ((eq action :action-allow) "allow")
1384: ((eq action :action-warn) "warn")
1385: ((eq action :action-filter) "filter")
1386: ((eq action :action-deny) "deny")
1387: ((eq action :action-panic) "panic")
1388: ((eq action :action-stop) "stop")
1389: ((eq action :action-abort) "abort")
1390: ((eq action :action-kill) "kill")
1391: ((eq action :action-exit) "exit"))))
1392: ; Only proceed if action is not nil
1393: (when action
1394: ; Create the command string
1395: (let ((cmd (format "%s/exec" action)))
1396: ; Call syd--stat with the command
1397: (syd--stat (syd--rule cmd glob ?^))))))
1398:
1399: (defun syd-ioctl-add (action glob)
1400: "Adds to the given actionlist of ioctl sandboxing.
1401: ACTION is a constant representing the sandboxing action.
1402: GLOB is a string representing the glob pattern."
1403: (let ((action (cond
1404: ((eq action :action-allow) "allow")
1405: ((eq action :action-warn) "warn")
1406: ((eq action :action-filter) "filter")
1407: ((eq action :action-deny) "deny")
1408: ((eq action :action-panic) "panic")
1409: ((eq action :action-stop) "stop")
1410: ((eq action :action-abort) "abort")
1411: ((eq action :action-kill) "kill")
1412: ((eq action :action-exit) "exit"))))
1413: ; Only proceed if action is not nil
1414: (when action
1415: ; Create the command string
1416: (let ((cmd (format "%s/ioctl" action)))
1417: ; Call syd--stat with the command
1418: (syd--stat (syd--rule cmd glob ?+))))))
1419:
1420: (defun syd-ioctl-del (action glob)
1421: "Removes the first matching entry from the end of the given actionlist
1422: of ioctl sandboxing.
1423: ACTION is a constant representing the sandboxing action.
1424: GLOB is a string representing the glob pattern."
1425: (let ((action (cond
1426: ((eq action :action-allow) "allow")
1427: ((eq action :action-warn) "warn")
1428: ((eq action :action-filter) "filter")
1429: ((eq action :action-deny) "deny")
1430: ((eq action :action-panic) "panic")
1431: ((eq action :action-stop) "stop")
1432: ((eq action :action-abort) "abort")
1433: ((eq action :action-kill) "kill")
1434: ((eq action :action-exit) "exit"))))
1435: ; Only proceed if action is not nil
1436: (when action
1437: ; Create the command string
1438: (let ((cmd (format "%s/ioctl" action)))
1439: ; Call syd--stat with the command
1440: (syd--stat (syd--rule cmd glob ?-))))))
1441:
1442: (defun syd-ioctl-rem (action glob)
1443: "Removes all matching entries from the given actionlist of ioctl sandboxing.
1444: ACTION is a constant representing the sandboxing action.
1445: GLOB is a string representing the glob pattern."
1446: (let ((action (cond
1447: ((eq action :action-allow) "allow")
1448: ((eq action :action-warn) "warn")
1449: ((eq action :action-filter) "filter")
1450: ((eq action :action-deny) "deny")
1451: ((eq action :action-panic) "panic")
1452: ((eq action :action-stop) "stop")
1453: ((eq action :action-abort) "abort")
1454: ((eq action :action-kill) "kill")
1455: ((eq action :action-exit) "exit"))))
1456: ; Only proceed if action is not nil
1457: (when action
1458: ; Create the command string
1459: (let ((cmd (format "%s/ioctl" action)))
1460: ; Call syd--stat with the command
1461: (syd--stat (syd--rule cmd glob ?^))))))
1462:
1463: (defun syd-create-add (action glob)
1464: "Adds to the given actionlist of create sandboxing.
1465: ACTION is a constant representing the sandboxing action.
1466: GLOB is a string representing the glob pattern."
1467: (let ((action (cond
1468: ((eq action :action-allow) "allow")
1469: ((eq action :action-warn) "warn")
1470: ((eq action :action-filter) "filter")
1471: ((eq action :action-deny) "deny")
1472: ((eq action :action-panic) "panic")
1473: ((eq action :action-stop) "stop")
1474: ((eq action :action-abort) "abort")
1475: ((eq action :action-kill) "kill")
1476: ((eq action :action-exit) "exit"))))
1477: ; Only proceed if action is not nil
1478: (when action
1479: ; Create the command string
1480: (let ((cmd (format "%s/create" action)))
1481: ; Call syd--stat with the command
1482: (syd--stat (syd--rule cmd glob ?+))))))
1483:
1484: (defun syd-create-del (action glob)
1485: "Removes the first matching entry from the end of the given actionlist
1486: of create sandboxing.
1487: ACTION is a constant representing the sandboxing action.
1488: GLOB is a string representing the glob pattern."
1489: (let ((action (cond
1490: ((eq action :action-allow) "allow")
1491: ((eq action :action-warn) "warn")
1492: ((eq action :action-filter) "filter")
1493: ((eq action :action-deny) "deny")
1494: ((eq action :action-panic) "panic")
1495: ((eq action :action-stop) "stop")
1496: ((eq action :action-abort) "abort")
1497: ((eq action :action-kill) "kill")
1498: ((eq action :action-exit) "exit"))))
1499: ; Only proceed if action is not nil
1500: (when action
1501: ; Create the command string
1502: (let ((cmd (format "%s/create" action)))
1503: ; Call syd--stat with the command
1504: (syd--stat (syd--rule cmd glob ?-))))))
1505:
1506: (defun syd-create-rem (action glob)
1507: "Removes all matching entries from the given actionlist of create sandboxing.
1508: ACTION is a constant representing the sandboxing action.
1509: GLOB is a string representing the glob pattern."
1510: (let ((action (cond
1511: ((eq action :action-allow) "allow")
1512: ((eq action :action-warn) "warn")
1513: ((eq action :action-filter) "filter")
1514: ((eq action :action-deny) "deny")
1515: ((eq action :action-panic) "panic")
1516: ((eq action :action-stop) "stop")
1517: ((eq action :action-abort) "abort")
1518: ((eq action :action-kill) "kill")
1519: ((eq action :action-exit) "exit"))))
1520: ; Only proceed if action is not nil
1521: (when action
1522: ; Create the command string
1523: (let ((cmd (format "%s/create" action)))
1524: ; Call syd--stat with the command
1525: (syd--stat (syd--rule cmd glob ?^))))))
1526:
1527: (defun syd-delete-add (action glob)
1528: "Adds to the given actionlist of delete sandboxing.
1529: ACTION is a constant representing the sandboxing action.
1530: GLOB is a string representing the glob pattern."
1531: (let ((action (cond
1532: ((eq action :action-allow) "allow")
1533: ((eq action :action-warn) "warn")
1534: ((eq action :action-filter) "filter")
1535: ((eq action :action-deny) "deny")
1536: ((eq action :action-panic) "panic")
1537: ((eq action :action-stop) "stop")
1538: ((eq action :action-abort) "abort")
1539: ((eq action :action-kill) "kill")
1540: ((eq action :action-exit) "exit"))))
1541: ; Only proceed if action is not nil
1542: (when action
1543: ; delete the command string
1544: (let ((cmd (format "%s/delete" action)))
1545: ; Call syd--stat with the command
1546: (syd--stat (syd--rule cmd glob ?+))))))
1547:
1548: (defun syd-delete-del (action glob)
1549: "Removes the first matching entry from the end of the given actionlist
1550: of delete sandboxing.
1551: ACTION is a constant representing the sandboxing action.
1552: GLOB is a string representing the glob pattern."
1553: (let ((action (cond
1554: ((eq action :action-allow) "allow")
1555: ((eq action :action-warn) "warn")
1556: ((eq action :action-filter) "filter")
1557: ((eq action :action-deny) "deny")
1558: ((eq action :action-panic) "panic")
1559: ((eq action :action-stop) "stop")
1560: ((eq action :action-abort) "abort")
1561: ((eq action :action-kill) "kill")
1562: ((eq action :action-exit) "exit"))))
1563: ; Only proceed if action is not nil
1564: (when action
1565: ; delete the command string
1566: (let ((cmd (format "%s/delete" action)))
1567: ; Call syd--stat with the command
1568: (syd--stat (syd--rule cmd glob ?-))))))
1569:
1570: (defun syd-delete-rem (action glob)
1571: "Removes all matching entries from the given actionlist of delete sandboxing.
1572: ACTION is a constant representing the sandboxing action.
1573: GLOB is a string representing the glob pattern."
1574: (let ((action (cond
1575: ((eq action :action-allow) "allow")
1576: ((eq action :action-warn) "warn")
1577: ((eq action :action-filter) "filter")
1578: ((eq action :action-deny) "deny")
1579: ((eq action :action-panic) "panic")
1580: ((eq action :action-stop) "stop")
1581: ((eq action :action-abort) "abort")
1582: ((eq action :action-kill) "kill")
1583: ((eq action :action-exit) "exit"))))
1584: ; Only proceed if action is not nil
1585: (when action
1586: ; delete the command string
1587: (let ((cmd (format "%s/delete" action)))
1588: ; Call syd--stat with the command
1589: (syd--stat (syd--rule cmd glob ?^))))))
1590:
1591: (defun syd-rename-add (action glob)
1592: "Adds to the given actionlist of rename sandboxing.
1593: ACTION is a constant representing the sandboxing action.
1594: GLOB is a string representing the glob pattern."
1595: (let ((action (cond
1596: ((eq action :action-allow) "allow")
1597: ((eq action :action-warn) "warn")
1598: ((eq action :action-filter) "filter")
1599: ((eq action :action-deny) "deny")
1600: ((eq action :action-panic) "panic")
1601: ((eq action :action-stop) "stop")
1602: ((eq action :action-abort) "abort")
1603: ((eq action :action-kill) "kill")
1604: ((eq action :action-exit) "exit"))))
1605: ; Only proceed if action is not nil
1606: (when action
1607: ; rename the command string
1608: (let ((cmd (format "%s/rename" action)))
1609: ; Call syd--stat with the command
1610: (syd--stat (syd--rule cmd glob ?+))))))
1611:
1612: (defun syd-rename-del (action glob)
1613: "Removes the first matching entry from the end of the given actionlist
1614: of rename sandboxing.
1615: ACTION is a constant representing the sandboxing action.
1616: GLOB is a string representing the glob pattern."
1617: (let ((action (cond
1618: ((eq action :action-allow) "allow")
1619: ((eq action :action-warn) "warn")
1620: ((eq action :action-filter) "filter")
1621: ((eq action :action-deny) "deny")
1622: ((eq action :action-panic) "panic")
1623: ((eq action :action-stop) "stop")
1624: ((eq action :action-abort) "abort")
1625: ((eq action :action-kill) "kill")
1626: ((eq action :action-exit) "exit"))))
1627: ; Only proceed if action is not nil
1628: (when action
1629: ; rename the command string
1630: (let ((cmd (format "%s/rename" action)))
1631: ; Call syd--stat with the command
1632: (syd--stat (syd--rule cmd glob ?-))))))
1633:
1634: (defun syd-rename-rem (action glob)
1635: "Removes all matching entries from the given actionlist of rename sandboxing.
1636: ACTION is a constant representing the sandboxing action.
1637: GLOB is a string representing the glob pattern."
1638: (let ((action (cond
1639: ((eq action :action-allow) "allow")
1640: ((eq action :action-warn) "warn")
1641: ((eq action :action-filter) "filter")
1642: ((eq action :action-deny) "deny")
1643: ((eq action :action-panic) "panic")
1644: ((eq action :action-stop) "stop")
1645: ((eq action :action-abort) "abort")
1646: ((eq action :action-kill) "kill")
1647: ((eq action :action-exit) "exit"))))
1648: ; Only proceed if action is not nil
1649: (when action
1650: ; rename the command string
1651: (let ((cmd (format "%s/rename" action)))
1652: ; Call syd--stat with the command
1653: (syd--stat (syd--rule cmd glob ?^))))))
1654:
1655: (defun syd-symlink-add (action glob)
1656: "Adds to the given actionlist of symlink sandboxing.
1657: ACTION is a constant representing the sandboxing action.
1658: GLOB is a string representing the glob pattern."
1659: (let ((action (cond
1660: ((eq action :action-allow) "allow")
1661: ((eq action :action-warn) "warn")
1662: ((eq action :action-filter) "filter")
1663: ((eq action :action-deny) "deny")
1664: ((eq action :action-panic) "panic")
1665: ((eq action :action-stop) "stop")
1666: ((eq action :action-abort) "abort")
1667: ((eq action :action-kill) "kill")
1668: ((eq action :action-exit) "exit"))))
1669: ; Only proceed if action is not nil
1670: (when action
1671: ; symlink the command string
1672: (let ((cmd (format "%s/symlink" action)))
1673: ; Call syd--stat with the command
1674: (syd--stat (syd--rule cmd glob ?+))))))
1675:
1676: (defun syd-symlink-del (action glob)
1677: "Removes the first matching entry from the end of the given actionlist
1678: of symlink sandboxing.
1679: ACTION is a constant representing the sandboxing action.
1680: GLOB is a string representing the glob pattern."
1681: (let ((action (cond
1682: ((eq action :action-allow) "allow")
1683: ((eq action :action-warn) "warn")
1684: ((eq action :action-filter) "filter")
1685: ((eq action :action-deny) "deny")
1686: ((eq action :action-panic) "panic")
1687: ((eq action :action-stop) "stop")
1688: ((eq action :action-abort) "abort")
1689: ((eq action :action-kill) "kill")
1690: ((eq action :action-exit) "exit"))))
1691: ; Only proceed if action is not nil
1692: (when action
1693: ; symlink the command string
1694: (let ((cmd (format "%s/symlink" action)))
1695: ; Call syd--stat with the command
1696: (syd--stat (syd--rule cmd glob ?-))))))
1697:
1698: (defun syd-symlink-rem (action glob)
1699: "Removes all matching entries from the given actionlist of symlink sandboxing.
1700: ACTION is a constant representing the sandboxing action.
1701: GLOB is a string representing the glob pattern."
1702: (let ((action (cond
1703: ((eq action :action-allow) "allow")
1704: ((eq action :action-warn) "warn")
1705: ((eq action :action-filter) "filter")
1706: ((eq action :action-deny) "deny")
1707: ((eq action :action-panic) "panic")
1708: ((eq action :action-stop) "stop")
1709: ((eq action :action-abort) "abort")
1710: ((eq action :action-kill) "kill")
1711: ((eq action :action-exit) "exit"))))
1712: ; Only proceed if action is not nil
1713: (when action
1714: ; symlink the command string
1715: (let ((cmd (format "%s/symlink" action)))
1716: ; Call syd--stat with the command
1717: (syd--stat (syd--rule cmd glob ?^))))))
1718:
1719: (defun syd-truncate-add (action glob)
1720: "Adds to the given actionlist of truncate sandboxing.
1721: ACTION is a constant representing the sandboxing action.
1722: GLOB is a string representing the glob pattern."
1723: (let ((action (cond
1724: ((eq action :action-allow) "allow")
1725: ((eq action :action-warn) "warn")
1726: ((eq action :action-filter) "filter")
1727: ((eq action :action-deny) "deny")
1728: ((eq action :action-panic) "panic")
1729: ((eq action :action-stop) "stop")
1730: ((eq action :action-abort) "abort")
1731: ((eq action :action-kill) "kill")
1732: ((eq action :action-exit) "exit"))))
1733: ; Only proceed if action is not nil
1734: (when action
1735: ; truncate the command string
1736: (let ((cmd (format "%s/truncate" action)))
1737: ; Call syd--stat with the command
1738: (syd--stat (syd--rule cmd glob ?+))))))
1739:
1740: (defun syd-truncate-del (action glob)
1741: "Removes the first matching entry from the end of the given actionlist
1742: of truncate sandboxing.
1743: ACTION is a constant representing the sandboxing action.
1744: GLOB is a string representing the glob pattern."
1745: (let ((action (cond
1746: ((eq action :action-allow) "allow")
1747: ((eq action :action-warn) "warn")
1748: ((eq action :action-filter) "filter")
1749: ((eq action :action-deny) "deny")
1750: ((eq action :action-panic) "panic")
1751: ((eq action :action-stop) "stop")
1752: ((eq action :action-abort) "abort")
1753: ((eq action :action-kill) "kill")
1754: ((eq action :action-exit) "exit"))))
1755: ; Only proceed if action is not nil
1756: (when action
1757: ; truncate the command string
1758: (let ((cmd (format "%s/truncate" action)))
1759: ; Call syd--stat with the command
1760: (syd--stat (syd--rule cmd glob ?-))))))
1761:
1762: (defun syd-truncate-rem (action glob)
1763: "Removes all matching entries from the given actionlist of truncate sandboxing.
1764: ACTION is a constant representing the sandboxing action.
1765: GLOB is a string representing the glob pattern."
1766: (let ((action (cond
1767: ((eq action :action-allow) "allow")
1768: ((eq action :action-warn) "warn")
1769: ((eq action :action-filter) "filter")
1770: ((eq action :action-deny) "deny")
1771: ((eq action :action-panic) "panic")
1772: ((eq action :action-stop) "stop")
1773: ((eq action :action-abort) "abort")
1774: ((eq action :action-kill) "kill")
1775: ((eq action :action-exit) "exit"))))
1776: ; Only proceed if action is not nil
1777: (when action
1778: ; truncate the command string
1779: (let ((cmd (format "%s/truncate" action)))
1780: ; Call syd--stat with the command
1781: (syd--stat (syd--rule cmd glob ?^))))))
1782:
1783: (defun syd-chdir-add (action glob)
1784: "Adds to the given actionlist of chdir sandboxing.
1785: ACTION is a constant representing the sandboxing action.
1786: GLOB is a string representing the glob pattern."
1787: (let ((action (cond
1788: ((eq action :action-allow) "allow")
1789: ((eq action :action-warn) "warn")
1790: ((eq action :action-filter) "filter")
1791: ((eq action :action-deny) "deny")
1792: ((eq action :action-panic) "panic")
1793: ((eq action :action-stop) "stop")
1794: ((eq action :action-abort) "abort")
1795: ((eq action :action-kill) "kill")
1796: ((eq action :action-exit) "exit"))))
1797: ; Only proceed if action is not nil
1798: (when action
1799: ; chdir the command string
1800: (let ((cmd (format "%s/chdir" action)))
1801: ; Call syd--stat with the command
1802: (syd--stat (syd--rule cmd glob ?+))))))
1803:
1804: (defun syd-chdir-del (action glob)
1805: "Removes the first matching entry from the end of the given actionlist
1806: of chdir sandboxing.
1807: ACTION is a constant representing the sandboxing action.
1808: GLOB is a string representing the glob pattern."
1809: (let ((action (cond
1810: ((eq action :action-allow) "allow")
1811: ((eq action :action-warn) "warn")
1812: ((eq action :action-filter) "filter")
1813: ((eq action :action-deny) "deny")
1814: ((eq action :action-panic) "panic")
1815: ((eq action :action-stop) "stop")
1816: ((eq action :action-abort) "abort")
1817: ((eq action :action-kill) "kill")
1818: ((eq action :action-exit) "exit"))))
1819: ; Only proceed if action is not nil
1820: (when action
1821: ; chdir the command string
1822: (let ((cmd (format "%s/chdir" action)))
1823: ; Call syd--stat with the command
1824: (syd--stat (syd--rule cmd glob ?-))))))
1825:
1826: (defun syd-chdir-rem (action glob)
1827: "Removes all matching entries from the given actionlist of chdir sandboxing.
1828: ACTION is a constant representing the sandboxing action.
1829: GLOB is a string representing the glob pattern."
1830: (let ((action (cond
1831: ((eq action :action-allow) "allow")
1832: ((eq action :action-warn) "warn")
1833: ((eq action :action-filter) "filter")
1834: ((eq action :action-deny) "deny")
1835: ((eq action :action-panic) "panic")
1836: ((eq action :action-stop) "stop")
1837: ((eq action :action-abort) "abort")
1838: ((eq action :action-kill) "kill")
1839: ((eq action :action-exit) "exit"))))
1840: ; Only proceed if action is not nil
1841: (when action
1842: ; chdir the command string
1843: (let ((cmd (format "%s/chdir" action)))
1844: ; Call syd--stat with the command
1845: (syd--stat (syd--rule cmd glob ?^))))))
1846:
1847: (defun syd-readdir-add (action glob)
1848: "Adds to the given actionlist of readdir sandboxing.
1849: ACTION is a constant representing the sandboxing action.
1850: GLOB is a string representing the glob pattern."
1851: (let ((action (cond
1852: ((eq action :action-allow) "allow")
1853: ((eq action :action-warn) "warn")
1854: ((eq action :action-filter) "filter")
1855: ((eq action :action-deny) "deny")
1856: ((eq action :action-panic) "panic")
1857: ((eq action :action-stop) "stop")
1858: ((eq action :action-abort) "abort")
1859: ((eq action :action-kill) "kill")
1860: ((eq action :action-exit) "exit"))))
1861: ; Only proceed if action is not nil
1862: (when action
1863: ; readdir the command string
1864: (let ((cmd (format "%s/readdir" action)))
1865: ; Call syd--stat with the command
1866: (syd--stat (syd--rule cmd glob ?+))))))
1867:
1868: (defun syd-readdir-del (action glob)
1869: "Removes the first matching entry from the end of the given actionlist
1870: of readdir sandboxing.
1871: ACTION is a constant representing the sandboxing action.
1872: GLOB is a string representing the glob pattern."
1873: (let ((action (cond
1874: ((eq action :action-allow) "allow")
1875: ((eq action :action-warn) "warn")
1876: ((eq action :action-filter) "filter")
1877: ((eq action :action-deny) "deny")
1878: ((eq action :action-panic) "panic")
1879: ((eq action :action-stop) "stop")
1880: ((eq action :action-abort) "abort")
1881: ((eq action :action-kill) "kill")
1882: ((eq action :action-exit) "exit"))))
1883: ; Only proceed if action is not nil
1884: (when action
1885: ; readdir the command string
1886: (let ((cmd (format "%s/readdir" action)))
1887: ; Call syd--stat with the command
1888: (syd--stat (syd--rule cmd glob ?-))))))
1889:
1890: (defun syd-readdir-rem (action glob)
1891: "Removes all matching entries from the given actionlist of readdir sandboxing.
1892: ACTION is a constant representing the sandboxing action.
1893: GLOB is a string representing the glob pattern."
1894: (let ((action (cond
1895: ((eq action :action-allow) "allow")
1896: ((eq action :action-warn) "warn")
1897: ((eq action :action-filter) "filter")
1898: ((eq action :action-deny) "deny")
1899: ((eq action :action-panic) "panic")
1900: ((eq action :action-stop) "stop")
1901: ((eq action :action-abort) "abort")
1902: ((eq action :action-kill) "kill")
1903: ((eq action :action-exit) "exit"))))
1904: ; Only proceed if action is not nil
1905: (when action
1906: ; readdir the command string
1907: (let ((cmd (format "%s/readdir" action)))
1908: ; Call syd--stat with the command
1909: (syd--stat (syd--rule cmd glob ?^))))))
1910:
1911: (defun syd-readdir-add (action glob)
1912: "Adds to the given actionlist of readdir sandboxing.
1913: ACTION is a constant representing the sandboxing action.
1914: GLOB is a string representing the glob pattern."
1915: (let ((action (cond
1916: ((eq action :action-allow) "allow")
1917: ((eq action :action-warn) "warn")
1918: ((eq action :action-filter) "filter")
1919: ((eq action :action-deny) "deny")
1920: ((eq action :action-panic) "panic")
1921: ((eq action :action-stop) "stop")
1922: ((eq action :action-abort) "abort")
1923: ((eq action :action-kill) "kill")
1924: ((eq action :action-exit) "exit"))))
1925: ; Only proceed if action is not nil
1926: (when action
1927: ; readdir the command string
1928: (let ((cmd (format "%s/readdir" action)))
1929: ; Call syd--stat with the command
1930: (syd--stat (syd--rule cmd glob ?+))))))
1931:
1932: (defun syd-readdir-del (action glob)
1933: "Removes the first matching entry from the end of the given actionlist
1934: of readdir sandboxing.
1935: ACTION is a constant representing the sandboxing action.
1936: GLOB is a string representing the glob pattern."
1937: (let ((action (cond
1938: ((eq action :action-allow) "allow")
1939: ((eq action :action-warn) "warn")
1940: ((eq action :action-filter) "filter")
1941: ((eq action :action-deny) "deny")
1942: ((eq action :action-panic) "panic")
1943: ((eq action :action-stop) "stop")
1944: ((eq action :action-abort) "abort")
1945: ((eq action :action-kill) "kill")
1946: ((eq action :action-exit) "exit"))))
1947: ; Only proceed if action is not nil
1948: (when action
1949: ; readdir the command string
1950: (let ((cmd (format "%s/readdir" action)))
1951: ; Call syd--stat with the command
1952: (syd--stat (syd--rule cmd glob ?-))))))
1953:
1954: (defun syd-readdir-rem (action glob)
1955: "Removes all matching entries from the given actionlist of readdir sandboxing.
1956: ACTION is a constant representing the sandboxing action.
1957: GLOB is a string representing the glob pattern."
1958: (let ((action (cond
1959: ((eq action :action-allow) "allow")
1960: ((eq action :action-warn) "warn")
1961: ((eq action :action-filter) "filter")
1962: ((eq action :action-deny) "deny")
1963: ((eq action :action-panic) "panic")
1964: ((eq action :action-stop) "stop")
1965: ((eq action :action-abort) "abort")
1966: ((eq action :action-kill) "kill")
1967: ((eq action :action-exit) "exit"))))
1968: ; Only proceed if action is not nil
1969: (when action
1970: ; readdir the command string
1971: (let ((cmd (format "%s/readdir" action)))
1972: ; Call syd--stat with the command
1973: (syd--stat (syd--rule cmd glob ?^))))))
1974:
1975: (defun syd-mkdir-add (action glob)
1976: "Adds to the given actionlist of mkdir sandboxing.
1977: ACTION is a constant representing the sandboxing action.
1978: GLOB is a string representing the glob pattern."
1979: (let ((action (cond
1980: ((eq action :action-allow) "allow")
1981: ((eq action :action-warn) "warn")
1982: ((eq action :action-filter) "filter")
1983: ((eq action :action-deny) "deny")
1984: ((eq action :action-panic) "panic")
1985: ((eq action :action-stop) "stop")
1986: ((eq action :action-abort) "abort")
1987: ((eq action :action-kill) "kill")
1988: ((eq action :action-exit) "exit"))))
1989: ; Only proceed if action is not nil
1990: (when action
1991: ; mkdir the command string
1992: (let ((cmd (format "%s/mkdir" action)))
1993: ; Call syd--stat with the command
1994: (syd--stat (syd--rule cmd glob ?+))))))
1995:
1996: (defun syd-mkdir-del (action glob)
1997: "Removes the first matching entry from the end of the given actionlist
1998: of mkdir sandboxing.
1999: ACTION is a constant representing the sandboxing action.
2000: GLOB is a string representing the glob pattern."
2001: (let ((action (cond
2002: ((eq action :action-allow) "allow")
2003: ((eq action :action-warn) "warn")
2004: ((eq action :action-filter) "filter")
2005: ((eq action :action-deny) "deny")
2006: ((eq action :action-panic) "panic")
2007: ((eq action :action-stop) "stop")
2008: ((eq action :action-abort) "abort")
2009: ((eq action :action-kill) "kill")
2010: ((eq action :action-exit) "exit"))))
2011: ; Only proceed if action is not nil
2012: (when action
2013: ; mkdir the command string
2014: (let ((cmd (format "%s/mkdir" action)))
2015: ; Call syd--stat with the command
2016: (syd--stat (syd--rule cmd glob ?-))))))
2017:
2018: (defun syd-mkdir-rem (action glob)
2019: "Removes all matching entries from the given actionlist of mkdir sandboxing.
2020: ACTION is a constant representing the sandboxing action.
2021: GLOB is a string representing the glob pattern."
2022: (let ((action (cond
2023: ((eq action :action-allow) "allow")
2024: ((eq action :action-warn) "warn")
2025: ((eq action :action-filter) "filter")
2026: ((eq action :action-deny) "deny")
2027: ((eq action :action-panic) "panic")
2028: ((eq action :action-stop) "stop")
2029: ((eq action :action-abort) "abort")
2030: ((eq action :action-kill) "kill")
2031: ((eq action :action-exit) "exit"))))
2032: ; Only proceed if action is not nil
2033: (when action
2034: ; mkdir the command string
2035: (let ((cmd (format "%s/mkdir" action)))
2036: ; Call syd--stat with the command
2037: (syd--stat (syd--rule cmd glob ?^))))))
2038:
2039: (defun syd-rmdir-add (action glob)
2040: "Adds to the given actionlist of rmdir sandboxing.
2041: ACTION is a constant representing the sandboxing action.
2042: GLOB is a string representing the glob pattern."
2043: (let ((action (cond
2044: ((eq action :action-allow) "allow")
2045: ((eq action :action-warn) "warn")
2046: ((eq action :action-filter) "filter")
2047: ((eq action :action-deny) "deny")
2048: ((eq action :action-panic) "panic")
2049: ((eq action :action-stop) "stop")
2050: ((eq action :action-abort) "abort")
2051: ((eq action :action-kill) "kill")
2052: ((eq action :action-exit) "exit"))))
2053: ; Only proceed if action is not nil
2054: (when action
2055: ; rmdir the command string
2056: (let ((cmd (format "%s/rmdir" action)))
2057: ; Call syd--stat with the command
2058: (syd--stat (syd--rule cmd glob ?+))))))
2059:
2060: (defun syd-rmdir-del (action glob)
2061: "Removes the first matching entry from the end of the given actionlist
2062: of rmdir sandboxing.
2063: ACTION is a constant representing the sandboxing action.
2064: GLOB is a string representing the glob pattern."
2065: (let ((action (cond
2066: ((eq action :action-allow) "allow")
2067: ((eq action :action-warn) "warn")
2068: ((eq action :action-filter) "filter")
2069: ((eq action :action-deny) "deny")
2070: ((eq action :action-panic) "panic")
2071: ((eq action :action-stop) "stop")
2072: ((eq action :action-abort) "abort")
2073: ((eq action :action-kill) "kill")
2074: ((eq action :action-exit) "exit"))))
2075: ; Only proceed if action is not nil
2076: (when action
2077: ; rmdir the command string
2078: (let ((cmd (format "%s/rmdir" action)))
2079: ; Call syd--stat with the command
2080: (syd--stat (syd--rule cmd glob ?-))))))
2081:
2082: (defun syd-rmdir-rem (action glob)
2083: "Removes all matching entries from the given actionlist of rmdir sandboxing.
2084: ACTION is a constant representing the sandboxing action.
2085: GLOB is a string representing the glob pattern."
2086: (let ((action (cond
2087: ((eq action :action-allow) "allow")
2088: ((eq action :action-warn) "warn")
2089: ((eq action :action-filter) "filter")
2090: ((eq action :action-deny) "deny")
2091: ((eq action :action-panic) "panic")
2092: ((eq action :action-stop) "stop")
2093: ((eq action :action-abort) "abort")
2094: ((eq action :action-kill) "kill")
2095: ((eq action :action-exit) "exit"))))
2096: ; Only proceed if action is not nil
2097: (when action
2098: ; rmdir the command string
2099: (let ((cmd (format "%s/rmdir" action)))
2100: ; Call syd--stat with the command
2101: (syd--stat (syd--rule cmd glob ?^))))))
2102:
2103: (defun syd-chown-add (action glob)
2104: "Adds to the given actionlist of chown sandboxing.
2105: ACTION is a constant representing the sandboxing action.
2106: GLOB is a string representing the glob pattern."
2107: (let ((action (cond
2108: ((eq action :action-allow) "allow")
2109: ((eq action :action-warn) "warn")
2110: ((eq action :action-filter) "filter")
2111: ((eq action :action-deny) "deny")
2112: ((eq action :action-panic) "panic")
2113: ((eq action :action-stop) "stop")
2114: ((eq action :action-abort) "abort")
2115: ((eq action :action-kill) "kill")
2116: ((eq action :action-exit) "exit"))))
2117: ; Only proceed if action is not nil
2118: (when action
2119: ; Create the command string
2120: (let ((cmd (format "%s/chown" action)))
2121: ; Call syd--stat with the command
2122: (syd--stat (syd--rule cmd glob ?+))))))
2123:
2124: (defun syd-chown-del (action glob)
2125: "Removes the first matching entry from the end of the given actionlist
2126: of chown sandboxing.
2127: ACTION is a constant representing the sandboxing action.
2128: GLOB is a string representing the glob pattern."
2129: (let ((action (cond
2130: ((eq action :action-allow) "allow")
2131: ((eq action :action-warn) "warn")
2132: ((eq action :action-filter) "filter")
2133: ((eq action :action-deny) "deny")
2134: ((eq action :action-panic) "panic")
2135: ((eq action :action-stop) "stop")
2136: ((eq action :action-abort) "abort")
2137: ((eq action :action-kill) "kill")
2138: ((eq action :action-exit) "exit"))))
2139: ; Only proceed if action is not nil
2140: (when action
2141: ; Create the command string
2142: (let ((cmd (format "%s/chown" action)))
2143: ; Call syd--stat with the command
2144: (syd--stat (syd--rule cmd glob ?-))))))
2145:
2146: (defun syd-chown-rem (action glob)
2147: "Removes all matching entries from the given actionlist of chown sandboxing.
2148: ACTION is a constant representing the sandboxing action.
2149: GLOB is a string representing the glob pattern."
2150: (let ((action (cond
2151: ((eq action :action-allow) "allow")
2152: ((eq action :action-warn) "warn")
2153: ((eq action :action-filter) "filter")
2154: ((eq action :action-deny) "deny")
2155: ((eq action :action-panic) "panic")
2156: ((eq action :action-stop) "stop")
2157: ((eq action :action-abort) "abort")
2158: ((eq action :action-kill) "kill")
2159: ((eq action :action-exit) "exit"))))
2160: ; Only proceed if action is not nil
2161: (when action
2162: ; Create the command string
2163: (let ((cmd (format "%s/chown" action)))
2164: ; Call syd--stat with the command
2165: (syd--stat (syd--rule cmd glob ?^))))))
2166:
2167: (defun syd-chgrp-add (action glob)
2168: "Adds to the given actionlist of chgrp sandboxing.
2169: ACTION is a constant representing the sandboxing action.
2170: GLOB is a string representing the glob pattern."
2171: (let ((action (cond
2172: ((eq action :action-allow) "allow")
2173: ((eq action :action-warn) "warn")
2174: ((eq action :action-filter) "filter")
2175: ((eq action :action-deny) "deny")
2176: ((eq action :action-panic) "panic")
2177: ((eq action :action-stop) "stop")
2178: ((eq action :action-abort) "abort")
2179: ((eq action :action-kill) "kill")
2180: ((eq action :action-exit) "exit"))))
2181: ; Only proceed if action is not nil
2182: (when action
2183: ; Create the command string
2184: (let ((cmd (format "%s/chgrp" action)))
2185: ; Call syd--stat with the command
2186: (syd--stat (syd--rule cmd glob ?+))))))
2187:
2188: (defun syd-chgrp-del (action glob)
2189: "Removes the first matching entry from the end of the given actionlist
2190: of chgrp sandboxing.
2191: ACTION is a constant representing the sandboxing action.
2192: GLOB is a string representing the glob pattern."
2193: (let ((action (cond
2194: ((eq action :action-allow) "allow")
2195: ((eq action :action-warn) "warn")
2196: ((eq action :action-filter) "filter")
2197: ((eq action :action-deny) "deny")
2198: ((eq action :action-panic) "panic")
2199: ((eq action :action-stop) "stop")
2200: ((eq action :action-abort) "abort")
2201: ((eq action :action-kill) "kill")
2202: ((eq action :action-exit) "exit"))))
2203: ; Only proceed if action is not nil
2204: (when action
2205: ; Create the command string
2206: (let ((cmd (format "%s/chgrp" action)))
2207: ; Call syd--stat with the command
2208: (syd--stat (syd--rule cmd glob ?-))))))
2209:
2210: (defun syd-chgrp-rem (action glob)
2211: "Removes all matching entries from the given actionlist of chgrp sandboxing.
2212: ACTION is a constant representing the sandboxing action.
2213: GLOB is a string representing the glob pattern."
2214: (let ((action (cond
2215: ((eq action :action-allow) "allow")
2216: ((eq action :action-warn) "warn")
2217: ((eq action :action-filter) "filter")
2218: ((eq action :action-deny) "deny")
2219: ((eq action :action-panic) "panic")
2220: ((eq action :action-stop) "stop")
2221: ((eq action :action-abort) "abort")
2222: ((eq action :action-kill) "kill")
2223: ((eq action :action-exit) "exit"))))
2224: ; Only proceed if action is not nil
2225: (when action
2226: ; Create the command string
2227: (let ((cmd (format "%s/chgrp" action)))
2228: ; Call syd--stat with the command
2229: (syd--stat (syd--rule cmd glob ?^))))))
2230:
2231: (defun syd-chmod-add (action glob)
2232: "Adds to the given actionlist of chmod sandboxing.
2233: ACTION is a constant representing the sandboxing action.
2234: GLOB is a string representing the glob pattern."
2235: (let ((action (cond
2236: ((eq action :action-allow) "allow")
2237: ((eq action :action-warn) "warn")
2238: ((eq action :action-filter) "filter")
2239: ((eq action :action-deny) "deny")
2240: ((eq action :action-panic) "panic")
2241: ((eq action :action-stop) "stop")
2242: ((eq action :action-abort) "abort")
2243: ((eq action :action-kill) "kill")
2244: ((eq action :action-exit) "exit"))))
2245: ; Only proceed if action is not nil
2246: (when action
2247: ; Create the command string
2248: (let ((cmd (format "%s/chmod" action)))
2249: ; Call syd--stat with the command
2250: (syd--stat (syd--rule cmd glob ?+))))))
2251:
2252: (defun syd-chmod-del (action glob)
2253: "Removes the first matching entry from the end of the given actionlist
2254: of chmod sandboxing.
2255: ACTION is a constant representing the sandboxing action.
2256: GLOB is a string representing the glob pattern."
2257: (let ((action (cond
2258: ((eq action :action-allow) "allow")
2259: ((eq action :action-warn) "warn")
2260: ((eq action :action-filter) "filter")
2261: ((eq action :action-deny) "deny")
2262: ((eq action :action-panic) "panic")
2263: ((eq action :action-stop) "stop")
2264: ((eq action :action-abort) "abort")
2265: ((eq action :action-kill) "kill")
2266: ((eq action :action-exit) "exit"))))
2267: ; Only proceed if action is not nil
2268: (when action
2269: ; Create the command string
2270: (let ((cmd (format "%s/chmod" action)))
2271: ; Call syd--stat with the command
2272: (syd--stat (syd--rule cmd glob ?-))))))
2273:
2274: (defun syd-chmod-rem (action glob)
2275: "Removes all matching entries from the given actionlist of chmod sandboxing.
2276: ACTION is a constant representing the sandboxing action.
2277: GLOB is a string representing the glob pattern."
2278: (let ((action (cond
2279: ((eq action :action-allow) "allow")
2280: ((eq action :action-warn) "warn")
2281: ((eq action :action-filter) "filter")
2282: ((eq action :action-deny) "deny")
2283: ((eq action :action-panic) "panic")
2284: ((eq action :action-stop) "stop")
2285: ((eq action :action-abort) "abort")
2286: ((eq action :action-kill) "kill")
2287: ((eq action :action-exit) "exit"))))
2288: ; Only proceed if action is not nil
2289: (when action
2290: ; Create the command string
2291: (let ((cmd (format "%s/chmod" action)))
2292: ; Call syd--stat with the command
2293: (syd--stat (syd--rule cmd glob ?^))))))
2294:
2295: (defun syd-chattr-add (action glob)
2296: "Adds to the given actionlist of chattr sandboxing.
2297: ACTION is a constant representing the sandboxing action.
2298: GLOB is a string representing the glob pattern."
2299: (let ((action (cond
2300: ((eq action :action-allow) "allow")
2301: ((eq action :action-warn) "warn")
2302: ((eq action :action-filter) "filter")
2303: ((eq action :action-deny) "deny")
2304: ((eq action :action-panic) "panic")
2305: ((eq action :action-stop) "stop")
2306: ((eq action :action-abort) "abort")
2307: ((eq action :action-kill) "kill")
2308: ((eq action :action-exit) "exit"))))
2309: ; Only proceed if action is not nil
2310: (when action
2311: ; Create the command string
2312: (let ((cmd (format "%s/chattr" action)))
2313: ; Call syd--stat with the command
2314: (syd--stat (syd--rule cmd glob ?+))))))
2315:
2316: (defun syd-chattr-del (action glob)
2317: "Removes the first matching entry from the end of the given actionlist
2318: of chattr sandboxing.
2319: ACTION is a constant representing the sandboxing action.
2320: GLOB is a string representing the glob pattern."
2321: (let ((action (cond
2322: ((eq action :action-allow) "allow")
2323: ((eq action :action-warn) "warn")
2324: ((eq action :action-filter) "filter")
2325: ((eq action :action-deny) "deny")
2326: ((eq action :action-panic) "panic")
2327: ((eq action :action-stop) "stop")
2328: ((eq action :action-abort) "abort")
2329: ((eq action :action-kill) "kill")
2330: ((eq action :action-exit) "exit"))))
2331: ; Only proceed if action is not nil
2332: (when action
2333: ; Create the command string
2334: (let ((cmd (format "%s/chattr" action)))
2335: ; Call syd--stat with the command
2336: (syd--stat (syd--rule cmd glob ?-))))))
2337:
2338: (defun syd-chattr-rem (action glob)
2339: "Removes all matching entries from the given actionlist of chattr sandboxing.
2340: ACTION is a constant representing the sandboxing action.
2341: GLOB is a string representing the glob pattern."
2342: (let ((action (cond
2343: ((eq action :action-allow) "allow")
2344: ((eq action :action-warn) "warn")
2345: ((eq action :action-filter) "filter")
2346: ((eq action :action-deny) "deny")
2347: ((eq action :action-panic) "panic")
2348: ((eq action :action-stop) "stop")
2349: ((eq action :action-abort) "abort")
2350: ((eq action :action-kill) "kill")
2351: ((eq action :action-exit) "exit"))))
2352: ; Only proceed if action is not nil
2353: (when action
2354: ; Create the command string
2355: (let ((cmd (format "%s/chattr" action)))
2356: ; Call syd--stat with the command
2357: (syd--stat (syd--rule cmd glob ?^))))))
2358:
2359: (defun syd-chroot-add (action glob)
2360: "Adds to the given actionlist of chroot sandboxing.
2361: ACTION is a constant representing the sandboxing action.
2362: GLOB is a string representing the glob pattern."
2363: (let ((action (cond
2364: ((eq action :action-allow) "allow")
2365: ((eq action :action-warn) "warn")
2366: ((eq action :action-filter) "filter")
2367: ((eq action :action-deny) "deny")
2368: ((eq action :action-panic) "panic")
2369: ((eq action :action-stop) "stop")
2370: ((eq action :action-abort) "abort")
2371: ((eq action :action-kill) "kill")
2372: ((eq action :action-exit) "exit"))))
2373: ; Only proceed if action is not nil
2374: (when action
2375: ; Create the command string
2376: (let ((cmd (format "%s/chroot" action)))
2377: ; Call syd--stat with the command
2378: (syd--stat (syd--rule cmd glob ?+))))))
2379:
2380: (defun syd-chroot-del (action glob)
2381: "Removes the first matching entry from the end of the given actionlist
2382: of chroot sandboxing.
2383: ACTION is a constant representing the sandboxing action.
2384: GLOB is a string representing the glob pattern."
2385: (let ((action (cond
2386: ((eq action :action-allow) "allow")
2387: ((eq action :action-warn) "warn")
2388: ((eq action :action-filter) "filter")
2389: ((eq action :action-deny) "deny")
2390: ((eq action :action-panic) "panic")
2391: ((eq action :action-stop) "stop")
2392: ((eq action :action-abort) "abort")
2393: ((eq action :action-kill) "kill")
2394: ((eq action :action-exit) "exit"))))
2395: ; Only proceed if action is not nil
2396: (when action
2397: ; Create the command string
2398: (let ((cmd (format "%s/chroot" action)))
2399: ; Call syd--stat with the command
2400: (syd--stat (syd--rule cmd glob ?-))))))
2401:
2402: (defun syd-chroot-rem (action glob)
2403: "Removes all matching entries from the given actionlist of chroot sandboxing.
2404: ACTION is a constant representing the sandboxing action.
2405: GLOB is a string representing the glob pattern."
2406: (let ((action (cond
2407: ((eq action :action-allow) "allow")
2408: ((eq action :action-warn) "warn")
2409: ((eq action :action-filter) "filter")
2410: ((eq action :action-deny) "deny")
2411: ((eq action :action-panic) "panic")
2412: ((eq action :action-stop) "stop")
2413: ((eq action :action-abort) "abort")
2414: ((eq action :action-kill) "kill")
2415: ((eq action :action-exit) "exit"))))
2416: ; Only proceed if action is not nil
2417: (when action
2418: ; Create the command string
2419: (let ((cmd (format "%s/chroot" action)))
2420: ; Call syd--stat with the command
2421: (syd--stat (syd--rule cmd glob ?^))))))
2422:
2423: (defun syd-utime-add (action glob)
2424: "Adds to the given actionlist of utime sandboxing.
2425: ACTION is a constant representing the sandboxing action.
2426: GLOB is a string representing the glob pattern."
2427: (let ((action (cond
2428: ((eq action :action-allow) "allow")
2429: ((eq action :action-warn) "warn")
2430: ((eq action :action-filter) "filter")
2431: ((eq action :action-deny) "deny")
2432: ((eq action :action-panic) "panic")
2433: ((eq action :action-stop) "stop")
2434: ((eq action :action-abort) "abort")
2435: ((eq action :action-kill) "kill")
2436: ((eq action :action-exit) "exit"))))
2437: ; Only proceed if action is not nil
2438: (when action
2439: ; Create the command string
2440: (let ((cmd (format "%s/utime" action)))
2441: ; Call syd--stat with the command
2442: (syd--stat (syd--rule cmd glob ?+))))))
2443:
2444: (defun syd-utime-del (action glob)
2445: "Removes the first matching entry from the end of the given actionlist
2446: of utime sandboxing.
2447: ACTION is a constant representing the sandboxing action.
2448: GLOB is a string representing the glob pattern."
2449: (let ((action (cond
2450: ((eq action :action-allow) "allow")
2451: ((eq action :action-warn) "warn")
2452: ((eq action :action-filter) "filter")
2453: ((eq action :action-deny) "deny")
2454: ((eq action :action-panic) "panic")
2455: ((eq action :action-stop) "stop")
2456: ((eq action :action-abort) "abort")
2457: ((eq action :action-kill) "kill")
2458: ((eq action :action-exit) "exit"))))
2459: ; Only proceed if action is not nil
2460: (when action
2461: ; Create the command string
2462: (let ((cmd (format "%s/utime" action)))
2463: ; Call syd--stat with the command
2464: (syd--stat (syd--rule cmd glob ?-))))))
2465:
2466: (defun syd-utime-rem (action glob)
2467: "Removes all matching entries from the given actionlist of utime sandboxing.
2468: ACTION is a constant representing the sandboxing action.
2469: GLOB is a string representing the glob pattern."
2470: (let ((action (cond
2471: ((eq action :action-allow) "allow")
2472: ((eq action :action-warn) "warn")
2473: ((eq action :action-filter) "filter")
2474: ((eq action :action-deny) "deny")
2475: ((eq action :action-panic) "panic")
2476: ((eq action :action-stop) "stop")
2477: ((eq action :action-abort) "abort")
2478: ((eq action :action-kill) "kill")
2479: ((eq action :action-exit) "exit"))))
2480: ; Only proceed if action is not nil
2481: (when action
2482: ; Create the command string
2483: (let ((cmd (format "%s/utime" action)))
2484: ; Call syd--stat with the command
2485: (syd--stat (syd--rule cmd glob ?^))))))
2486:
2487: (defun syd-mkbdev-add (action glob)
2488: "Adds to the given actionlist of mkbdev sandboxing.
2489: ACTION is a constant representing the sandboxing action.
2490: GLOB is a string representing the glob pattern."
2491: (let ((action (cond
2492: ((eq action :action-allow) "allow")
2493: ((eq action :action-warn) "warn")
2494: ((eq action :action-filter) "filter")
2495: ((eq action :action-deny) "deny")
2496: ((eq action :action-panic) "panic")
2497: ((eq action :action-stop) "stop")
2498: ((eq action :action-abort) "abort")
2499: ((eq action :action-kill) "kill")
2500: ((eq action :action-exit) "exit"))))
2501: ; Only proceed if action is not nil
2502: (when action
2503: ; Create the command string
2504: (let ((cmd (format "%s/mkbdev" action)))
2505: ; Call syd--stat with the command
2506: (syd--stat (syd--rule cmd glob ?+))))))
2507:
2508: (defun syd-mkbdev-del (action glob)
2509: "Removes the first matching entry from the end of the given actionlist
2510: of mkbdev sandboxing.
2511: ACTION is a constant representing the sandboxing action.
2512: GLOB is a string representing the glob pattern."
2513: (let ((action (cond
2514: ((eq action :action-allow) "allow")
2515: ((eq action :action-warn) "warn")
2516: ((eq action :action-filter) "filter")
2517: ((eq action :action-deny) "deny")
2518: ((eq action :action-panic) "panic")
2519: ((eq action :action-stop) "stop")
2520: ((eq action :action-abort) "abort")
2521: ((eq action :action-kill) "kill")
2522: ((eq action :action-exit) "exit"))))
2523: ; Only proceed if action is not nil
2524: (when action
2525: ; Create the command string
2526: (let ((cmd (format "%s/mkbdev" action)))
2527: ; Call syd--stat with the command
2528: (syd--stat (syd--rule cmd glob ?-))))))
2529:
2530: (defun syd-mkbdev-rem (action glob)
2531: "Removes all matching entries from the given actionlist of mkbdev sandboxing.
2532: ACTION is a constant representing the sandboxing action.
2533: GLOB is a string representing the glob pattern."
2534: (let ((action (cond
2535: ((eq action :action-allow) "allow")
2536: ((eq action :action-warn) "warn")
2537: ((eq action :action-filter) "filter")
2538: ((eq action :action-deny) "deny")
2539: ((eq action :action-panic) "panic")
2540: ((eq action :action-stop) "stop")
2541: ((eq action :action-abort) "abort")
2542: ((eq action :action-kill) "kill")
2543: ((eq action :action-exit) "exit"))))
2544: ; Only proceed if action is not nil
2545: (when action
2546: ; Create the command string
2547: (let ((cmd (format "%s/mkbdev" action)))
2548: ; Call syd--stat with the command
2549: (syd--stat (syd--rule cmd glob ?^))))))
2550:
2551: (defun syd-mkcdev-add (action glob)
2552: "Adds to the given actionlist of mkcdev sandboxing.
2553: ACTION is a constant representing the sandboxing action.
2554: GLOB is a string representing the glob pattern."
2555: (let ((action (cond
2556: ((eq action :action-allow) "allow")
2557: ((eq action :action-warn) "warn")
2558: ((eq action :action-filter) "filter")
2559: ((eq action :action-deny) "deny")
2560: ((eq action :action-panic) "panic")
2561: ((eq action :action-stop) "stop")
2562: ((eq action :action-abort) "abort")
2563: ((eq action :action-kill) "kill")
2564: ((eq action :action-exit) "exit"))))
2565: ; Only proceed if action is not nil
2566: (when action
2567: ; Create the command string
2568: (let ((cmd (format "%s/mkcdev" action)))
2569: ; Call syd--stat with the command
2570: (syd--stat (syd--rule cmd glob ?+))))))
2571:
2572: (defun syd-mkcdev-del (action glob)
2573: "Removes the first matching entry from the end of the given actionlist
2574: of mkcdev sandboxing.
2575: ACTION is a constant representing the sandboxing action.
2576: GLOB is a string representing the glob pattern."
2577: (let ((action (cond
2578: ((eq action :action-allow) "allow")
2579: ((eq action :action-warn) "warn")
2580: ((eq action :action-filter) "filter")
2581: ((eq action :action-deny) "deny")
2582: ((eq action :action-panic) "panic")
2583: ((eq action :action-stop) "stop")
2584: ((eq action :action-abort) "abort")
2585: ((eq action :action-kill) "kill")
2586: ((eq action :action-exit) "exit"))))
2587: ; Only proceed if action is not nil
2588: (when action
2589: ; Create the command string
2590: (let ((cmd (format "%s/mkcdev" action)))
2591: ; Call syd--stat with the command
2592: (syd--stat (syd--rule cmd glob ?-))))))
2593:
2594: (defun syd-mkcdev-rem (action glob)
2595: "Removes all matching entries from the given actionlist of mkcdev sandboxing.
2596: ACTION is a constant representing the sandboxing action.
2597: GLOB is a string representing the glob pattern."
2598: (let ((action (cond
2599: ((eq action :action-allow) "allow")
2600: ((eq action :action-warn) "warn")
2601: ((eq action :action-filter) "filter")
2602: ((eq action :action-deny) "deny")
2603: ((eq action :action-panic) "panic")
2604: ((eq action :action-stop) "stop")
2605: ((eq action :action-abort) "abort")
2606: ((eq action :action-kill) "kill")
2607: ((eq action :action-exit) "exit"))))
2608: ; Only proceed if action is not nil
2609: (when action
2610: ; Create the command string
2611: (let ((cmd (format "%s/mkcdev" action)))
2612: ; Call syd--stat with the command
2613: (syd--stat (syd--rule cmd glob ?^))))))
2614:
2615: (defun syd-mkfifo-add (action glob)
2616: "Adds to the given actionlist of mkfifo sandboxing.
2617: ACTION is a constant representing the sandboxing action.
2618: GLOB is a string representing the glob pattern."
2619: (let ((action (cond
2620: ((eq action :action-allow) "allow")
2621: ((eq action :action-warn) "warn")
2622: ((eq action :action-filter) "filter")
2623: ((eq action :action-deny) "deny")
2624: ((eq action :action-panic) "panic")
2625: ((eq action :action-stop) "stop")
2626: ((eq action :action-abort) "abort")
2627: ((eq action :action-kill) "kill")
2628: ((eq action :action-exit) "exit"))))
2629: ; Only proceed if action is not nil
2630: (when action
2631: ; Create the command string
2632: (let ((cmd (format "%s/mkfifo" action)))
2633: ; Call syd--stat with the command
2634: (syd--stat (syd--rule cmd glob ?+))))))
2635:
2636: (defun syd-mkfifo-del (action glob)
2637: "Removes the first matching entry from the end of the given actionlist
2638: of mkfifo sandboxing.
2639: ACTION is a constant representing the sandboxing action.
2640: GLOB is a string representing the glob pattern."
2641: (let ((action (cond
2642: ((eq action :action-allow) "allow")
2643: ((eq action :action-warn) "warn")
2644: ((eq action :action-filter) "filter")
2645: ((eq action :action-deny) "deny")
2646: ((eq action :action-panic) "panic")
2647: ((eq action :action-stop) "stop")
2648: ((eq action :action-abort) "abort")
2649: ((eq action :action-kill) "kill")
2650: ((eq action :action-exit) "exit"))))
2651: ; Only proceed if action is not nil
2652: (when action
2653: ; Create the command string
2654: (let ((cmd (format "%s/mkfifo" action)))
2655: ; Call syd--stat with the command
2656: (syd--stat (syd--rule cmd glob ?-))))))
2657:
2658: (defun syd-mkfifo-rem (action glob)
2659: "Removes all matching entries from the given actionlist of mkfifo sandboxing.
2660: ACTION is a constant representing the sandboxing action.
2661: GLOB is a string representing the glob pattern."
2662: (let ((action (cond
2663: ((eq action :action-allow) "allow")
2664: ((eq action :action-warn) "warn")
2665: ((eq action :action-filter) "filter")
2666: ((eq action :action-deny) "deny")
2667: ((eq action :action-panic) "panic")
2668: ((eq action :action-stop) "stop")
2669: ((eq action :action-abort) "abort")
2670: ((eq action :action-kill) "kill")
2671: ((eq action :action-exit) "exit"))))
2672: ; Only proceed if action is not nil
2673: (when action
2674: ; Create the command string
2675: (let ((cmd (format "%s/mkfifo" action)))
2676: ; Call syd--stat with the command
2677: (syd--stat (syd--rule cmd glob ?^))))))
2678:
2679: (defun syd-mktemp-add (action glob)
2680: "Adds to the given actionlist of mktemp sandboxing.
2681: ACTION is a constant representing the sandboxing action.
2682: GLOB is a string representing the glob pattern."
2683: (let ((action (cond
2684: ((eq action :action-allow) "allow")
2685: ((eq action :action-warn) "warn")
2686: ((eq action :action-filter) "filter")
2687: ((eq action :action-deny) "deny")
2688: ((eq action :action-panic) "panic")
2689: ((eq action :action-stop) "stop")
2690: ((eq action :action-abort) "abort")
2691: ((eq action :action-kill) "kill")
2692: ((eq action :action-exit) "exit"))))
2693: ; Only proceed if action is not nil
2694: (when action
2695: ; Create the command string
2696: (let ((cmd (format "%s/mktemp" action)))
2697: ; Call syd--stat with the command
2698: (syd--stat (syd--rule cmd glob ?+))))))
2699:
2700: (defun syd-mktemp-del (action glob)
2701: "Removes the first matching entry from the end of the given actionlist
2702: of mktemp sandboxing.
2703: ACTION is a constant representing the sandboxing action.
2704: GLOB is a string representing the glob pattern."
2705: (let ((action (cond
2706: ((eq action :action-allow) "allow")
2707: ((eq action :action-warn) "warn")
2708: ((eq action :action-filter) "filter")
2709: ((eq action :action-deny) "deny")
2710: ((eq action :action-panic) "panic")
2711: ((eq action :action-stop) "stop")
2712: ((eq action :action-abort) "abort")
2713: ((eq action :action-kill) "kill")
2714: ((eq action :action-exit) "exit"))))
2715: ; Only proceed if action is not nil
2716: (when action
2717: ; Create the command string
2718: (let ((cmd (format "%s/mktemp" action)))
2719: ; Call syd--stat with the command
2720: (syd--stat (syd--rule cmd glob ?-))))))
2721:
2722: (defun syd-mktemp-rem (action glob)
2723: "Removes all matching entries from the given actionlist of mktemp sandboxing.
2724: ACTION is a constant representing the sandboxing action.
2725: GLOB is a string representing the glob pattern."
2726: (let ((action (cond
2727: ((eq action :action-allow) "allow")
2728: ((eq action :action-warn) "warn")
2729: ((eq action :action-filter) "filter")
2730: ((eq action :action-deny) "deny")
2731: ((eq action :action-panic) "panic")
2732: ((eq action :action-stop) "stop")
2733: ((eq action :action-abort) "abort")
2734: ((eq action :action-kill) "kill")
2735: ((eq action :action-exit) "exit"))))
2736: ; Only proceed if action is not nil
2737: (when action
2738: ; Create the command string
2739: (let ((cmd (format "%s/mktemp" action)))
2740: ; Call syd--stat with the command
2741: (syd--stat (syd--rule cmd glob ?^))))))
2742:
2743: (defun syd-net-bind-add (action addr)
2744: "Adds to the given actionlist of net/bind sandboxing.
2745: ACTION is a constant representing the sandboxing action.
2746: ADDR is a string representing the address pattern."
2747: (let ((action (cond
2748: ((eq action :action-allow) "allow")
2749: ((eq action :action-warn) "warn")
2750: ((eq action :action-filter) "filter")
2751: ((eq action :action-deny) "deny")
2752: ((eq action :action-panic) "panic")
2753: ((eq action :action-stop) "stop")
2754: ((eq action :action-abort) "abort")
2755: ((eq action :action-kill) "kill")
2756: ((eq action :action-exit) "exit"))))
2757: ; Only proceed if action is not nil
2758: (when action
2759: ; Create the command string
2760: (let ((cmd (format "%s/net/bind" action)))
2761: ; Call syd--stat with the command
2762: (syd--stat (syd--rule cmd addr ?+))))))
2763:
2764: (defun syd-net-bind-del (action addr)
2765: "Removes the first matching entry from the end of the given actionlist
2766: of net/bind sandboxing.
2767: ACTION is a constant representing the sandboxing action.
2768: ADDR is a string representing the address pattern."
2769: (let ((action (cond
2770: ((eq action :action-allow) "allow")
2771: ((eq action :action-warn) "warn")
2772: ((eq action :action-filter) "filter")
2773: ((eq action :action-deny) "deny")
2774: ((eq action :action-panic) "panic")
2775: ((eq action :action-stop) "stop")
2776: ((eq action :action-abort) "abort")
2777: ((eq action :action-kill) "kill")
2778: ((eq action :action-exit) "exit"))))
2779: ; Only proceed if action is not nil
2780: (when action
2781: ; Create the command string
2782: (let ((cmd (format "%s/net/bind" action)))
2783: ; Call syd--stat with the command
2784: (syd--stat (syd--rule cmd addr ?-))))))
2785:
2786: (defun syd-net-bind-rem (action addr)
2787: "Removes all matching entries from the given actionlist of net/bind sandboxing.
2788: ACTION is a constant representing the sandboxing action.
2789: ADDR is a string representing the address pattern."
2790: (let ((action (cond
2791: ((eq action :action-allow) "allow")
2792: ((eq action :action-warn) "warn")
2793: ((eq action :action-filter) "filter")
2794: ((eq action :action-deny) "deny")
2795: ((eq action :action-panic) "panic")
2796: ((eq action :action-stop) "stop")
2797: ((eq action :action-abort) "abort")
2798: ((eq action :action-kill) "kill")
2799: ((eq action :action-exit) "exit"))))
2800: ; Only proceed if action is not nil
2801: (when action
2802: ; Create the command string
2803: (let ((cmd (format "%s/net/bind" action)))
2804: ; Call syd--stat with the command
2805: (syd--stat (syd--rule cmd addr ?^))))))
2806:
2807: (defun syd-net-connect-add (action addr)
2808: "Adds to the given actionlist of net/connect sandboxing.
2809: ACTION is a constant representing the sandboxing action.
2810: ADDR is a string representing the address pattern."
2811: (let ((action (cond
2812: ((eq action :action-allow) "allow")
2813: ((eq action :action-warn) "warn")
2814: ((eq action :action-filter) "filter")
2815: ((eq action :action-deny) "deny")
2816: ((eq action :action-panic) "panic")
2817: ((eq action :action-stop) "stop")
2818: ((eq action :action-abort) "abort")
2819: ((eq action :action-kill) "kill")
2820: ((eq action :action-exit) "exit"))))
2821: ; Only proceed if action is not nil
2822: (when action
2823: ; Create the command string
2824: (let ((cmd (format "%s/net/connect" action)))
2825: ; Call syd--stat with the command
2826: (syd--stat (syd--rule cmd addr ?+))))))
2827:
2828: (defun syd-net-connect-del (action addr)
2829: "Removes the first matching entry from the end of the given actionlist
2830: of net/connect sandboxing.
2831: ACTION is a constant representing the sandboxing action.
2832: ADDR is a string representing the address pattern."
2833: (let ((action (cond
2834: ((eq action :action-allow) "allow")
2835: ((eq action :action-warn) "warn")
2836: ((eq action :action-filter) "filter")
2837: ((eq action :action-deny) "deny")
2838: ((eq action :action-panic) "panic")
2839: ((eq action :action-stop) "stop")
2840: ((eq action :action-abort) "abort")
2841: ((eq action :action-kill) "kill")
2842: ((eq action :action-exit) "exit"))))
2843: ; Only proceed if action is not nil
2844: (when action
2845: ; Create the command string
2846: (let ((cmd (format "%s/net/connect" action)))
2847: ; Call syd--stat with the command
2848: (syd--stat (syd--rule cmd addr ?-))))))
2849:
2850: (defun syd-net-connect-rem (action addr)
2851: "Removes all matching entries from the given actionlist of net/connect
2852: sandboxing.
2853: ACTION is a constant representing the sandboxing action.
2854: ADDR is a string representing the address pattern."
2855: (let ((action (cond
2856: ((eq action :action-allow) "allow")
2857: ((eq action :action-warn) "warn")
2858: ((eq action :action-filter) "filter")
2859: ((eq action :action-deny) "deny")
2860: ((eq action :action-panic) "panic")
2861: ((eq action :action-stop) "stop")
2862: ((eq action :action-abort) "abort")
2863: ((eq action :action-kill) "kill")
2864: ((eq action :action-exit) "exit"))))
2865: ; Only proceed if action is not nil
2866: (when action
2867: ; Create the command string
2868: (let ((cmd (format "%s/net/connect" action)))
2869: ; Call syd--stat with the command
2870: (syd--stat (syd--rule cmd addr ?^))))))
2871:
2872: (defun syd-net-sendfd-add (action addr)
2873: "Adds to the given actionlist of net/sendfd sandboxing.
2874: ACTION is a constant representing the sandboxing action.
2875: ADDR is a string representing the address pattern."
2876: (let ((action (cond
2877: ((eq action :action-allow) "allow")
2878: ((eq action :action-warn) "warn")
2879: ((eq action :action-filter) "filter")
2880: ((eq action :action-deny) "deny")
2881: ((eq action :action-panic) "panic")
2882: ((eq action :action-stop) "stop")
2883: ((eq action :action-abort) "abort")
2884: ((eq action :action-kill) "kill")
2885: ((eq action :action-exit) "exit"))))
2886: ; Only proceed if action is not nil
2887: (when action
2888: ; Create the command string
2889: (let ((cmd (format "%s/net/sendfd" action)))
2890: ; Call syd--stat with the command
2891: (syd--stat (syd--rule cmd addr ?+))))))
2892:
2893: (defun syd-net-sendfd-del (action addr)
2894: "Removes the first matching entry from the end of the given actionlist
2895: of net/sendfd sandboxing.
2896: ACTION is a constant representing the sandboxing action.
2897: ADDR is a string representing the address pattern."
2898: (let ((action (cond
2899: ((eq action :action-allow) "allow")
2900: ((eq action :action-warn) "warn")
2901: ((eq action :action-filter) "filter")
2902: ((eq action :action-deny) "deny")
2903: ((eq action :action-panic) "panic")
2904: ((eq action :action-stop) "stop")
2905: ((eq action :action-abort) "abort")
2906: ((eq action :action-kill) "kill")
2907: ((eq action :action-exit) "exit"))))
2908: ; Only proceed if action is not nil
2909: (when action
2910: ; Create the command string
2911: (let ((cmd (format "%s/net/sendfd" action)))
2912: ; Call syd--stat with the command
2913: (syd--stat (syd--rule cmd addr ?-))))))
2914:
2915: (defun syd-net-sendfd-rem (action addr)
2916: "Removes all matching entries from the given actionlist of net/sendfd sandboxing.
2917: ACTION is a constant representing the sandboxing action.
2918: ADDR is a string representing the address pattern."
2919: (let ((action (cond
2920: ((eq action :action-allow) "allow")
2921: ((eq action :action-warn) "warn")
2922: ((eq action :action-filter) "filter")
2923: ((eq action :action-deny) "deny")
2924: ((eq action :action-panic) "panic")
2925: ((eq action :action-stop) "stop")
2926: ((eq action :action-abort) "abort")
2927: ((eq action :action-kill) "kill")
2928: ((eq action :action-exit) "exit"))))
2929: ; Only proceed if action is not nil
2930: (when action
2931: ; Create the command string
2932: (let ((cmd (format "%s/net/sendfd" action)))
2933: ; Call syd--stat with the command
2934: (syd--stat (syd--rule cmd addr ?^))))))
2935:
2936: (defun syd-net-link-add (action addr)
2937: "Adds to the given actionlist of net/link sandboxing.
2938: ACTION is a constant representing the sandboxing action.
2939: ADDR is a string representing the address pattern."
2940: (let ((action (cond
2941: ((eq action :action-allow) "allow")
2942: ((eq action :action-warn) "warn")
2943: ((eq action :action-filter) "filter")
2944: ((eq action :action-deny) "deny")
2945: ((eq action :action-panic) "panic")
2946: ((eq action :action-stop) "stop")
2947: ((eq action :action-abort) "abort")
2948: ((eq action :action-kill) "kill")
2949: ((eq action :action-exit) "exit"))))
2950: ; Only proceed if action is not nil
2951: (when action
2952: ; Create the command string
2953: (let ((cmd (format "%s/net/link" action)))
2954: ; Call syd--stat with the command
2955: (syd--stat (syd--rule cmd addr ?+))))))
2956:
2957: (defun syd-net-link-del (action addr)
2958: "Removes the first matching entry from the end of the given actionlist
2959: of net/link sandboxing.
2960: ACTION is a constant representing the sandboxing action.
2961: ADDR is a string representing the address pattern."
2962: (let ((action (cond
2963: ((eq action :action-allow) "allow")
2964: ((eq action :action-warn) "warn")
2965: ((eq action :action-filter) "filter")
2966: ((eq action :action-deny) "deny")
2967: ((eq action :action-panic) "panic")
2968: ((eq action :action-stop) "stop")
2969: ((eq action :action-abort) "abort")
2970: ((eq action :action-kill) "kill")
2971: ((eq action :action-exit) "exit"))))
2972: ; Only proceed if action is not nil
2973: (when action
2974: ; Create the command string
2975: (let ((cmd (format "%s/net/link" action)))
2976: ; Call syd--stat with the command
2977: (syd--stat (syd--rule cmd addr ?-))))))
2978:
2979: (defun syd-net-link-rem (action addr)
2980: "Removes all matching entries from the given actionlist of net/link sandboxing.
2981: ACTION is a constant representing the sandboxing action.
2982: ADDR is a string representing the address pattern."
2983: (let ((action (cond
2984: ((eq action :action-allow) "allow")
2985: ((eq action :action-warn) "warn")
2986: ((eq action :action-filter) "filter")
2987: ((eq action :action-deny) "deny")
2988: ((eq action :action-panic) "panic")
2989: ((eq action :action-stop) "stop")
2990: ((eq action :action-abort) "abort")
2991: ((eq action :action-kill) "kill")
2992: ((eq action :action-exit) "exit"))))
2993: ; Only proceed if action is not nil
2994: (when action
2995: ; Create the command string
2996: (let ((cmd (format "%s/net/link" action)))
2997: ; Call syd--stat with the command
2998: (syd--stat (syd--rule cmd addr ?^))))))
2999:
3000: (defun syd-force-add (path hash action)
3001: "Adds an entry to the Integrity Force map for Force Sandboxing.
3002: PATH is a fully-qualified file name.
3003: HASH is a hexadecimal encoded checksum.
3004: ACTION is one of :action-warn, :action-filter, :action-deny, :action-panic, :action-stop, :action-abort, :action-kill, or :action-exit."
3005: (let ((action (cond ((eq action :action-warn) "warn")
3006: ((eq action :action-filter) "filter")
3007: ((eq action :action-deny) "deny")
3008: ((eq action :action-deny) "panic")
3009: ((eq action :action-stop) "stop")
3010: ((eq action :action-abort) "abort")
3011: ((eq action :action-kill) "kill")
3012: ((eq action :action-kill) "exit"))))
3013: ; Only proceed if action is not nil
3014: (when action
3015: ; Create the command string
3016: (let ((cmd (format "/dev/syd/force+%s:%s:%s" path hash action)))
3017: ; Call syd--stat with the command
3018: (syd--stat cmd)))))
3019:
3020: (defun syd-force-del (path)
3021: "Removes an entry from the Integrity Force map for Force Sandboxing.
3022: PATH is a fully-qualified file name."
3023: ; Create the command string
3024: (let ((cmd (format "/dev/syd/force-%s" path)))
3025: ; Call syd--stat with the command
3026: (syd--stat cmd)))
3027:
3028: (defun syd-force-clr ()
3029: "Clears the Integrity Force map for Force Sandboxing."
3030: (syd--stat "/dev/syd/force^"))
3031:
3032: (defun syd-mem-max (size)
3033: "Set syd maximum per-process memory usage limit.
3034: SIZE can be an integer or a string representing the memory limit."
3035: (let ((size-str (cond ((integerp size) (number-to-string size))
3036: ((stringp size) size)
3037: (t (error "Size must be an integer or a string")))))
3038: (syd--stat (syd--rule "mem/max" size-str ?:))))
3039:
3040: (defun syd-mem-vm-max (size)
3041: "Set syd maximum per-process virtual memory usage limit.
3042: SIZE can be an integer or a string representing the memory limit."
3043: (let ((size-str (cond ((integerp size) (number-to-string size))
3044: ((stringp size) size)
3045: (t (error "Size must be an integer or a string")))))
3046: (syd--stat (syd--rule "mem/vm_max" size-str ?:))))
3047:
3048: (defun syd-pid-max (size)
3049: "Set syd maximum process ID limit for PID sandboxing.
3050: SIZE is a number representing the PID limit."
3051: (unless (numberp size)
3052: (error "Size must be a number"))
3053: (let ((path (format "/dev/syd/pid/max:%d" size)))
3054: (syd--stat path)))
3055:
3056: (defun syd-segvguard-expiry (timeout)
3057: "Specify SegvGuard entry expiry timeout in seconds.
3058: Setting this timeout to 0 effectively disables SegvGuard.
3059: TIMEOUT is a number representing the timeout in seconds."
3060: (unless (numberp timeout)
3061: (error "Timeout must be a number"))
3062: (let ((path (format "/dev/syd/segvguard/expiry:%d" timeout)))
3063: (syd--stat path)))
3064:
3065: (defun syd-segvguard-suspension (timeout)
3066: "Specify SegvGuard entry suspension timeout in seconds.
3067: TIMEOUT is a number representing the timeout in seconds."
3068: (unless (numberp timeout)
3069: (error "Timeout must be a number"))
3070: (let ((path (format "/dev/syd/segvguard/suspension:%d" timeout)))
3071: (syd--stat path)))
3072:
3073: (defun syd-segvguard-maxcrashes (limit)
3074: "Specify SegvGuard max number of crashes before suspension.
3075: LIMIT is a number representing the crash limit."
3076: (unless (numberp limit)
3077: (error "Limit must be a number"))
3078: (let ((path (format "/dev/syd/segvguard/maxcrashes:%d" limit)))
3079: (syd--stat path)))
3080:
3081: (defun syd-exec (file argv)
3082: "Execute a command outside the sandbox without sandboxing.
3083: FILE is the file path of the command as a string.
3084: ARGV is a list of strings representing the arguments to the command."
3085: (unless (stringp file)
3086: (error "File must be a string"))
3087: (let ((all-strings t))
3088: (dolist (arg argv)
3089: (unless (stringp arg)
3090: (setq all-strings nil)))
3091: (unless all-strings
3092: (error "All elements in ARGV must be strings")))
3093:
3094: (let ((cmd (mapconcat 'identity (cons file argv) "\x1F")))
3095: (syd--stat (concat "/dev/syd/cmd/exec!" cmd))))
3096:
3097: (defun syd--rule (rule elem op)
3098: "Helper function to construct a path for syd operations.
3099: RULE is a string representing the rule.
3100: ELEM is a string representing the element.
3101: OP is a character representing the operation."
3102: (unless (member op '(?+ ?- ?^ ?:))
3103: (error "Invalid operation"))
3104: (when (string-empty-p elem)
3105: (error "Element cannot be empty"))
3106: (concat "/dev/syd/" rule (char-to-string op) elem))
3107:
3108: (defun syd--stat (path)
3109: "Check if the file at PATH exists using `file-modes'."
3110: (condition-case nil
3111: (not (null (file-modes path)))
3112: (error nil))) ; On error, return nil
3113:
3114: (provide 'syd)
3115: ; syd.el ends here
3116:
26/10/2025 18:32:19, src/syd.el, Ali Polatel