1: ; -*- lexical-binding: t -*-
2: ;
3: ; syd.el --- Emacs Lisp implementation of the virtual Syd stat(2) interface
4: ;
5: ; Syd: rock-solid application kernel
6: ; src/syd.el: Emacs Lisp implementation of the virtual Syd stat(2) interface
7: ;
8: ; Copyright (c) 2023, 2024, 2025 Ali Polatel <alip@chesswob.org>
9: ;
10: ; SPDX-License-Identifier: GPL-3.0
11:
12: ; Define lock states as keywords
13: (defconst syd-lock-off :lock-off
14: "The sandbox lock is off, allowing all sandbox commands.")
15:
16: (defconst syd-lock-exec :lock-exec
17: "The sandbox lock is set to on for all processes except the initial process
18: \(syd exec child). This is the default state.")
19:
20: (defconst syd-lock-on :lock-on
21: "The sandbox lock is on, disallowing all sandbox commands.")
22:
23: ; Define sandbox actions as keywords
24: (defconst syd-action-allow :action-allow
25: "Allow system call.")
26:
27: (defconst syd-action-warn :action-warn
28: "Allow system call and warn.")
29:
30: (defconst syd-action-filter :action-filter
31: "Deny system call silently.")
32:
33: (defconst syd-action-deny :action-deny
34: "Deny system call and warn.")
35:
36: (defconst syd-action-panic :action-panic
37: "Deny system call, warn and panic the current Syd thread.")
38:
39: (defconst syd-action-stop :action-stop
40: "Deny system call, warn and stop offending process.")
41:
42: (defconst syd-action-abort :action-abort
43: "Deny system call, warn and abort offending process.")
44:
45: (defconst syd-action-kill :action-kill
46: "Deny system call, warn and kill offending process.")
47:
48: (defconst syd-action-exit :action-exit
49: "Warn, and exit Syd immediately with deny errno as exit value.")
50:
51: (defun syd-info ()
52: "Reads the state of the syd sandbox from /dev/syd and returns it as an alist.
53: If the `json' module is not available, returns nil."
54: (if (require 'json nil t)
55: (condition-case nil
56: (with-temp-buffer
57: (insert-file-contents "/dev/syd")
58: (with-no-warnings
59: (let ((json-object-type 'alist)
60: (json-array-type 'list)
61: (json-key-type 'symbol)
62: (json-false nil)
63: (json-null nil))
64: (json-read))))
65: (file-error
66: (message "Error reading /dev/syd.")
67: nil)
68: (json-error
69: (message "JSON decoding error.")
70: nil))
71: (progn
72: (message "JSON module not available.")
73: nil)))
74:
75: (defun syd-api ()
76: "Performs a syd API check."
77: (if (syd--stat "/dev/syd/3")
78: 3 ; API number on success
79: nil)) ; On error, return nil
80:
81: (defun syd-check ()
82: "Check if '/dev/syd' is a character device."
83: (syd--stat "/dev/syd"))
84:
85: (defun syd-panic ()
86: "Causes syd to exit immediately with code 127"
87: (syd--stat "/dev/syd/panic"))
88:
89: (defun syd-reset ()
90: "Causes syd to reset sandboxing to the default state."
91: (syd--stat "/dev/syd/reset"))
92:
93: (defun syd-load (fd)
94: "Causes syd to read configuration from the given file descriptor FD."
95: (let ((path (concat "/dev/syd/load/" (number-to-string fd))))
96: (syd--stat path)))
97:
98: (defun syd-lock (state)
99: "Sets the state of the sandbox lock.
100: STATE is one of the keywords :lock-off, :lock-exec, or :lock-on.
101: Returns t on success, nil on failure."
102: (cond
103: ((eq state syd-lock-off) (syd--stat "/dev/syd/lock:off"))
104: ((eq state syd-lock-exec) (syd--stat "/dev/syd/lock:exec"))
105: ((eq state syd-lock-on) (syd--stat "/dev/syd/lock:on"))
106: (t nil))) ; Invalid state
107:
108: (defun syd-enabled-fs ()
109: "Checks if Filesystem sandboxing is enabled."
110: (syd--stat "/dev/syd/sandbox/fs?"))
111:
112: (defun syd-enable-fs ()
113: "Enable Filesystem sandboxing."
114: (syd--stat "/dev/syd/sandbox/fs:on"))
115:
116: (defun syd-disable-fs ()
117: "Disable Filesystem sandboxing."
118: (syd--stat "/dev/syd/sandbox/fs:off"))
119:
120: (defun syd-enabled-walk ()
121: "Checks if Walk sandboxing is enabled."
122: (syd--stat "/dev/syd/sandbox/walk?"))
123:
124: (defun syd-enable-walk ()
125: "Enable Walk sandboxing."
126: (syd--stat "/dev/syd/sandbox/walk:on"))
127:
128: (defun syd-disable-walk ()
129: "Disable Walk sandboxing."
130: (syd--stat "/dev/syd/sandbox/walk:off"))
131:
132: (defun syd-enabled-stat ()
133: "Checks if Stat sandboxing is enabled."
134: (syd--stat "/dev/syd/sandbox/stat?"))
135:
136: (defun syd-enable-stat ()
137: "Enable Stat sandboxing."
138: (syd--stat "/dev/syd/sandbox/stat:on"))
139:
140: (defun syd-disable-stat ()
141: "Disable Stat sandboxing."
142: (syd--stat "/dev/syd/sandbox/stat:off"))
143:
144: (defun syd-enabled-read ()
145: "Checks if Read sandboxing is enabled."
146: (syd--stat "/dev/syd/sandbox/read?"))
147:
148: (defun syd-enable-read ()
149: "Enable Read sandboxing."
150: (syd--stat "/dev/syd/sandbox/read:on"))
151:
152: (defun syd-disable-read ()
153: "Disable Read sandboxing."
154: (syd--stat "/dev/syd/sandbox/read:off"))
155:
156: (defun syd-enabled-write ()
157: "Checks if Write sandboxing is enabled."
158: (syd--stat "/dev/syd/sandbox/write?"))
159:
160: (defun syd-enable-write ()
161: "Enable Write sandboxing."
162: (syd--stat "/dev/syd/sandbox/write:on"))
163:
164: (defun syd-disable-write ()
165: "Disable Write sandboxing."
166: (syd--stat "/dev/syd/sandbox/write:off"))
167:
168: (defun syd-enabled-exec ()
169: "Checks if Exec sandboxing is enabled."
170: (syd--stat "/dev/syd/sandbox/exec?"))
171:
172: (defun syd-enable-exec ()
173: "Enable Exec sandboxing."
174: (syd--stat "/dev/syd/sandbox/exec:on"))
175:
176: (defun syd-disable-exec ()
177: "Disable Exec sandboxing."
178: (syd--stat "/dev/syd/sandbox/exec:off"))
179:
180: (defun syd-enabled-ioctl ()
181: "Checks if Ioctl sandboxing is enabled."
182: (syd--stat "/dev/syd/sandbox/ioctl?"))
183:
184: (defun syd-enable-ioctl ()
185: "Enable Ioctl sandboxing."
186: (syd--stat "/dev/syd/sandbox/ioctl:on"))
187:
188: (defun syd-disable-ioctl ()
189: "Disable Ioctl sandboxing."
190: (syd--stat "/dev/syd/sandbox/ioctl:off"))
191:
192: (defun syd-enabled-create ()
193: "Checks if create sandboxing is enabled."
194: (syd--stat "/dev/syd/sandbox/create?"))
195:
196: (defun syd-enable-create ()
197: "Enable create sandboxing."
198: (syd--stat "/dev/syd/sandbox/create:on"))
199:
200: (defun syd-disable-create ()
201: "Disable create sandboxing."
202: (syd--stat "/dev/syd/sandbox/create:off"))
203:
204: (defun syd-enabled-delete ()
205: "Checks if delete sandboxing is enabled."
206: (syd--stat "/dev/syd/sandbox/delete?"))
207:
208: (defun syd-enable-delete ()
209: "Enable delete sandboxing."
210: (syd--stat "/dev/syd/sandbox/delete:on"))
211:
212: (defun syd-disable-delete ()
213: "Disable delete sandboxing."
214: (syd--stat "/dev/syd/sandbox/delete:off"))
215:
216: (defun syd-enabled-rename ()
217: "Checks if rename sandboxing is enabled."
218: (syd--stat "/dev/syd/sandbox/rename?"))
219:
220: (defun syd-enable-rename ()
221: "Enable rename sandboxing."
222: (syd--stat "/dev/syd/sandbox/rename:on"))
223:
224: (defun syd-disable-rename ()
225: "Disable rename sandboxing."
226: (syd--stat "/dev/syd/sandbox/rename:off"))
227:
228: (defun syd-enabled-symlink ()
229: "Checks if symlink sandboxing is enabled."
230: (syd--stat "/dev/syd/sandbox/symlink?"))
231:
232: (defun syd-enable-symlink ()
233: "Enable symlink sandboxing."
234: (syd--stat "/dev/syd/sandbox/symlink:on"))
235:
236: (defun syd-disable-symlink ()
237: "Disable symlink sandboxing."
238: (syd--stat "/dev/syd/sandbox/symlink:off"))
239:
240: (defun syd-enabled-truncate ()
241: "Checks if Truncate sandboxing is enabled."
242: (syd--stat "/dev/syd/sandbox/truncate?"))
243:
244: (defun syd-enable-truncate ()
245: "Enable Truncate sandboxing."
246: (syd--stat "/dev/syd/sandbox/truncate:on"))
247:
248: (defun syd-disable-truncate ()
249: "Disable Truncate sandboxing."
250: (syd--stat "/dev/syd/sandbox/truncate:off"))
251:
252: (defun syd-enabled-chdir ()
253: "Checks if chdir sandboxing is enabled."
254: (syd--stat "/dev/syd/sandbox/chdir?"))
255:
256: (defun syd-enable-chdir ()
257: "Enable chdir sandboxing."
258: (syd--stat "/dev/syd/sandbox/chdir:on"))
259:
260: (defun syd-disable-chdir ()
261: "Disable chdir sandboxing."
262: (syd--stat "/dev/syd/sandbox/chdir:off"))
263:
264: (defun syd-enabled-readdir ()
265: "Checks if readdir sandboxing is enabled."
266: (syd--stat "/dev/syd/sandbox/readdir?"))
267:
268: (defun syd-enable-readdir ()
269: "Enable readdir sandboxing."
270: (syd--stat "/dev/syd/sandbox/readdir:on"))
271:
272: (defun syd-disable-readdir ()
273: "Disable readdir sandboxing."
274: (syd--stat "/dev/syd/sandbox/readdir:off"))
275:
276: (defun syd-enabled-mkdir ()
277: "Checks if mkdir sandboxing is enabled."
278: (syd--stat "/dev/syd/sandbox/mkdir?"))
279:
280: (defun syd-enable-mkdir ()
281: "Enable mkdir sandboxing."
282: (syd--stat "/dev/syd/sandbox/mkdir:on"))
283:
284: (defun syd-disable-mkdir ()
285: "Disable mkdir sandboxing."
286: (syd--stat "/dev/syd/sandbox/mkdir:off"))
287:
288: (defun syd-enabled-rmdir ()
289: "Checks if rmdir sandboxing is enabled."
290: (syd--stat "/dev/syd/sandbox/rmdir?"))
291:
292: (defun syd-enable-rmdir ()
293: "Enable rmdir sandboxing."
294: (syd--stat "/dev/syd/sandbox/rmdir:on"))
295:
296: (defun syd-disable-rmdir ()
297: "Disable rmdir sandboxing."
298: (syd--stat "/dev/syd/sandbox/rmdir:off"))
299:
300: (defun syd-enabled-chown ()
301: "Checks if chown sandboxing is enabled."
302: (syd--stat "/dev/syd/sandbox/chown?"))
303:
304: (defun syd-enable-chown ()
305: "Enable chown sandboxing."
306: (syd--stat "/dev/syd/sandbox/chown:on"))
307:
308: (defun syd-disable-chown ()
309: "Disable chown sandboxing."
310: (syd--stat "/dev/syd/sandbox/chown:off"))
311:
312: (defun syd-enabled-chgrp ()
313: "Checks if chgrp sandboxing is enabled."
314: (syd--stat "/dev/syd/sandbox/chgrp?"))
315:
316: (defun syd-enable-chgrp ()
317: "Enable chgrp sandboxing."
318: (syd--stat "/dev/syd/sandbox/chgrp:on"))
319:
320: (defun syd-disable-chgrp ()
321: "Disable chgrp sandboxing."
322: (syd--stat "/dev/syd/sandbox/chgrp:off"))
323:
324: (defun syd-enabled-chmod ()
325: "Checks if chmod sandboxing is enabled."
326: (syd--stat "/dev/syd/sandbox/chmod?"))
327:
328: (defun syd-enable-chmod ()
329: "Enable chmod sandboxing."
330: (syd--stat "/dev/syd/sandbox/chmod:on"))
331:
332: (defun syd-disable-chmod ()
333: "Disable chmod sandboxing."
334: (syd--stat "/dev/syd/sandbox/chmod:off"))
335:
336: (defun syd-enabled-chattr ()
337: "Checks if chattr sandboxing is enabled."
338: (syd--stat "/dev/syd/sandbox/chattr?"))
339:
340: (defun syd-enable-chattr ()
341: "Enable chattr sandboxing."
342: (syd--stat "/dev/syd/sandbox/chattr:on"))
343:
344: (defun syd-disable-chattr ()
345: "Disable chattr sandboxing."
346: (syd--stat "/dev/syd/sandbox/chattr:off"))
347:
348: (defun syd-enabled-chroot ()
349: "Checks if chroot sandboxing is enabled."
350: (syd--stat "/dev/syd/sandbox/chroot?"))
351:
352: (defun syd-enable-chroot ()
353: "Enable chroot sandboxing."
354: (syd--stat "/dev/syd/sandbox/chroot:on"))
355:
356: (defun syd-disable-chroot ()
357: "Disable chroot sandboxing."
358: (syd--stat "/dev/syd/sandbox/chroot:off"))
359:
360: (defun syd-enabled-utime ()
361: "Checks if utime sandboxing is enabled."
362: (syd--stat "/dev/syd/sandbox/utime?"))
363:
364: (defun syd-enable-utime ()
365: "Enable utime sandboxing."
366: (syd--stat "/dev/syd/sandbox/utime:on"))
367:
368: (defun syd-disable-utime ()
369: "Disable utime sandboxing."
370: (syd--stat "/dev/syd/sandbox/utime:off"))
371:
372: (defun syd-enabled-mkbdev ()
373: "Checks if mkbdev sandboxing is enabled."
374: (syd--stat "/dev/syd/sandbox/mkbdev?"))
375:
376: (defun syd-enable-mkbdev ()
377: "Enable mkbdev sandboxing."
378: (syd--stat "/dev/syd/sandbox/mkbdev:on"))
379:
380: (defun syd-disable-mkbdev ()
381: "Disable mkbdev sandboxing."
382: (syd--stat "/dev/syd/sandbox/mkbdev:off"))
383:
384: (defun syd-enabled-mkcdev ()
385: "Checks if mkcdev sandboxing is enabled."
386: (syd--stat "/dev/syd/sandbox/mkcdev?"))
387:
388: (defun syd-enable-mkcdev ()
389: "Enable mkcdev sandboxing."
390: (syd--stat "/dev/syd/sandbox/mkcdev:on"))
391:
392: (defun syd-disable-mkcdev ()
393: "Disable mkcdev sandboxing."
394: (syd--stat "/dev/syd/sandbox/mkcdev:off"))
395:
396: (defun syd-enabled-mkfifo ()
397: "Checks if mkfifo sandboxing is enabled."
398: (syd--stat "/dev/syd/sandbox/mkfifo?"))
399:
400: (defun syd-enable-mkfifo ()
401: "Enable mkfifo sandboxing."
402: (syd--stat "/dev/syd/sandbox/mkfifo:on"))
403:
404: (defun syd-disable-mkfifo ()
405: "Disable mkfifo sandboxing."
406: (syd--stat "/dev/syd/sandbox/mkfifo:off"))
407:
408: (defun syd-enabled-mktemp ()
409: "Checks if mktemp sandboxing is enabled."
410: (syd--stat "/dev/syd/sandbox/mktemp?"))
411:
412: (defun syd-enable-mktemp ()
413: "Enable mktemp sandboxing."
414: (syd--stat "/dev/syd/sandbox/mktemp:on"))
415:
416: (defun syd-disable-mktemp ()
417: "Disable mktemp sandboxing."
418: (syd--stat "/dev/syd/sandbox/mktemp:off"))
419:
420: (defun syd-enabled-net ()
421: "Checks if Network sandboxing is enabled."
422: (syd--stat "/dev/syd/sandbox/net?"))
423:
424: (defun syd-enable-net ()
425: "Enable Network sandboxing."
426: (syd--stat "/dev/syd/sandbox/net:on"))
427:
428: (defun syd-disable-net ()
429: "Disable Network sandboxing."
430: (syd--stat "/dev/syd/sandbox/net:off"))
431:
432: (defun syd-enabled-lock ()
433: "Checks if lock sandboxing is enabled."
434: (syd--stat "/dev/syd/sandbox/lock?"))
435:
436: (defun syd-enabled-crypt ()
437: "Checks if crypt sandboxing is enabled."
438: (syd--stat "/dev/syd/sandbox/crypt?"))
439:
440: (defun syd-enabled-proxy ()
441: "Checks if proxy sandboxing is enabled."
442: (syd--stat "/dev/syd/sandbox/proxy?"))
443:
444: (defun syd-enabled-mem ()
445: "Checks if memory sandboxing is enabled."
446: (syd--stat "/dev/syd/sandbox/mem?"))
447:
448: (defun syd-enable-mem ()
449: "Enable memory sandboxing."
450: (syd--stat "/dev/syd/sandbox/mem:on"))
451:
452: (defun syd-disable-mem ()
453: "Disable memory sandboxing."
454: (syd--stat "/dev/syd/sandbox/mem:off"))
455:
456: (defun syd-enabled-pid ()
457: "Checks if PID sandboxing is enabled."
458: (syd--stat "/dev/syd/sandbox/pid?"))
459:
460: (defun syd-enable-pid ()
461: "Enable PID sandboxing."
462: (syd--stat "/dev/syd/sandbox/pid:on"))
463:
464: (defun syd-disable-pid ()
465: "Disable PID sandboxing."
466: (syd--stat "/dev/syd/sandbox/pid:off"))
467:
468: (defun syd-enabled-force ()
469: "Checks if force sandboxing is enabled."
470: (syd--stat "/dev/syd/sandbox/force?"))
471:
472: (defun syd-enable-force ()
473: "Enable force sandboxing."
474: (syd--stat "/dev/syd/sandbox/force:on"))
475:
476: (defun syd-disable-force ()
477: "Disable force sandboxing."
478: (syd--stat "/dev/syd/sandbox/force:off"))
479:
480: (defun syd-enabled-tpe ()
481: "Checks if TPE sandboxing is enabled."
482: (syd--stat "/dev/syd/sandbox/tpe?"))
483:
484: (defun syd-enable-tpe ()
485: "Enable TPE sandboxing."
486: (syd--stat "/dev/syd/sandbox/tpe:on"))
487:
488: (defun syd-disable-tpe ()
489: "Disable TPE sandboxing."
490: (syd--stat "/dev/syd/sandbox/tpe:off"))
491:
492: (defun syd-default-fs (action)
493: "Set default action for Filesystem sandboxing.
494: ACTION is a constant representing the sandboxing action."
495: (let ((action (cond
496: ((eq action :action-allow) "allow")
497: ((eq action :action-warn) "warn")
498: ((eq action :action-filter) "filter")
499: ((eq action :action-deny) "deny")
500: ((eq action :action-panic) "panic")
501: ((eq action :action-stop) "stop")
502: ((eq action :action-abort) "abort")
503: ((eq action :action-kill) "kill")
504: ((eq action :action-exit) "exit"))))
505: ; Only proceed if action is not nil
506: (when action
507: (let ((cmd (format "/dev/syd/default/fs:%s" action)))
508: ; Call syd--stat with the command
509: (syd--stat cmd)))))
510:
511: (defun syd-default-walk (action)
512: "Set default action for Walk sandboxing.
513: ACTION is a constant representing the sandboxing action."
514: (let ((action (cond
515: ((eq action :action-allow) "allow")
516: ((eq action :action-warn) "warn")
517: ((eq action :action-filter) "filter")
518: ((eq action :action-deny) "deny")
519: ((eq action :action-panic) "panic")
520: ((eq action :action-stop) "stop")
521: ((eq action :action-abort) "abort")
522: ((eq action :action-kill) "kill")
523: ((eq action :action-exit) "exit"))))
524: ; Only proceed if action is not nil
525: (when action
526: (let ((cmd (format "/dev/syd/default/walk:%s" action)))
527: ; Call syd--stat with the command
528: (syd--stat cmd)))))
529:
530: (defun syd-default-stat (action)
531: "Set default action for Stat sandboxing.
532: ACTION is a constant representing the sandboxing action."
533: (let ((action (cond
534: ((eq action :action-allow) "allow")
535: ((eq action :action-warn) "warn")
536: ((eq action :action-filter) "filter")
537: ((eq action :action-deny) "deny")
538: ((eq action :action-panic) "panic")
539: ((eq action :action-stop) "stop")
540: ((eq action :action-abort) "abort")
541: ((eq action :action-kill) "kill")
542: ((eq action :action-exit) "exit"))))
543: ; Only proceed if action is not nil
544: (when action
545: (let ((cmd (format "/dev/syd/default/stat:%s" action)))
546: ; Call syd--stat with the command
547: (syd--stat cmd)))))
548:
549: (defun syd-default-read (action)
550: "Set default action for Read sandboxing.
551: ACTION is a constant representing the sandboxing action."
552: (let ((action (cond
553: ((eq action :action-allow) "allow")
554: ((eq action :action-warn) "warn")
555: ((eq action :action-filter) "filter")
556: ((eq action :action-deny) "deny")
557: ((eq action :action-panic) "panic")
558: ((eq action :action-stop) "stop")
559: ((eq action :action-abort) "abort")
560: ((eq action :action-kill) "kill")
561: ((eq action :action-exit) "exit"))))
562: ; Only proceed if action is not nil
563: (when action
564: (let ((cmd (format "/dev/syd/default/read:%s" action)))
565: ; Call syd--stat with the command
566: (syd--stat cmd)))))
567:
568: (defun syd-default-write (action)
569: "Set default action for Write sandboxing.
570: ACTION is a constant representing the sandboxing action."
571: (let ((action (cond
572: ((eq action :action-allow) "allow")
573: ((eq action :action-warn) "warn")
574: ((eq action :action-filter) "filter")
575: ((eq action :action-deny) "deny")
576: ((eq action :action-panic) "panic")
577: ((eq action :action-stop) "stop")
578: ((eq action :action-abort) "abort")
579: ((eq action :action-kill) "kill")
580: ((eq action :action-exit) "exit"))))
581: ; Only proceed if action is not nil
582: (when action
583: (let ((cmd (format "/dev/syd/default/write:%s" action)))
584: ; Call syd--write with the command
585: (syd--stat cmd)))))
586:
587: (defun syd-default-exec (action)
588: "Set default action for Exec sandboxing.
589: ACTION is a constant representing the sandboxing action."
590: (let ((action (cond
591: ((eq action :action-allow) "allow")
592: ((eq action :action-warn) "warn")
593: ((eq action :action-filter) "filter")
594: ((eq action :action-deny) "deny")
595: ((eq action :action-panic) "panic")
596: ((eq action :action-stop) "stop")
597: ((eq action :action-abort) "abort")
598: ((eq action :action-kill) "kill")
599: ((eq action :action-exit) "exit"))))
600: ; Only proceed if action is not nil
601: (when action
602: (let ((cmd (format "/dev/syd/default/exec:%s" action)))
603: ; Call syd--exec with the command
604: (syd--stat cmd)))))
605:
606: (defun syd-default-ioctl (action)
607: "Set default action for Ioctl sandboxing.
608: ACTION is a constant representing the sandboxing action."
609: (let ((action (cond
610: ((eq action :action-allow) "allow")
611: ((eq action :action-warn) "warn")
612: ((eq action :action-filter) "filter")
613: ((eq action :action-deny) "deny")
614: ((eq action :action-panic) "panic")
615: ((eq action :action-stop) "stop")
616: ((eq action :action-abort) "abort")
617: ((eq action :action-kill) "kill")
618: ((eq action :action-exit) "exit"))))
619: ; Only proceed if action is not nil
620: (when action
621: (let ((cmd (format "/dev/syd/default/ioctl:%s" action)))
622: ; Call syd--ioctl with the command
623: (syd--stat cmd)))))
624:
625: (defun syd-default-create (action)
626: "Set default action for Create sandboxing.
627: ACTION is a constant representing the sandboxing action."
628: (let ((action (cond
629: ((eq action :action-allow) "allow")
630: ((eq action :action-warn) "warn")
631: ((eq action :action-filter) "filter")
632: ((eq action :action-deny) "deny")
633: ((eq action :action-panic) "panic")
634: ((eq action :action-stop) "stop")
635: ((eq action :action-abort) "abort")
636: ((eq action :action-kill) "kill")
637: ((eq action :action-exit) "exit"))))
638: ; Only proceed if action is not nil
639: (when action
640: (let ((cmd (format "/dev/syd/default/create:%s" action)))
641: ; Call syd--stat with the command
642: (syd--stat cmd)))))
643:
644: (defun syd-default-delete (action)
645: "Set default action for Delete sandboxing.
646: ACTION is a constant representing the sandboxing action."
647: (let ((action (cond
648: ((eq action :action-allow) "allow")
649: ((eq action :action-warn) "warn")
650: ((eq action :action-filter) "filter")
651: ((eq action :action-deny) "deny")
652: ((eq action :action-panic) "panic")
653: ((eq action :action-stop) "stop")
654: ((eq action :action-abort) "abort")
655: ((eq action :action-kill) "kill")
656: ((eq action :action-exit) "exit"))))
657: ; Only proceed if action is not nil
658: (when action
659: (let ((cmd (format "/dev/syd/default/delete:%s" action)))
660: ; Call syd--stat with the command
661: (syd--stat cmd)))))
662:
663: (defun syd-default-rename (action)
664: "Set default action for rename sandboxing.
665: ACTION is a constant representing the sandboxing action."
666: (let ((action (cond
667: ((eq action :action-allow) "allow")
668: ((eq action :action-warn) "warn")
669: ((eq action :action-filter) "filter")
670: ((eq action :action-deny) "deny")
671: ((eq action :action-panic) "panic")
672: ((eq action :action-stop) "stop")
673: ((eq action :action-abort) "abort")
674: ((eq action :action-kill) "kill")
675: ((eq action :action-exit) "exit"))))
676: ; Only proceed if action is not nil
677: (when action
678: (let ((cmd (format "/dev/syd/default/rename:%s" action)))
679: ; Call syd--stat with the command
680: (syd--stat cmd)))))
681:
682: (defun syd-default-symlink (action)
683: "Set default action for symlink sandboxing.
684: ACTION is a constant representing the sandboxing action."
685: (let ((action (cond
686: ((eq action :action-allow) "allow")
687: ((eq action :action-warn) "warn")
688: ((eq action :action-filter) "filter")
689: ((eq action :action-deny) "deny")
690: ((eq action :action-panic) "panic")
691: ((eq action :action-stop) "stop")
692: ((eq action :action-abort) "abort")
693: ((eq action :action-kill) "kill")
694: ((eq action :action-exit) "exit"))))
695: ; Only proceed if action is not nil
696: (when action
697: (let ((cmd (format "/dev/syd/default/symlink:%s" action)))
698: ; Call syd--stat with the command
699: (syd--stat cmd)))))
700:
701: (defun syd-default-truncate (action)
702: "Set default action for Truncate sandboxing.
703: ACTION is a constant representing the sandboxing action."
704: (let ((action (cond
705: ((eq action :action-allow) "allow")
706: ((eq action :action-warn) "warn")
707: ((eq action :action-filter) "filter")
708: ((eq action :action-deny) "deny")
709: ((eq action :action-panic) "panic")
710: ((eq action :action-stop) "stop")
711: ((eq action :action-abort) "abort")
712: ((eq action :action-kill) "kill")
713: ((eq action :action-exit) "exit"))))
714: ; Only proceed if action is not nil
715: (when action
716: (let ((cmd (format "/dev/syd/default/truncate:%s" action)))
717: ; Call syd--truncate with the command
718: (syd--stat cmd)))))
719:
720: (defun syd-default-chdir (action)
721: "Set default action for chdir sandboxing.
722: ACTION is a constant representing the sandboxing action."
723: (let ((action (cond
724: ((eq action :action-allow) "allow")
725: ((eq action :action-warn) "warn")
726: ((eq action :action-filter) "filter")
727: ((eq action :action-deny) "deny")
728: ((eq action :action-panic) "panic")
729: ((eq action :action-stop) "stop")
730: ((eq action :action-abort) "abort")
731: ((eq action :action-kill) "kill")
732: ((eq action :action-exit) "exit"))))
733: ; Only proceed if action is not nil
734: (when action
735: (let ((cmd (format "/dev/syd/default/chdir:%s" action)))
736: ; Call syd--chdir with the command
737: (syd--stat cmd)))))
738:
739: (defun syd-default-readdir (action)
740: "Set default action for readdir sandboxing.
741: ACTION is a constant representing the sandboxing action."
742: (let ((action (cond
743: ((eq action :action-allow) "allow")
744: ((eq action :action-warn) "warn")
745: ((eq action :action-filter) "filter")
746: ((eq action :action-deny) "deny")
747: ((eq action :action-panic) "panic")
748: ((eq action :action-stop) "stop")
749: ((eq action :action-abort) "abort")
750: ((eq action :action-kill) "kill")
751: ((eq action :action-exit) "exit"))))
752: ; Only proceed if action is not nil
753: (when action
754: (let ((cmd (format "/dev/syd/default/readdir:%s" action)))
755: ; Call syd--readdir with the command
756: (syd--stat cmd)))))
757:
758: (defun syd-default-mkdir (action)
759: "Set default action for mkdir sandboxing.
760: ACTION is a constant representing the sandboxing action."
761: (let ((action (cond
762: ((eq action :action-allow) "allow")
763: ((eq action :action-warn) "warn")
764: ((eq action :action-filter) "filter")
765: ((eq action :action-deny) "deny")
766: ((eq action :action-panic) "panic")
767: ((eq action :action-stop) "stop")
768: ((eq action :action-abort) "abort")
769: ((eq action :action-kill) "kill")
770: ((eq action :action-exit) "exit"))))
771: ; Only proceed if action is not nil
772: (when action
773: (let ((cmd (format "/dev/syd/default/mkdir:%s" action)))
774: ; Call syd--mkdir with the command
775: (syd--stat cmd)))))
776:
777: (defun syd-default-rmdir (action)
778: "Set default action for rmdir sandboxing.
779: ACTION is a constant representing the sandboxing action."
780: (let ((action (cond
781: ((eq action :action-allow) "allow")
782: ((eq action :action-warn) "warn")
783: ((eq action :action-filter) "filter")
784: ((eq action :action-deny) "deny")
785: ((eq action :action-panic) "panic")
786: ((eq action :action-stop) "stop")
787: ((eq action :action-abort) "abort")
788: ((eq action :action-kill) "kill")
789: ((eq action :action-exit) "exit"))))
790: ; Only proceed if action is not nil
791: (when action
792: (let ((cmd (format "/dev/syd/default/rmdir:%s" action)))
793: ; Call syd--rmdir with the command
794: (syd--stat cmd)))))
795:
796: (defun syd-default-chown (action)
797: "Set default action for Chown sandboxing.
798: ACTION is a constant representing the sandboxing action."
799: (let ((action (cond
800: ((eq action :action-allow) "allow")
801: ((eq action :action-warn) "warn")
802: ((eq action :action-filter) "filter")
803: ((eq action :action-deny) "deny")
804: ((eq action :action-panic) "panic")
805: ((eq action :action-stop) "stop")
806: ((eq action :action-abort) "abort")
807: ((eq action :action-kill) "kill")
808: ((eq action :action-exit) "exit"))))
809: ; Only proceed if action is not nil
810: (when action
811: (let ((cmd (format "/dev/syd/default/chown:%s" action)))
812: ; Call syd--stat with the command
813: (syd--stat cmd)))))
814:
815: (defun syd-default-chgrp (action)
816: "Set default action for Chgrp sandboxing.
817: ACTION is a constant representing the sandboxing action."
818: (let ((action (cond
819: ((eq action :action-allow) "allow")
820: ((eq action :action-warn) "warn")
821: ((eq action :action-filter) "filter")
822: ((eq action :action-deny) "deny")
823: ((eq action :action-panic) "panic")
824: ((eq action :action-stop) "stop")
825: ((eq action :action-abort) "abort")
826: ((eq action :action-kill) "kill")
827: ((eq action :action-exit) "exit"))))
828: ; Only proceed if action is not nil
829: (when action
830: (let ((cmd (format "/dev/syd/default/chgrp:%s" action)))
831: ; Call syd--stat with the command
832: (syd--stat cmd)))))
833:
834: (defun syd-default-chmod (action)
835: "Set default action for chmod sandboxing.
836: ACTION is a constant representing the sandboxing action."
837: (let ((action (cond
838: ((eq action :action-allow) "allow")
839: ((eq action :action-warn) "warn")
840: ((eq action :action-filter) "filter")
841: ((eq action :action-deny) "deny")
842: ((eq action :action-panic) "panic")
843: ((eq action :action-stop) "stop")
844: ((eq action :action-abort) "abort")
845: ((eq action :action-kill) "kill")
846: ((eq action :action-exit) "exit"))))
847: ; Only proceed if action is not nil
848: (when action
849: (let ((cmd (format "/dev/syd/default/chmod:%s" action)))
850: ; Call syd--stat with the command
851: (syd--stat cmd)))))
852:
853: (defun syd-default-chattr (action)
854: "Set default action for chattr sandboxing.
855: ACTION is a constant representing the sandboxing action."
856: (let ((action (cond
857: ((eq action :action-allow) "allow")
858: ((eq action :action-warn) "warn")
859: ((eq action :action-filter) "filter")
860: ((eq action :action-deny) "deny")
861: ((eq action :action-panic) "panic")
862: ((eq action :action-stop) "stop")
863: ((eq action :action-abort) "abort")
864: ((eq action :action-kill) "kill")
865: ((eq action :action-exit) "exit"))))
866: ; Only proceed if action is not nil
867: (when action
868: (let ((cmd (format "/dev/syd/default/chattr:%s" action)))
869: ; Call syd--stat with the command
870: (syd--stat cmd)))))
871:
872: (defun syd-default-chroot (action)
873: "Set default action for chroot sandboxing.
874: ACTION is a constant representing the sandboxing action."
875: (let ((action (cond
876: ((eq action :action-allow) "allow")
877: ((eq action :action-warn) "warn")
878: ((eq action :action-filter) "filter")
879: ((eq action :action-deny) "deny")
880: ((eq action :action-panic) "panic")
881: ((eq action :action-stop) "stop")
882: ((eq action :action-abort) "abort")
883: ((eq action :action-kill) "kill")
884: ((eq action :action-exit) "exit"))))
885: ; Only proceed if action is not nil
886: (when action
887: (let ((cmd (format "/dev/syd/default/chroot:%s" action)))
888: ; Call syd--stat with the command
889: (syd--stat cmd)))))
890:
891: (defun syd-default-utime (action)
892: "Set default action for utime sandboxing.
893: ACTION is a constant representing the sandboxing action."
894: (let ((action (cond
895: ((eq action :action-allow) "allow")
896: ((eq action :action-warn) "warn")
897: ((eq action :action-filter) "filter")
898: ((eq action :action-deny) "deny")
899: ((eq action :action-panic) "panic")
900: ((eq action :action-stop) "stop")
901: ((eq action :action-abort) "abort")
902: ((eq action :action-kill) "kill")
903: ((eq action :action-exit) "exit"))))
904: ; Only proceed if action is not nil
905: (when action
906: (let ((cmd (format "/dev/syd/default/utime:%s" action)))
907: ; Call syd--stat with the command
908: (syd--stat cmd)))))
909:
910: (defun syd-default-mkbdev (action)
911: "Set default action for mkbdev sandboxing.
912: ACTION is a constant representing the sandboxing action."
913: (let ((action (cond
914: ((eq action :action-allow) "allow")
915: ((eq action :action-warn) "warn")
916: ((eq action :action-filter) "filter")
917: ((eq action :action-deny) "deny")
918: ((eq action :action-panic) "panic")
919: ((eq action :action-stop) "stop")
920: ((eq action :action-abort) "abort")
921: ((eq action :action-kill) "kill")
922: ((eq action :action-exit) "exit"))))
923: ; Only proceed if action is not nil
924: (when action
925: (let ((cmd (format "/dev/syd/default/mkbdev:%s" action)))
926: ; Call syd--stat with the command
927: (syd--stat cmd)))))
928:
929: (defun syd-default-mkcdev (action)
930: "Set default action for mkcdev sandboxing.
931: ACTION is a constant representing the sandboxing action."
932: (let ((action (cond
933: ((eq action :action-allow) "allow")
934: ((eq action :action-warn) "warn")
935: ((eq action :action-filter) "filter")
936: ((eq action :action-deny) "deny")
937: ((eq action :action-panic) "panic")
938: ((eq action :action-stop) "stop")
939: ((eq action :action-abort) "abort")
940: ((eq action :action-kill) "kill")
941: ((eq action :action-exit) "exit"))))
942: ; Only proceed if action is not nil
943: (when action
944: (let ((cmd (format "/dev/syd/default/mkcdev:%s" action)))
945: ; Call syd--stat with the command
946: (syd--stat cmd)))))
947:
948: (defun syd-default-mkfifo (action)
949: "Set default action for mkfifo sandboxing.
950: ACTION is a constant representing the sandboxing action."
951: (let ((action (cond
952: ((eq action :action-allow) "allow")
953: ((eq action :action-warn) "warn")
954: ((eq action :action-filter) "filter")
955: ((eq action :action-deny) "deny")
956: ((eq action :action-panic) "panic")
957: ((eq action :action-stop) "stop")
958: ((eq action :action-abort) "abort")
959: ((eq action :action-kill) "kill")
960: ((eq action :action-exit) "exit"))))
961: ; Only proceed if action is not nil
962: (when action
963: (let ((cmd (format "/dev/syd/default/mkfifo:%s" action)))
964: ; Call syd--stat with the command
965: (syd--stat cmd)))))
966:
967: (defun syd-default-mktemp (action)
968: "Set default action for mktemp sandboxing.
969: ACTION is a constant representing the sandboxing action."
970: (let ((action (cond
971: ((eq action :action-allow) "allow")
972: ((eq action :action-warn) "warn")
973: ((eq action :action-filter) "filter")
974: ((eq action :action-deny) "deny")
975: ((eq action :action-panic) "panic")
976: ((eq action :action-stop) "stop")
977: ((eq action :action-abort) "abort")
978: ((eq action :action-kill) "kill")
979: ((eq action :action-exit) "exit"))))
980: ; Only proceed if action is not nil
981: (when action
982: (let ((cmd (format "/dev/syd/default/mktemp:%s" action)))
983: ; Call syd--stat with the command
984: (syd--stat cmd)))))
985:
986: (defun syd-default-net (action)
987: "Set default action for Network sandboxing.
988: ACTION is a constant representing the sandboxing action."
989: (let ((action (cond
990: ((eq action :action-allow) "allow")
991: ((eq action :action-warn) "warn")
992: ((eq action :action-filter) "filter")
993: ((eq action :action-deny) "deny")
994: ((eq action :action-panic) "panic")
995: ((eq action :action-stop) "stop")
996: ((eq action :action-abort) "abort")
997: ((eq action :action-kill) "kill")
998: ((eq action :action-exit) "exit"))))
999: ; Only proceed if action is not nil
1000: (when action
1001: (let ((cmd (format "/dev/syd/default/net:%s" action)))
1002: ; Call syd--net with the command
1003: (syd--stat cmd)))))
1004:
1005: ; TODO: syd-default-block!
1006:
1007: (defun syd-default-mem (action)
1008: "Set default action for Memory sandboxing.
1009: ACTION is a constant representing the sandboxing action."
1010: (let ((action (cond
1011: ((eq action :action-allow) "allow")
1012: ((eq action :action-warn) "warn")
1013: ((eq action :action-filter) "filter")
1014: ((eq action :action-deny) "deny")
1015: ((eq action :action-panic) "panic")
1016: ((eq action :action-stop) "stop")
1017: ((eq action :action-abort) "abort")
1018: ((eq action :action-kill) "kill")
1019: ((eq action :action-exit) "exit"))))
1020: ; Only proceed if action is not nil
1021: (when action
1022: (let ((cmd (format "/dev/syd/default/mem:%s" action)))
1023: ; Call syd--net with the command
1024: (syd--stat cmd)))))
1025:
1026: (defun syd-default-pid (action)
1027: "Set default action for PID sandboxing.
1028: ACTION is a constant representing the sandboxing action."
1029: (let ((action (cond
1030: ((eq action :action-allow) "allow")
1031: ((eq action :action-warn) "warn")
1032: ((eq action :action-filter) "filter")
1033: ((eq action :action-deny) "deny")
1034: ((eq action :action-panic) "panic")
1035: ((eq action :action-stop) "stop")
1036: ((eq action :action-abort) "abort")
1037: ((eq action :action-kill) "kill")
1038: ((eq action :action-exit) "exit"))))
1039: ; Only proceed if action is not nil
1040: (when action
1041: (let ((cmd (format "/dev/syd/default/pid:%s" action)))
1042: ; Call syd--net with the command
1043: (syd--stat cmd)))))
1044:
1045: (defun syd-default-force (action)
1046: "Set default action for Force sandboxing.
1047: ACTION is a constant representing the sandboxing action."
1048: (let ((action (cond
1049: ((eq action :action-allow) "allow")
1050: ((eq action :action-warn) "warn")
1051: ((eq action :action-filter) "filter")
1052: ((eq action :action-deny) "deny")
1053: ((eq action :action-panic) "panic")
1054: ((eq action :action-stop) "stop")
1055: ((eq action :action-abort) "abort")
1056: ((eq action :action-kill) "kill")
1057: ((eq action :action-exit) "exit"))))
1058: ; Only proceed if action is not nil
1059: (when action
1060: (let ((cmd (format "/dev/syd/default/force:%s" action)))
1061: ; Call syd--net with the command
1062: (syd--stat cmd)))))
1063:
1064: (defun syd-default-segvguard (action)
1065: "Set default action for SegvGuard.
1066: ACTION is a constant representing the sandboxing action."
1067: (let ((action (cond
1068: ((eq action :action-allow) "allow")
1069: ((eq action :action-warn) "warn")
1070: ((eq action :action-filter) "filter")
1071: ((eq action :action-deny) "deny")
1072: ((eq action :action-panic) "panic")
1073: ((eq action :action-stop) "stop")
1074: ((eq action :action-abort) "abort")
1075: ((eq action :action-kill) "kill")
1076: ((eq action :action-exit) "exit"))))
1077: ; Only proceed if action is not nil
1078: (when action
1079: (let ((cmd (format "/dev/syd/default/segvguard:%s" action)))
1080: ; Call syd--net with the command
1081: (syd--stat cmd)))))
1082:
1083: (defun syd-default-tpe (action)
1084: "Set default action for TPE sandboxing.
1085: ACTION is a constant representing the sandboxing action."
1086: (let ((action (cond
1087: ((eq action :action-allow) "allow")
1088: ((eq action :action-warn) "warn")
1089: ((eq action :action-filter) "filter")
1090: ((eq action :action-deny) "deny")
1091: ((eq action :action-panic) "panic")
1092: ((eq action :action-stop) "stop")
1093: ((eq action :action-abort) "abort")
1094: ((eq action :action-kill) "kill")
1095: ((eq action :action-exit) "exit"))))
1096: ; Only proceed if action is not nil
1097: (when action
1098: (let ((cmd (format "/dev/syd/default/tpe:%s" action)))
1099: ; Call syd--net with the command
1100: (syd--stat cmd)))))
1101:
1102: (defun syd-ioctl-deny (request)
1103: "Adds a request to the _ioctl_(2) denylist.
1104: REQUEST is the _ioctl_(2) request number to add to the denylist."
1105: (unless (numberp request)
1106: (error "Request must be a number"))
1107: (let ((path (format "/dev/syd/ioctl/deny+%d" request)))
1108: (syd--stat path)))
1109:
1110: (defun syd-fs-add (action glob)
1111: "Adds to the given actionlist of Filesystem sandboxing.
1112: ACTION is a constant representing the sandboxing action.
1113: GLOB is a string representing the glob pattern."
1114: (let ((action (cond
1115: ((eq action :action-allow) "allow")
1116: ((eq action :action-warn) "warn")
1117: ((eq action :action-filter) "filter")
1118: ((eq action :action-deny) "deny")
1119: ((eq action :action-panic) "panic")
1120: ((eq action :action-stop) "stop")
1121: ((eq action :action-abort) "abort")
1122: ((eq action :action-kill) "kill")
1123: ((eq action :action-exit) "exit"))))
1124: ; Only proceed if action is not nil
1125: (when action
1126: ; Create the command string
1127: (let ((cmd (format "%s/fs" action)))
1128: ; Call syd--stat with the command
1129: (syd--stat (syd--rule cmd glob ?+))))))
1130:
1131: (defun syd-fs-del (action glob)
1132: "Removes the first matching entry from the end of the given actionlist
1133: of Filesystem sandboxing.
1134: ACTION is a constant representing the sandboxing action.
1135: GLOB is a string representing the glob pattern."
1136: (let ((action (cond
1137: ((eq action :action-allow) "allow")
1138: ((eq action :action-warn) "warn")
1139: ((eq action :action-filter) "filter")
1140: ((eq action :action-deny) "deny")
1141: ((eq action :action-panic) "panic")
1142: ((eq action :action-stop) "stop")
1143: ((eq action :action-abort) "abort")
1144: ((eq action :action-kill) "kill")
1145: ((eq action :action-exit) "exit"))))
1146: ; Only proceed if action is not nil
1147: (when action
1148: ; Create the command string
1149: (let ((cmd (format "%s/fs" action)))
1150: ; Call syd--stat with the command
1151: (syd--stat (syd--rule cmd glob ?-))))))
1152:
1153: (defun syd-fs-rem (action glob)
1154: "Removes all matching entries from the given actionlist of Filesystem sandboxing.
1155: ACTION is a constant representing the sandboxing action.
1156: GLOB is a string representing the glob pattern."
1157: (let ((action (cond
1158: ((eq action :action-allow) "allow")
1159: ((eq action :action-warn) "warn")
1160: ((eq action :action-filter) "filter")
1161: ((eq action :action-deny) "deny")
1162: ((eq action :action-panic) "panic")
1163: ((eq action :action-stop) "stop")
1164: ((eq action :action-abort) "abort")
1165: ((eq action :action-kill) "kill")
1166: ((eq action :action-exit) "exit"))))
1167: ; Only proceed if action is not nil
1168: (when action
1169: ; Create the command string
1170: (let ((cmd (format "%s/fs" action)))
1171: ; Call syd--stat with the command
1172: (syd--stat (syd--rule cmd glob ?^))))))
1173:
1174: (defun syd-walk-add (action glob)
1175: "Adds to the given actionlist of walk sandboxing.
1176: ACTION is a constant representing the sandboxing action.
1177: GLOB is a string representing the glob pattern."
1178: (let ((action (cond
1179: ((eq action :action-allow) "allow")
1180: ((eq action :action-warn) "warn")
1181: ((eq action :action-filter) "filter")
1182: ((eq action :action-deny) "deny")
1183: ((eq action :action-panic) "panic")
1184: ((eq action :action-stop) "stop")
1185: ((eq action :action-abort) "abort")
1186: ((eq action :action-kill) "kill")
1187: ((eq action :action-exit) "exit"))))
1188: ; Only proceed if action is not nil
1189: (when action
1190: ; Create the command string
1191: (let ((cmd (format "%s/walk" action)))
1192: ; Call syd--stat with the command
1193: (syd--stat (syd--rule cmd glob ?+))))))
1194:
1195: (defun syd-walk-del (action glob)
1196: "Removes the first matching entry from the end of the given actionlist
1197: of walk sandboxing.
1198: ACTION is a constant representing the sandboxing action.
1199: GLOB is a string representing the glob pattern."
1200: (let ((action (cond
1201: ((eq action :action-allow) "allow")
1202: ((eq action :action-warn) "warn")
1203: ((eq action :action-filter) "filter")
1204: ((eq action :action-deny) "deny")
1205: ((eq action :action-panic) "panic")
1206: ((eq action :action-stop) "stop")
1207: ((eq action :action-abort) "abort")
1208: ((eq action :action-kill) "kill")
1209: ((eq action :action-exit) "exit"))))
1210: ; Only proceed if action is not nil
1211: (when action
1212: ; Create the command string
1213: (let ((cmd (format "%s/walk" action)))
1214: ; Call syd--stat with the command
1215: (syd--stat (syd--rule cmd glob ?-))))))
1216:
1217: (defun syd-walk-rem (action glob)
1218: "Removes all matching entries from the given actionlist of walk sandboxing.
1219: ACTION is a constant representing the sandboxing action.
1220: GLOB is a string representing the glob pattern."
1221: (let ((action (cond
1222: ((eq action :action-allow) "allow")
1223: ((eq action :action-warn) "warn")
1224: ((eq action :action-filter) "filter")
1225: ((eq action :action-deny) "deny")
1226: ((eq action :action-panic) "panic")
1227: ((eq action :action-stop) "stop")
1228: ((eq action :action-abort) "abort")
1229: ((eq action :action-kill) "kill")
1230: ((eq action :action-exit) "exit"))))
1231: ; Only proceed if action is not nil
1232: (when action
1233: ; Create the command string
1234: (let ((cmd (format "%s/walk" action)))
1235: ; Call syd--stat with the command
1236: (syd--stat (syd--rule cmd glob ?^))))))
1237:
1238: (defun syd-stat-add (action glob)
1239: "Adds to the given actionlist of stat sandboxing.
1240: ACTION is a constant representing the sandboxing action.
1241: GLOB is a string representing the glob pattern."
1242: (let ((action (cond
1243: ((eq action :action-allow) "allow")
1244: ((eq action :action-warn) "warn")
1245: ((eq action :action-filter) "filter")
1246: ((eq action :action-deny) "deny")
1247: ((eq action :action-panic) "panic")
1248: ((eq action :action-stop) "stop")
1249: ((eq action :action-abort) "abort")
1250: ((eq action :action-kill) "kill")
1251: ((eq action :action-exit) "exit"))))
1252: ; Only proceed if action is not nil
1253: (when action
1254: ; Create the command string
1255: (let ((cmd (format "%s/stat" action)))
1256: ; Call syd--stat with the command
1257: (syd--stat (syd--rule cmd glob ?+))))))
1258:
1259: (defun syd-stat-del (action glob)
1260: "Removes the first matching entry from the end of the given actionlist
1261: of stat sandboxing.
1262: ACTION is a constant representing the sandboxing action.
1263: GLOB is a string representing the glob pattern."
1264: (let ((action (cond
1265: ((eq action :action-allow) "allow")
1266: ((eq action :action-warn) "warn")
1267: ((eq action :action-filter) "filter")
1268: ((eq action :action-deny) "deny")
1269: ((eq action :action-panic) "panic")
1270: ((eq action :action-stop) "stop")
1271: ((eq action :action-abort) "abort")
1272: ((eq action :action-kill) "kill")
1273: ((eq action :action-exit) "exit"))))
1274: ; Only proceed if action is not nil
1275: (when action
1276: ; Create the command string
1277: (let ((cmd (format "%s/stat" action)))
1278: ; Call syd--stat with the command
1279: (syd--stat (syd--rule cmd glob ?-))))))
1280:
1281: (defun syd-stat-rem (action glob)
1282: "Removes all matching entries from the given actionlist of stat sandboxing.
1283: ACTION is a constant representing the sandboxing action.
1284: GLOB is a string representing the glob pattern."
1285: (let ((action (cond
1286: ((eq action :action-allow) "allow")
1287: ((eq action :action-warn) "warn")
1288: ((eq action :action-filter) "filter")
1289: ((eq action :action-deny) "deny")
1290: ((eq action :action-panic) "panic")
1291: ((eq action :action-stop) "stop")
1292: ((eq action :action-abort) "abort")
1293: ((eq action :action-kill) "kill")
1294: ((eq action :action-exit) "exit"))))
1295: ; Only proceed if action is not nil
1296: (when action
1297: ; Create the command string
1298: (let ((cmd (format "%s/stat" action)))
1299: ; Call syd--stat with the command
1300: (syd--stat (syd--rule cmd glob ?^))))))
1301:
1302: (defun syd-read-add (action glob)
1303: "Adds to the given actionlist of read sandboxing.
1304: ACTION is a constant representing the sandboxing action.
1305: GLOB is a string representing the glob pattern."
1306: (let ((action (cond
1307: ((eq action :action-allow) "allow")
1308: ((eq action :action-warn) "warn")
1309: ((eq action :action-filter) "filter")
1310: ((eq action :action-deny) "deny")
1311: ((eq action :action-panic) "panic")
1312: ((eq action :action-stop) "stop")
1313: ((eq action :action-abort) "abort")
1314: ((eq action :action-kill) "kill")
1315: ((eq action :action-exit) "exit"))))
1316: ; Only proceed if action is not nil
1317: (when action
1318: ; Create the command string
1319: (let ((cmd (format "%s/read" action)))
1320: ; Call syd--stat with the command
1321: (syd--stat (syd--rule cmd glob ?+))))))
1322:
1323: (defun syd-read-del (action glob)
1324: "Removes the first matching entry from the end of the given actionlist
1325: of read sandboxing.
1326: ACTION is a constant representing the sandboxing action.
1327: GLOB is a string representing the glob pattern."
1328: (let ((action (cond
1329: ((eq action :action-allow) "allow")
1330: ((eq action :action-warn) "warn")
1331: ((eq action :action-filter) "filter")
1332: ((eq action :action-deny) "deny")
1333: ((eq action :action-panic) "panic")
1334: ((eq action :action-stop) "stop")
1335: ((eq action :action-abort) "abort")
1336: ((eq action :action-kill) "kill")
1337: ((eq action :action-exit) "exit"))))
1338: ; Only proceed if action is not nil
1339: (when action
1340: ; Create the command string
1341: (let ((cmd (format "%s/read" action)))
1342: ; Call syd--stat with the command
1343: (syd--stat (syd--rule cmd glob ?-))))))
1344:
1345: (defun syd-read-rem (action glob)
1346: "Removes all matching entries from the given actionlist of read sandboxing.
1347: ACTION is a constant representing the sandboxing action.
1348: GLOB is a string representing the glob pattern."
1349: (let ((action (cond
1350: ((eq action :action-allow) "allow")
1351: ((eq action :action-warn) "warn")
1352: ((eq action :action-filter) "filter")
1353: ((eq action :action-deny) "deny")
1354: ((eq action :action-panic) "panic")
1355: ((eq action :action-stop) "stop")
1356: ((eq action :action-abort) "abort")
1357: ((eq action :action-kill) "kill")
1358: ((eq action :action-exit) "exit"))))
1359: ; Only proceed if action is not nil
1360: (when action
1361: ; Create the command string
1362: (let ((cmd (format "%s/read" action)))
1363: ; Call syd--stat with the command
1364: (syd--stat (syd--rule cmd glob ?^))))))
1365:
1366: (defun syd-write-add (action glob)
1367: "Adds to the given actionlist of write sandboxing.
1368: ACTION is a constant representing the sandboxing action.
1369: GLOB is a string representing the glob pattern."
1370: (let ((action (cond
1371: ((eq action :action-allow) "allow")
1372: ((eq action :action-warn) "warn")
1373: ((eq action :action-filter) "filter")
1374: ((eq action :action-deny) "deny")
1375: ((eq action :action-panic) "panic")
1376: ((eq action :action-stop) "stop")
1377: ((eq action :action-abort) "abort")
1378: ((eq action :action-kill) "kill")
1379: ((eq action :action-exit) "exit"))))
1380: ; Only proceed if action is not nil
1381: (when action
1382: ; Create the command string
1383: (let ((cmd (format "%s/write" action)))
1384: ; Call syd--stat with the command
1385: (syd--stat (syd--rule cmd glob ?+))))))
1386:
1387: (defun syd-write-del (action glob)
1388: "Removes the first matching entry from the end of the given actionlist
1389: of write sandboxing.
1390: ACTION is a constant representing the sandboxing action.
1391: GLOB is a string representing the glob pattern."
1392: (let ((action (cond
1393: ((eq action :action-allow) "allow")
1394: ((eq action :action-warn) "warn")
1395: ((eq action :action-filter) "filter")
1396: ((eq action :action-deny) "deny")
1397: ((eq action :action-panic) "panic")
1398: ((eq action :action-stop) "stop")
1399: ((eq action :action-abort) "abort")
1400: ((eq action :action-kill) "kill")
1401: ((eq action :action-exit) "exit"))))
1402: ; Only proceed if action is not nil
1403: (when action
1404: ; Create the command string
1405: (let ((cmd (format "%s/write" action)))
1406: ; Call syd--stat with the command
1407: (syd--stat (syd--rule cmd glob ?-))))))
1408:
1409: (defun syd-write-rem (action glob)
1410: "Removes all matching entries from the given actionlist of write sandboxing.
1411: ACTION is a constant representing the sandboxing action.
1412: GLOB is a string representing the glob pattern."
1413: (let ((action (cond
1414: ((eq action :action-allow) "allow")
1415: ((eq action :action-warn) "warn")
1416: ((eq action :action-filter) "filter")
1417: ((eq action :action-deny) "deny")
1418: ((eq action :action-panic) "panic")
1419: ((eq action :action-stop) "stop")
1420: ((eq action :action-abort) "abort")
1421: ((eq action :action-kill) "kill")
1422: ((eq action :action-exit) "exit"))))
1423: ; Only proceed if action is not nil
1424: (when action
1425: ; Create the command string
1426: (let ((cmd (format "%s/write" action)))
1427: ; Call syd--stat with the command
1428: (syd--stat (syd--rule cmd glob ?^))))))
1429:
1430: (defun syd-exec-add (action glob)
1431: "Adds to the given actionlist of exec sandboxing.
1432: ACTION is a constant representing the sandboxing action.
1433: GLOB is a string representing the glob pattern."
1434: (let ((action (cond
1435: ((eq action :action-allow) "allow")
1436: ((eq action :action-warn) "warn")
1437: ((eq action :action-filter) "filter")
1438: ((eq action :action-deny) "deny")
1439: ((eq action :action-panic) "panic")
1440: ((eq action :action-stop) "stop")
1441: ((eq action :action-abort) "abort")
1442: ((eq action :action-kill) "kill")
1443: ((eq action :action-exit) "exit"))))
1444: ; Only proceed if action is not nil
1445: (when action
1446: ; Create the command string
1447: (let ((cmd (format "%s/exec" action)))
1448: ; Call syd--stat with the command
1449: (syd--stat (syd--rule cmd glob ?+))))))
1450:
1451: (defun syd-exec-del (action glob)
1452: "Removes the first matching entry from the end of the given actionlist
1453: of exec sandboxing.
1454: ACTION is a constant representing the sandboxing action.
1455: GLOB is a string representing the glob pattern."
1456: (let ((action (cond
1457: ((eq action :action-allow) "allow")
1458: ((eq action :action-warn) "warn")
1459: ((eq action :action-filter) "filter")
1460: ((eq action :action-deny) "deny")
1461: ((eq action :action-panic) "panic")
1462: ((eq action :action-stop) "stop")
1463: ((eq action :action-abort) "abort")
1464: ((eq action :action-kill) "kill")
1465: ((eq action :action-exit) "exit"))))
1466: ; Only proceed if action is not nil
1467: (when action
1468: ; Create the command string
1469: (let ((cmd (format "%s/exec" action)))
1470: ; Call syd--stat with the command
1471: (syd--stat (syd--rule cmd glob ?-))))))
1472:
1473: (defun syd-exec-rem (action glob)
1474: "Removes all matching entries from the given actionlist of exec sandboxing.
1475: ACTION is a constant representing the sandboxing action.
1476: GLOB is a string representing the glob pattern."
1477: (let ((action (cond
1478: ((eq action :action-allow) "allow")
1479: ((eq action :action-warn) "warn")
1480: ((eq action :action-filter) "filter")
1481: ((eq action :action-deny) "deny")
1482: ((eq action :action-panic) "panic")
1483: ((eq action :action-stop) "stop")
1484: ((eq action :action-abort) "abort")
1485: ((eq action :action-kill) "kill")
1486: ((eq action :action-exit) "exit"))))
1487: ; Only proceed if action is not nil
1488: (when action
1489: ; Create the command string
1490: (let ((cmd (format "%s/exec" action)))
1491: ; Call syd--stat with the command
1492: (syd--stat (syd--rule cmd glob ?^))))))
1493:
1494: (defun syd-ioctl-add (action glob)
1495: "Adds to the given actionlist of ioctl sandboxing.
1496: ACTION is a constant representing the sandboxing action.
1497: GLOB is a string representing the glob pattern."
1498: (let ((action (cond
1499: ((eq action :action-allow) "allow")
1500: ((eq action :action-warn) "warn")
1501: ((eq action :action-filter) "filter")
1502: ((eq action :action-deny) "deny")
1503: ((eq action :action-panic) "panic")
1504: ((eq action :action-stop) "stop")
1505: ((eq action :action-abort) "abort")
1506: ((eq action :action-kill) "kill")
1507: ((eq action :action-exit) "exit"))))
1508: ; Only proceed if action is not nil
1509: (when action
1510: ; Create the command string
1511: (let ((cmd (format "%s/ioctl" action)))
1512: ; Call syd--stat with the command
1513: (syd--stat (syd--rule cmd glob ?+))))))
1514:
1515: (defun syd-ioctl-del (action glob)
1516: "Removes the first matching entry from the end of the given actionlist
1517: of ioctl sandboxing.
1518: ACTION is a constant representing the sandboxing action.
1519: GLOB is a string representing the glob pattern."
1520: (let ((action (cond
1521: ((eq action :action-allow) "allow")
1522: ((eq action :action-warn) "warn")
1523: ((eq action :action-filter) "filter")
1524: ((eq action :action-deny) "deny")
1525: ((eq action :action-panic) "panic")
1526: ((eq action :action-stop) "stop")
1527: ((eq action :action-abort) "abort")
1528: ((eq action :action-kill) "kill")
1529: ((eq action :action-exit) "exit"))))
1530: ; Only proceed if action is not nil
1531: (when action
1532: ; Create the command string
1533: (let ((cmd (format "%s/ioctl" action)))
1534: ; Call syd--stat with the command
1535: (syd--stat (syd--rule cmd glob ?-))))))
1536:
1537: (defun syd-ioctl-rem (action glob)
1538: "Removes all matching entries from the given actionlist of ioctl sandboxing.
1539: ACTION is a constant representing the sandboxing action.
1540: GLOB is a string representing the glob pattern."
1541: (let ((action (cond
1542: ((eq action :action-allow) "allow")
1543: ((eq action :action-warn) "warn")
1544: ((eq action :action-filter) "filter")
1545: ((eq action :action-deny) "deny")
1546: ((eq action :action-panic) "panic")
1547: ((eq action :action-stop) "stop")
1548: ((eq action :action-abort) "abort")
1549: ((eq action :action-kill) "kill")
1550: ((eq action :action-exit) "exit"))))
1551: ; Only proceed if action is not nil
1552: (when action
1553: ; Create the command string
1554: (let ((cmd (format "%s/ioctl" action)))
1555: ; Call syd--stat with the command
1556: (syd--stat (syd--rule cmd glob ?^))))))
1557:
1558: (defun syd-create-add (action glob)
1559: "Adds to the given actionlist of create sandboxing.
1560: ACTION is a constant representing the sandboxing action.
1561: GLOB is a string representing the glob pattern."
1562: (let ((action (cond
1563: ((eq action :action-allow) "allow")
1564: ((eq action :action-warn) "warn")
1565: ((eq action :action-filter) "filter")
1566: ((eq action :action-deny) "deny")
1567: ((eq action :action-panic) "panic")
1568: ((eq action :action-stop) "stop")
1569: ((eq action :action-abort) "abort")
1570: ((eq action :action-kill) "kill")
1571: ((eq action :action-exit) "exit"))))
1572: ; Only proceed if action is not nil
1573: (when action
1574: ; Create the command string
1575: (let ((cmd (format "%s/create" action)))
1576: ; Call syd--stat with the command
1577: (syd--stat (syd--rule cmd glob ?+))))))
1578:
1579: (defun syd-create-del (action glob)
1580: "Removes the first matching entry from the end of the given actionlist
1581: of create sandboxing.
1582: ACTION is a constant representing the sandboxing action.
1583: GLOB is a string representing the glob pattern."
1584: (let ((action (cond
1585: ((eq action :action-allow) "allow")
1586: ((eq action :action-warn) "warn")
1587: ((eq action :action-filter) "filter")
1588: ((eq action :action-deny) "deny")
1589: ((eq action :action-panic) "panic")
1590: ((eq action :action-stop) "stop")
1591: ((eq action :action-abort) "abort")
1592: ((eq action :action-kill) "kill")
1593: ((eq action :action-exit) "exit"))))
1594: ; Only proceed if action is not nil
1595: (when action
1596: ; Create the command string
1597: (let ((cmd (format "%s/create" action)))
1598: ; Call syd--stat with the command
1599: (syd--stat (syd--rule cmd glob ?-))))))
1600:
1601: (defun syd-create-rem (action glob)
1602: "Removes all matching entries from the given actionlist of create sandboxing.
1603: ACTION is a constant representing the sandboxing action.
1604: GLOB is a string representing the glob pattern."
1605: (let ((action (cond
1606: ((eq action :action-allow) "allow")
1607: ((eq action :action-warn) "warn")
1608: ((eq action :action-filter) "filter")
1609: ((eq action :action-deny) "deny")
1610: ((eq action :action-panic) "panic")
1611: ((eq action :action-stop) "stop")
1612: ((eq action :action-abort) "abort")
1613: ((eq action :action-kill) "kill")
1614: ((eq action :action-exit) "exit"))))
1615: ; Only proceed if action is not nil
1616: (when action
1617: ; Create the command string
1618: (let ((cmd (format "%s/create" action)))
1619: ; Call syd--stat with the command
1620: (syd--stat (syd--rule cmd glob ?^))))))
1621:
1622: (defun syd-delete-add (action glob)
1623: "Adds to the given actionlist of delete sandboxing.
1624: ACTION is a constant representing the sandboxing action.
1625: GLOB is a string representing the glob pattern."
1626: (let ((action (cond
1627: ((eq action :action-allow) "allow")
1628: ((eq action :action-warn) "warn")
1629: ((eq action :action-filter) "filter")
1630: ((eq action :action-deny) "deny")
1631: ((eq action :action-panic) "panic")
1632: ((eq action :action-stop) "stop")
1633: ((eq action :action-abort) "abort")
1634: ((eq action :action-kill) "kill")
1635: ((eq action :action-exit) "exit"))))
1636: ; Only proceed if action is not nil
1637: (when action
1638: ; delete the command string
1639: (let ((cmd (format "%s/delete" action)))
1640: ; Call syd--stat with the command
1641: (syd--stat (syd--rule cmd glob ?+))))))
1642:
1643: (defun syd-delete-del (action glob)
1644: "Removes the first matching entry from the end of the given actionlist
1645: of delete sandboxing.
1646: ACTION is a constant representing the sandboxing action.
1647: GLOB is a string representing the glob pattern."
1648: (let ((action (cond
1649: ((eq action :action-allow) "allow")
1650: ((eq action :action-warn) "warn")
1651: ((eq action :action-filter) "filter")
1652: ((eq action :action-deny) "deny")
1653: ((eq action :action-panic) "panic")
1654: ((eq action :action-stop) "stop")
1655: ((eq action :action-abort) "abort")
1656: ((eq action :action-kill) "kill")
1657: ((eq action :action-exit) "exit"))))
1658: ; Only proceed if action is not nil
1659: (when action
1660: ; delete the command string
1661: (let ((cmd (format "%s/delete" action)))
1662: ; Call syd--stat with the command
1663: (syd--stat (syd--rule cmd glob ?-))))))
1664:
1665: (defun syd-delete-rem (action glob)
1666: "Removes all matching entries from the given actionlist of delete sandboxing.
1667: ACTION is a constant representing the sandboxing action.
1668: GLOB is a string representing the glob pattern."
1669: (let ((action (cond
1670: ((eq action :action-allow) "allow")
1671: ((eq action :action-warn) "warn")
1672: ((eq action :action-filter) "filter")
1673: ((eq action :action-deny) "deny")
1674: ((eq action :action-panic) "panic")
1675: ((eq action :action-stop) "stop")
1676: ((eq action :action-abort) "abort")
1677: ((eq action :action-kill) "kill")
1678: ((eq action :action-exit) "exit"))))
1679: ; Only proceed if action is not nil
1680: (when action
1681: ; delete the command string
1682: (let ((cmd (format "%s/delete" action)))
1683: ; Call syd--stat with the command
1684: (syd--stat (syd--rule cmd glob ?^))))))
1685:
1686: (defun syd-rename-add (action glob)
1687: "Adds to the given actionlist of rename sandboxing.
1688: ACTION is a constant representing the sandboxing action.
1689: GLOB is a string representing the glob pattern."
1690: (let ((action (cond
1691: ((eq action :action-allow) "allow")
1692: ((eq action :action-warn) "warn")
1693: ((eq action :action-filter) "filter")
1694: ((eq action :action-deny) "deny")
1695: ((eq action :action-panic) "panic")
1696: ((eq action :action-stop) "stop")
1697: ((eq action :action-abort) "abort")
1698: ((eq action :action-kill) "kill")
1699: ((eq action :action-exit) "exit"))))
1700: ; Only proceed if action is not nil
1701: (when action
1702: ; rename the command string
1703: (let ((cmd (format "%s/rename" action)))
1704: ; Call syd--stat with the command
1705: (syd--stat (syd--rule cmd glob ?+))))))
1706:
1707: (defun syd-rename-del (action glob)
1708: "Removes the first matching entry from the end of the given actionlist
1709: of rename sandboxing.
1710: ACTION is a constant representing the sandboxing action.
1711: GLOB is a string representing the glob pattern."
1712: (let ((action (cond
1713: ((eq action :action-allow) "allow")
1714: ((eq action :action-warn) "warn")
1715: ((eq action :action-filter) "filter")
1716: ((eq action :action-deny) "deny")
1717: ((eq action :action-panic) "panic")
1718: ((eq action :action-stop) "stop")
1719: ((eq action :action-abort) "abort")
1720: ((eq action :action-kill) "kill")
1721: ((eq action :action-exit) "exit"))))
1722: ; Only proceed if action is not nil
1723: (when action
1724: ; rename the command string
1725: (let ((cmd (format "%s/rename" action)))
1726: ; Call syd--stat with the command
1727: (syd--stat (syd--rule cmd glob ?-))))))
1728:
1729: (defun syd-rename-rem (action glob)
1730: "Removes all matching entries from the given actionlist of rename sandboxing.
1731: ACTION is a constant representing the sandboxing action.
1732: GLOB is a string representing the glob pattern."
1733: (let ((action (cond
1734: ((eq action :action-allow) "allow")
1735: ((eq action :action-warn) "warn")
1736: ((eq action :action-filter) "filter")
1737: ((eq action :action-deny) "deny")
1738: ((eq action :action-panic) "panic")
1739: ((eq action :action-stop) "stop")
1740: ((eq action :action-abort) "abort")
1741: ((eq action :action-kill) "kill")
1742: ((eq action :action-exit) "exit"))))
1743: ; Only proceed if action is not nil
1744: (when action
1745: ; rename the command string
1746: (let ((cmd (format "%s/rename" action)))
1747: ; Call syd--stat with the command
1748: (syd--stat (syd--rule cmd glob ?^))))))
1749:
1750: (defun syd-symlink-add (action glob)
1751: "Adds to the given actionlist of symlink sandboxing.
1752: ACTION is a constant representing the sandboxing action.
1753: GLOB is a string representing the glob pattern."
1754: (let ((action (cond
1755: ((eq action :action-allow) "allow")
1756: ((eq action :action-warn) "warn")
1757: ((eq action :action-filter) "filter")
1758: ((eq action :action-deny) "deny")
1759: ((eq action :action-panic) "panic")
1760: ((eq action :action-stop) "stop")
1761: ((eq action :action-abort) "abort")
1762: ((eq action :action-kill) "kill")
1763: ((eq action :action-exit) "exit"))))
1764: ; Only proceed if action is not nil
1765: (when action
1766: ; symlink the command string
1767: (let ((cmd (format "%s/symlink" action)))
1768: ; Call syd--stat with the command
1769: (syd--stat (syd--rule cmd glob ?+))))))
1770:
1771: (defun syd-symlink-del (action glob)
1772: "Removes the first matching entry from the end of the given actionlist
1773: of symlink sandboxing.
1774: ACTION is a constant representing the sandboxing action.
1775: GLOB is a string representing the glob pattern."
1776: (let ((action (cond
1777: ((eq action :action-allow) "allow")
1778: ((eq action :action-warn) "warn")
1779: ((eq action :action-filter) "filter")
1780: ((eq action :action-deny) "deny")
1781: ((eq action :action-panic) "panic")
1782: ((eq action :action-stop) "stop")
1783: ((eq action :action-abort) "abort")
1784: ((eq action :action-kill) "kill")
1785: ((eq action :action-exit) "exit"))))
1786: ; Only proceed if action is not nil
1787: (when action
1788: ; symlink the command string
1789: (let ((cmd (format "%s/symlink" action)))
1790: ; Call syd--stat with the command
1791: (syd--stat (syd--rule cmd glob ?-))))))
1792:
1793: (defun syd-symlink-rem (action glob)
1794: "Removes all matching entries from the given actionlist of symlink sandboxing.
1795: ACTION is a constant representing the sandboxing action.
1796: GLOB is a string representing the glob pattern."
1797: (let ((action (cond
1798: ((eq action :action-allow) "allow")
1799: ((eq action :action-warn) "warn")
1800: ((eq action :action-filter) "filter")
1801: ((eq action :action-deny) "deny")
1802: ((eq action :action-panic) "panic")
1803: ((eq action :action-stop) "stop")
1804: ((eq action :action-abort) "abort")
1805: ((eq action :action-kill) "kill")
1806: ((eq action :action-exit) "exit"))))
1807: ; Only proceed if action is not nil
1808: (when action
1809: ; symlink the command string
1810: (let ((cmd (format "%s/symlink" action)))
1811: ; Call syd--stat with the command
1812: (syd--stat (syd--rule cmd glob ?^))))))
1813:
1814: (defun syd-truncate-add (action glob)
1815: "Adds to the given actionlist of truncate sandboxing.
1816: ACTION is a constant representing the sandboxing action.
1817: GLOB is a string representing the glob pattern."
1818: (let ((action (cond
1819: ((eq action :action-allow) "allow")
1820: ((eq action :action-warn) "warn")
1821: ((eq action :action-filter) "filter")
1822: ((eq action :action-deny) "deny")
1823: ((eq action :action-panic) "panic")
1824: ((eq action :action-stop) "stop")
1825: ((eq action :action-abort) "abort")
1826: ((eq action :action-kill) "kill")
1827: ((eq action :action-exit) "exit"))))
1828: ; Only proceed if action is not nil
1829: (when action
1830: ; truncate the command string
1831: (let ((cmd (format "%s/truncate" action)))
1832: ; Call syd--stat with the command
1833: (syd--stat (syd--rule cmd glob ?+))))))
1834:
1835: (defun syd-truncate-del (action glob)
1836: "Removes the first matching entry from the end of the given actionlist
1837: of truncate sandboxing.
1838: ACTION is a constant representing the sandboxing action.
1839: GLOB is a string representing the glob pattern."
1840: (let ((action (cond
1841: ((eq action :action-allow) "allow")
1842: ((eq action :action-warn) "warn")
1843: ((eq action :action-filter) "filter")
1844: ((eq action :action-deny) "deny")
1845: ((eq action :action-panic) "panic")
1846: ((eq action :action-stop) "stop")
1847: ((eq action :action-abort) "abort")
1848: ((eq action :action-kill) "kill")
1849: ((eq action :action-exit) "exit"))))
1850: ; Only proceed if action is not nil
1851: (when action
1852: ; truncate the command string
1853: (let ((cmd (format "%s/truncate" action)))
1854: ; Call syd--stat with the command
1855: (syd--stat (syd--rule cmd glob ?-))))))
1856:
1857: (defun syd-truncate-rem (action glob)
1858: "Removes all matching entries from the given actionlist of truncate sandboxing.
1859: ACTION is a constant representing the sandboxing action.
1860: GLOB is a string representing the glob pattern."
1861: (let ((action (cond
1862: ((eq action :action-allow) "allow")
1863: ((eq action :action-warn) "warn")
1864: ((eq action :action-filter) "filter")
1865: ((eq action :action-deny) "deny")
1866: ((eq action :action-panic) "panic")
1867: ((eq action :action-stop) "stop")
1868: ((eq action :action-abort) "abort")
1869: ((eq action :action-kill) "kill")
1870: ((eq action :action-exit) "exit"))))
1871: ; Only proceed if action is not nil
1872: (when action
1873: ; truncate the command string
1874: (let ((cmd (format "%s/truncate" action)))
1875: ; Call syd--stat with the command
1876: (syd--stat (syd--rule cmd glob ?^))))))
1877:
1878: (defun syd-chdir-add (action glob)
1879: "Adds to the given actionlist of chdir sandboxing.
1880: ACTION is a constant representing the sandboxing action.
1881: GLOB is a string representing the glob pattern."
1882: (let ((action (cond
1883: ((eq action :action-allow) "allow")
1884: ((eq action :action-warn) "warn")
1885: ((eq action :action-filter) "filter")
1886: ((eq action :action-deny) "deny")
1887: ((eq action :action-panic) "panic")
1888: ((eq action :action-stop) "stop")
1889: ((eq action :action-abort) "abort")
1890: ((eq action :action-kill) "kill")
1891: ((eq action :action-exit) "exit"))))
1892: ; Only proceed if action is not nil
1893: (when action
1894: ; chdir the command string
1895: (let ((cmd (format "%s/chdir" action)))
1896: ; Call syd--stat with the command
1897: (syd--stat (syd--rule cmd glob ?+))))))
1898:
1899: (defun syd-chdir-del (action glob)
1900: "Removes the first matching entry from the end of the given actionlist
1901: of chdir sandboxing.
1902: ACTION is a constant representing the sandboxing action.
1903: GLOB is a string representing the glob pattern."
1904: (let ((action (cond
1905: ((eq action :action-allow) "allow")
1906: ((eq action :action-warn) "warn")
1907: ((eq action :action-filter) "filter")
1908: ((eq action :action-deny) "deny")
1909: ((eq action :action-panic) "panic")
1910: ((eq action :action-stop) "stop")
1911: ((eq action :action-abort) "abort")
1912: ((eq action :action-kill) "kill")
1913: ((eq action :action-exit) "exit"))))
1914: ; Only proceed if action is not nil
1915: (when action
1916: ; chdir the command string
1917: (let ((cmd (format "%s/chdir" action)))
1918: ; Call syd--stat with the command
1919: (syd--stat (syd--rule cmd glob ?-))))))
1920:
1921: (defun syd-chdir-rem (action glob)
1922: "Removes all matching entries from the given actionlist of chdir sandboxing.
1923: ACTION is a constant representing the sandboxing action.
1924: GLOB is a string representing the glob pattern."
1925: (let ((action (cond
1926: ((eq action :action-allow) "allow")
1927: ((eq action :action-warn) "warn")
1928: ((eq action :action-filter) "filter")
1929: ((eq action :action-deny) "deny")
1930: ((eq action :action-panic) "panic")
1931: ((eq action :action-stop) "stop")
1932: ((eq action :action-abort) "abort")
1933: ((eq action :action-kill) "kill")
1934: ((eq action :action-exit) "exit"))))
1935: ; Only proceed if action is not nil
1936: (when action
1937: ; chdir the command string
1938: (let ((cmd (format "%s/chdir" action)))
1939: ; Call syd--stat with the command
1940: (syd--stat (syd--rule cmd glob ?^))))))
1941:
1942: (defun syd-readdir-add (action glob)
1943: "Adds to the given actionlist of readdir sandboxing.
1944: ACTION is a constant representing the sandboxing action.
1945: GLOB is a string representing the glob pattern."
1946: (let ((action (cond
1947: ((eq action :action-allow) "allow")
1948: ((eq action :action-warn) "warn")
1949: ((eq action :action-filter) "filter")
1950: ((eq action :action-deny) "deny")
1951: ((eq action :action-panic) "panic")
1952: ((eq action :action-stop) "stop")
1953: ((eq action :action-abort) "abort")
1954: ((eq action :action-kill) "kill")
1955: ((eq action :action-exit) "exit"))))
1956: ; Only proceed if action is not nil
1957: (when action
1958: ; readdir the command string
1959: (let ((cmd (format "%s/readdir" action)))
1960: ; Call syd--stat with the command
1961: (syd--stat (syd--rule cmd glob ?+))))))
1962:
1963: (defun syd-readdir-del (action glob)
1964: "Removes the first matching entry from the end of the given actionlist
1965: of readdir sandboxing.
1966: ACTION is a constant representing the sandboxing action.
1967: GLOB is a string representing the glob pattern."
1968: (let ((action (cond
1969: ((eq action :action-allow) "allow")
1970: ((eq action :action-warn) "warn")
1971: ((eq action :action-filter) "filter")
1972: ((eq action :action-deny) "deny")
1973: ((eq action :action-panic) "panic")
1974: ((eq action :action-stop) "stop")
1975: ((eq action :action-abort) "abort")
1976: ((eq action :action-kill) "kill")
1977: ((eq action :action-exit) "exit"))))
1978: ; Only proceed if action is not nil
1979: (when action
1980: ; readdir the command string
1981: (let ((cmd (format "%s/readdir" action)))
1982: ; Call syd--stat with the command
1983: (syd--stat (syd--rule cmd glob ?-))))))
1984:
1985: (defun syd-readdir-rem (action glob)
1986: "Removes all matching entries from the given actionlist of readdir sandboxing.
1987: ACTION is a constant representing the sandboxing action.
1988: GLOB is a string representing the glob pattern."
1989: (let ((action (cond
1990: ((eq action :action-allow) "allow")
1991: ((eq action :action-warn) "warn")
1992: ((eq action :action-filter) "filter")
1993: ((eq action :action-deny) "deny")
1994: ((eq action :action-panic) "panic")
1995: ((eq action :action-stop) "stop")
1996: ((eq action :action-abort) "abort")
1997: ((eq action :action-kill) "kill")
1998: ((eq action :action-exit) "exit"))))
1999: ; Only proceed if action is not nil
2000: (when action
2001: ; readdir the command string
2002: (let ((cmd (format "%s/readdir" action)))
2003: ; Call syd--stat with the command
2004: (syd--stat (syd--rule cmd glob ?^))))))
2005:
2006: (defun syd-readdir-add (action glob)
2007: "Adds to the given actionlist of readdir sandboxing.
2008: ACTION is a constant representing the sandboxing action.
2009: GLOB is a string representing the glob pattern."
2010: (let ((action (cond
2011: ((eq action :action-allow) "allow")
2012: ((eq action :action-warn) "warn")
2013: ((eq action :action-filter) "filter")
2014: ((eq action :action-deny) "deny")
2015: ((eq action :action-panic) "panic")
2016: ((eq action :action-stop) "stop")
2017: ((eq action :action-abort) "abort")
2018: ((eq action :action-kill) "kill")
2019: ((eq action :action-exit) "exit"))))
2020: ; Only proceed if action is not nil
2021: (when action
2022: ; readdir the command string
2023: (let ((cmd (format "%s/readdir" action)))
2024: ; Call syd--stat with the command
2025: (syd--stat (syd--rule cmd glob ?+))))))
2026:
2027: (defun syd-readdir-del (action glob)
2028: "Removes the first matching entry from the end of the given actionlist
2029: of readdir sandboxing.
2030: ACTION is a constant representing the sandboxing action.
2031: GLOB is a string representing the glob pattern."
2032: (let ((action (cond
2033: ((eq action :action-allow) "allow")
2034: ((eq action :action-warn) "warn")
2035: ((eq action :action-filter) "filter")
2036: ((eq action :action-deny) "deny")
2037: ((eq action :action-panic) "panic")
2038: ((eq action :action-stop) "stop")
2039: ((eq action :action-abort) "abort")
2040: ((eq action :action-kill) "kill")
2041: ((eq action :action-exit) "exit"))))
2042: ; Only proceed if action is not nil
2043: (when action
2044: ; readdir the command string
2045: (let ((cmd (format "%s/readdir" action)))
2046: ; Call syd--stat with the command
2047: (syd--stat (syd--rule cmd glob ?-))))))
2048:
2049: (defun syd-readdir-rem (action glob)
2050: "Removes all matching entries from the given actionlist of readdir sandboxing.
2051: ACTION is a constant representing the sandboxing action.
2052: GLOB is a string representing the glob pattern."
2053: (let ((action (cond
2054: ((eq action :action-allow) "allow")
2055: ((eq action :action-warn) "warn")
2056: ((eq action :action-filter) "filter")
2057: ((eq action :action-deny) "deny")
2058: ((eq action :action-panic) "panic")
2059: ((eq action :action-stop) "stop")
2060: ((eq action :action-abort) "abort")
2061: ((eq action :action-kill) "kill")
2062: ((eq action :action-exit) "exit"))))
2063: ; Only proceed if action is not nil
2064: (when action
2065: ; readdir the command string
2066: (let ((cmd (format "%s/readdir" action)))
2067: ; Call syd--stat with the command
2068: (syd--stat (syd--rule cmd glob ?^))))))
2069:
2070: (defun syd-mkdir-add (action glob)
2071: "Adds to the given actionlist of mkdir sandboxing.
2072: ACTION is a constant representing the sandboxing action.
2073: GLOB is a string representing the glob pattern."
2074: (let ((action (cond
2075: ((eq action :action-allow) "allow")
2076: ((eq action :action-warn) "warn")
2077: ((eq action :action-filter) "filter")
2078: ((eq action :action-deny) "deny")
2079: ((eq action :action-panic) "panic")
2080: ((eq action :action-stop) "stop")
2081: ((eq action :action-abort) "abort")
2082: ((eq action :action-kill) "kill")
2083: ((eq action :action-exit) "exit"))))
2084: ; Only proceed if action is not nil
2085: (when action
2086: ; mkdir the command string
2087: (let ((cmd (format "%s/mkdir" action)))
2088: ; Call syd--stat with the command
2089: (syd--stat (syd--rule cmd glob ?+))))))
2090:
2091: (defun syd-mkdir-del (action glob)
2092: "Removes the first matching entry from the end of the given actionlist
2093: of mkdir sandboxing.
2094: ACTION is a constant representing the sandboxing action.
2095: GLOB is a string representing the glob pattern."
2096: (let ((action (cond
2097: ((eq action :action-allow) "allow")
2098: ((eq action :action-warn) "warn")
2099: ((eq action :action-filter) "filter")
2100: ((eq action :action-deny) "deny")
2101: ((eq action :action-panic) "panic")
2102: ((eq action :action-stop) "stop")
2103: ((eq action :action-abort) "abort")
2104: ((eq action :action-kill) "kill")
2105: ((eq action :action-exit) "exit"))))
2106: ; Only proceed if action is not nil
2107: (when action
2108: ; mkdir the command string
2109: (let ((cmd (format "%s/mkdir" action)))
2110: ; Call syd--stat with the command
2111: (syd--stat (syd--rule cmd glob ?-))))))
2112:
2113: (defun syd-mkdir-rem (action glob)
2114: "Removes all matching entries from the given actionlist of mkdir sandboxing.
2115: ACTION is a constant representing the sandboxing action.
2116: GLOB is a string representing the glob pattern."
2117: (let ((action (cond
2118: ((eq action :action-allow) "allow")
2119: ((eq action :action-warn) "warn")
2120: ((eq action :action-filter) "filter")
2121: ((eq action :action-deny) "deny")
2122: ((eq action :action-panic) "panic")
2123: ((eq action :action-stop) "stop")
2124: ((eq action :action-abort) "abort")
2125: ((eq action :action-kill) "kill")
2126: ((eq action :action-exit) "exit"))))
2127: ; Only proceed if action is not nil
2128: (when action
2129: ; mkdir the command string
2130: (let ((cmd (format "%s/mkdir" action)))
2131: ; Call syd--stat with the command
2132: (syd--stat (syd--rule cmd glob ?^))))))
2133:
2134: (defun syd-rmdir-add (action glob)
2135: "Adds to the given actionlist of rmdir sandboxing.
2136: ACTION is a constant representing the sandboxing action.
2137: GLOB is a string representing the glob pattern."
2138: (let ((action (cond
2139: ((eq action :action-allow) "allow")
2140: ((eq action :action-warn) "warn")
2141: ((eq action :action-filter) "filter")
2142: ((eq action :action-deny) "deny")
2143: ((eq action :action-panic) "panic")
2144: ((eq action :action-stop) "stop")
2145: ((eq action :action-abort) "abort")
2146: ((eq action :action-kill) "kill")
2147: ((eq action :action-exit) "exit"))))
2148: ; Only proceed if action is not nil
2149: (when action
2150: ; rmdir the command string
2151: (let ((cmd (format "%s/rmdir" action)))
2152: ; Call syd--stat with the command
2153: (syd--stat (syd--rule cmd glob ?+))))))
2154:
2155: (defun syd-rmdir-del (action glob)
2156: "Removes the first matching entry from the end of the given actionlist
2157: of rmdir sandboxing.
2158: ACTION is a constant representing the sandboxing action.
2159: GLOB is a string representing the glob pattern."
2160: (let ((action (cond
2161: ((eq action :action-allow) "allow")
2162: ((eq action :action-warn) "warn")
2163: ((eq action :action-filter) "filter")
2164: ((eq action :action-deny) "deny")
2165: ((eq action :action-panic) "panic")
2166: ((eq action :action-stop) "stop")
2167: ((eq action :action-abort) "abort")
2168: ((eq action :action-kill) "kill")
2169: ((eq action :action-exit) "exit"))))
2170: ; Only proceed if action is not nil
2171: (when action
2172: ; rmdir the command string
2173: (let ((cmd (format "%s/rmdir" action)))
2174: ; Call syd--stat with the command
2175: (syd--stat (syd--rule cmd glob ?-))))))
2176:
2177: (defun syd-rmdir-rem (action glob)
2178: "Removes all matching entries from the given actionlist of rmdir sandboxing.
2179: ACTION is a constant representing the sandboxing action.
2180: GLOB is a string representing the glob pattern."
2181: (let ((action (cond
2182: ((eq action :action-allow) "allow")
2183: ((eq action :action-warn) "warn")
2184: ((eq action :action-filter) "filter")
2185: ((eq action :action-deny) "deny")
2186: ((eq action :action-panic) "panic")
2187: ((eq action :action-stop) "stop")
2188: ((eq action :action-abort) "abort")
2189: ((eq action :action-kill) "kill")
2190: ((eq action :action-exit) "exit"))))
2191: ; Only proceed if action is not nil
2192: (when action
2193: ; rmdir the command string
2194: (let ((cmd (format "%s/rmdir" action)))
2195: ; Call syd--stat with the command
2196: (syd--stat (syd--rule cmd glob ?^))))))
2197:
2198: (defun syd-chown-add (action glob)
2199: "Adds to the given actionlist of chown sandboxing.
2200: ACTION is a constant representing the sandboxing action.
2201: GLOB is a string representing the glob pattern."
2202: (let ((action (cond
2203: ((eq action :action-allow) "allow")
2204: ((eq action :action-warn) "warn")
2205: ((eq action :action-filter) "filter")
2206: ((eq action :action-deny) "deny")
2207: ((eq action :action-panic) "panic")
2208: ((eq action :action-stop) "stop")
2209: ((eq action :action-abort) "abort")
2210: ((eq action :action-kill) "kill")
2211: ((eq action :action-exit) "exit"))))
2212: ; Only proceed if action is not nil
2213: (when action
2214: ; Create the command string
2215: (let ((cmd (format "%s/chown" action)))
2216: ; Call syd--stat with the command
2217: (syd--stat (syd--rule cmd glob ?+))))))
2218:
2219: (defun syd-chown-del (action glob)
2220: "Removes the first matching entry from the end of the given actionlist
2221: of chown sandboxing.
2222: ACTION is a constant representing the sandboxing action.
2223: GLOB is a string representing the glob pattern."
2224: (let ((action (cond
2225: ((eq action :action-allow) "allow")
2226: ((eq action :action-warn) "warn")
2227: ((eq action :action-filter) "filter")
2228: ((eq action :action-deny) "deny")
2229: ((eq action :action-panic) "panic")
2230: ((eq action :action-stop) "stop")
2231: ((eq action :action-abort) "abort")
2232: ((eq action :action-kill) "kill")
2233: ((eq action :action-exit) "exit"))))
2234: ; Only proceed if action is not nil
2235: (when action
2236: ; Create the command string
2237: (let ((cmd (format "%s/chown" action)))
2238: ; Call syd--stat with the command
2239: (syd--stat (syd--rule cmd glob ?-))))))
2240:
2241: (defun syd-chown-rem (action glob)
2242: "Removes all matching entries from the given actionlist of chown sandboxing.
2243: ACTION is a constant representing the sandboxing action.
2244: GLOB is a string representing the glob pattern."
2245: (let ((action (cond
2246: ((eq action :action-allow) "allow")
2247: ((eq action :action-warn) "warn")
2248: ((eq action :action-filter) "filter")
2249: ((eq action :action-deny) "deny")
2250: ((eq action :action-panic) "panic")
2251: ((eq action :action-stop) "stop")
2252: ((eq action :action-abort) "abort")
2253: ((eq action :action-kill) "kill")
2254: ((eq action :action-exit) "exit"))))
2255: ; Only proceed if action is not nil
2256: (when action
2257: ; Create the command string
2258: (let ((cmd (format "%s/chown" action)))
2259: ; Call syd--stat with the command
2260: (syd--stat (syd--rule cmd glob ?^))))))
2261:
2262: (defun syd-chgrp-add (action glob)
2263: "Adds to the given actionlist of chgrp sandboxing.
2264: ACTION is a constant representing the sandboxing action.
2265: GLOB is a string representing the glob pattern."
2266: (let ((action (cond
2267: ((eq action :action-allow) "allow")
2268: ((eq action :action-warn) "warn")
2269: ((eq action :action-filter) "filter")
2270: ((eq action :action-deny) "deny")
2271: ((eq action :action-panic) "panic")
2272: ((eq action :action-stop) "stop")
2273: ((eq action :action-abort) "abort")
2274: ((eq action :action-kill) "kill")
2275: ((eq action :action-exit) "exit"))))
2276: ; Only proceed if action is not nil
2277: (when action
2278: ; Create the command string
2279: (let ((cmd (format "%s/chgrp" action)))
2280: ; Call syd--stat with the command
2281: (syd--stat (syd--rule cmd glob ?+))))))
2282:
2283: (defun syd-chgrp-del (action glob)
2284: "Removes the first matching entry from the end of the given actionlist
2285: of chgrp sandboxing.
2286: ACTION is a constant representing the sandboxing action.
2287: GLOB is a string representing the glob pattern."
2288: (let ((action (cond
2289: ((eq action :action-allow) "allow")
2290: ((eq action :action-warn) "warn")
2291: ((eq action :action-filter) "filter")
2292: ((eq action :action-deny) "deny")
2293: ((eq action :action-panic) "panic")
2294: ((eq action :action-stop) "stop")
2295: ((eq action :action-abort) "abort")
2296: ((eq action :action-kill) "kill")
2297: ((eq action :action-exit) "exit"))))
2298: ; Only proceed if action is not nil
2299: (when action
2300: ; Create the command string
2301: (let ((cmd (format "%s/chgrp" action)))
2302: ; Call syd--stat with the command
2303: (syd--stat (syd--rule cmd glob ?-))))))
2304:
2305: (defun syd-chgrp-rem (action glob)
2306: "Removes all matching entries from the given actionlist of chgrp sandboxing.
2307: ACTION is a constant representing the sandboxing action.
2308: GLOB is a string representing the glob pattern."
2309: (let ((action (cond
2310: ((eq action :action-allow) "allow")
2311: ((eq action :action-warn) "warn")
2312: ((eq action :action-filter) "filter")
2313: ((eq action :action-deny) "deny")
2314: ((eq action :action-panic) "panic")
2315: ((eq action :action-stop) "stop")
2316: ((eq action :action-abort) "abort")
2317: ((eq action :action-kill) "kill")
2318: ((eq action :action-exit) "exit"))))
2319: ; Only proceed if action is not nil
2320: (when action
2321: ; Create the command string
2322: (let ((cmd (format "%s/chgrp" action)))
2323: ; Call syd--stat with the command
2324: (syd--stat (syd--rule cmd glob ?^))))))
2325:
2326: (defun syd-chmod-add (action glob)
2327: "Adds to the given actionlist of chmod sandboxing.
2328: ACTION is a constant representing the sandboxing action.
2329: GLOB is a string representing the glob pattern."
2330: (let ((action (cond
2331: ((eq action :action-allow) "allow")
2332: ((eq action :action-warn) "warn")
2333: ((eq action :action-filter) "filter")
2334: ((eq action :action-deny) "deny")
2335: ((eq action :action-panic) "panic")
2336: ((eq action :action-stop) "stop")
2337: ((eq action :action-abort) "abort")
2338: ((eq action :action-kill) "kill")
2339: ((eq action :action-exit) "exit"))))
2340: ; Only proceed if action is not nil
2341: (when action
2342: ; Create the command string
2343: (let ((cmd (format "%s/chmod" action)))
2344: ; Call syd--stat with the command
2345: (syd--stat (syd--rule cmd glob ?+))))))
2346:
2347: (defun syd-chmod-del (action glob)
2348: "Removes the first matching entry from the end of the given actionlist
2349: of chmod sandboxing.
2350: ACTION is a constant representing the sandboxing action.
2351: GLOB is a string representing the glob pattern."
2352: (let ((action (cond
2353: ((eq action :action-allow) "allow")
2354: ((eq action :action-warn) "warn")
2355: ((eq action :action-filter) "filter")
2356: ((eq action :action-deny) "deny")
2357: ((eq action :action-panic) "panic")
2358: ((eq action :action-stop) "stop")
2359: ((eq action :action-abort) "abort")
2360: ((eq action :action-kill) "kill")
2361: ((eq action :action-exit) "exit"))))
2362: ; Only proceed if action is not nil
2363: (when action
2364: ; Create the command string
2365: (let ((cmd (format "%s/chmod" action)))
2366: ; Call syd--stat with the command
2367: (syd--stat (syd--rule cmd glob ?-))))))
2368:
2369: (defun syd-chmod-rem (action glob)
2370: "Removes all matching entries from the given actionlist of chmod sandboxing.
2371: ACTION is a constant representing the sandboxing action.
2372: GLOB is a string representing the glob pattern."
2373: (let ((action (cond
2374: ((eq action :action-allow) "allow")
2375: ((eq action :action-warn) "warn")
2376: ((eq action :action-filter) "filter")
2377: ((eq action :action-deny) "deny")
2378: ((eq action :action-panic) "panic")
2379: ((eq action :action-stop) "stop")
2380: ((eq action :action-abort) "abort")
2381: ((eq action :action-kill) "kill")
2382: ((eq action :action-exit) "exit"))))
2383: ; Only proceed if action is not nil
2384: (when action
2385: ; Create the command string
2386: (let ((cmd (format "%s/chmod" action)))
2387: ; Call syd--stat with the command
2388: (syd--stat (syd--rule cmd glob ?^))))))
2389:
2390: (defun syd-chattr-add (action glob)
2391: "Adds to the given actionlist of chattr sandboxing.
2392: ACTION is a constant representing the sandboxing action.
2393: GLOB is a string representing the glob pattern."
2394: (let ((action (cond
2395: ((eq action :action-allow) "allow")
2396: ((eq action :action-warn) "warn")
2397: ((eq action :action-filter) "filter")
2398: ((eq action :action-deny) "deny")
2399: ((eq action :action-panic) "panic")
2400: ((eq action :action-stop) "stop")
2401: ((eq action :action-abort) "abort")
2402: ((eq action :action-kill) "kill")
2403: ((eq action :action-exit) "exit"))))
2404: ; Only proceed if action is not nil
2405: (when action
2406: ; Create the command string
2407: (let ((cmd (format "%s/chattr" action)))
2408: ; Call syd--stat with the command
2409: (syd--stat (syd--rule cmd glob ?+))))))
2410:
2411: (defun syd-chattr-del (action glob)
2412: "Removes the first matching entry from the end of the given actionlist
2413: of chattr sandboxing.
2414: ACTION is a constant representing the sandboxing action.
2415: GLOB is a string representing the glob pattern."
2416: (let ((action (cond
2417: ((eq action :action-allow) "allow")
2418: ((eq action :action-warn) "warn")
2419: ((eq action :action-filter) "filter")
2420: ((eq action :action-deny) "deny")
2421: ((eq action :action-panic) "panic")
2422: ((eq action :action-stop) "stop")
2423: ((eq action :action-abort) "abort")
2424: ((eq action :action-kill) "kill")
2425: ((eq action :action-exit) "exit"))))
2426: ; Only proceed if action is not nil
2427: (when action
2428: ; Create the command string
2429: (let ((cmd (format "%s/chattr" action)))
2430: ; Call syd--stat with the command
2431: (syd--stat (syd--rule cmd glob ?-))))))
2432:
2433: (defun syd-chattr-rem (action glob)
2434: "Removes all matching entries from the given actionlist of chattr sandboxing.
2435: ACTION is a constant representing the sandboxing action.
2436: GLOB is a string representing the glob pattern."
2437: (let ((action (cond
2438: ((eq action :action-allow) "allow")
2439: ((eq action :action-warn) "warn")
2440: ((eq action :action-filter) "filter")
2441: ((eq action :action-deny) "deny")
2442: ((eq action :action-panic) "panic")
2443: ((eq action :action-stop) "stop")
2444: ((eq action :action-abort) "abort")
2445: ((eq action :action-kill) "kill")
2446: ((eq action :action-exit) "exit"))))
2447: ; Only proceed if action is not nil
2448: (when action
2449: ; Create the command string
2450: (let ((cmd (format "%s/chattr" action)))
2451: ; Call syd--stat with the command
2452: (syd--stat (syd--rule cmd glob ?^))))))
2453:
2454: (defun syd-chroot-add (action glob)
2455: "Adds to the given actionlist of chroot sandboxing.
2456: ACTION is a constant representing the sandboxing action.
2457: GLOB is a string representing the glob pattern."
2458: (let ((action (cond
2459: ((eq action :action-allow) "allow")
2460: ((eq action :action-warn) "warn")
2461: ((eq action :action-filter) "filter")
2462: ((eq action :action-deny) "deny")
2463: ((eq action :action-panic) "panic")
2464: ((eq action :action-stop) "stop")
2465: ((eq action :action-abort) "abort")
2466: ((eq action :action-kill) "kill")
2467: ((eq action :action-exit) "exit"))))
2468: ; Only proceed if action is not nil
2469: (when action
2470: ; Create the command string
2471: (let ((cmd (format "%s/chroot" action)))
2472: ; Call syd--stat with the command
2473: (syd--stat (syd--rule cmd glob ?+))))))
2474:
2475: (defun syd-chroot-del (action glob)
2476: "Removes the first matching entry from the end of the given actionlist
2477: of chroot sandboxing.
2478: ACTION is a constant representing the sandboxing action.
2479: GLOB is a string representing the glob pattern."
2480: (let ((action (cond
2481: ((eq action :action-allow) "allow")
2482: ((eq action :action-warn) "warn")
2483: ((eq action :action-filter) "filter")
2484: ((eq action :action-deny) "deny")
2485: ((eq action :action-panic) "panic")
2486: ((eq action :action-stop) "stop")
2487: ((eq action :action-abort) "abort")
2488: ((eq action :action-kill) "kill")
2489: ((eq action :action-exit) "exit"))))
2490: ; Only proceed if action is not nil
2491: (when action
2492: ; Create the command string
2493: (let ((cmd (format "%s/chroot" action)))
2494: ; Call syd--stat with the command
2495: (syd--stat (syd--rule cmd glob ?-))))))
2496:
2497: (defun syd-chroot-rem (action glob)
2498: "Removes all matching entries from the given actionlist of chroot sandboxing.
2499: ACTION is a constant representing the sandboxing action.
2500: GLOB is a string representing the glob pattern."
2501: (let ((action (cond
2502: ((eq action :action-allow) "allow")
2503: ((eq action :action-warn) "warn")
2504: ((eq action :action-filter) "filter")
2505: ((eq action :action-deny) "deny")
2506: ((eq action :action-panic) "panic")
2507: ((eq action :action-stop) "stop")
2508: ((eq action :action-abort) "abort")
2509: ((eq action :action-kill) "kill")
2510: ((eq action :action-exit) "exit"))))
2511: ; Only proceed if action is not nil
2512: (when action
2513: ; Create the command string
2514: (let ((cmd (format "%s/chroot" action)))
2515: ; Call syd--stat with the command
2516: (syd--stat (syd--rule cmd glob ?^))))))
2517:
2518: (defun syd-utime-add (action glob)
2519: "Adds to the given actionlist of utime sandboxing.
2520: ACTION is a constant representing the sandboxing action.
2521: GLOB is a string representing the glob pattern."
2522: (let ((action (cond
2523: ((eq action :action-allow) "allow")
2524: ((eq action :action-warn) "warn")
2525: ((eq action :action-filter) "filter")
2526: ((eq action :action-deny) "deny")
2527: ((eq action :action-panic) "panic")
2528: ((eq action :action-stop) "stop")
2529: ((eq action :action-abort) "abort")
2530: ((eq action :action-kill) "kill")
2531: ((eq action :action-exit) "exit"))))
2532: ; Only proceed if action is not nil
2533: (when action
2534: ; Create the command string
2535: (let ((cmd (format "%s/utime" action)))
2536: ; Call syd--stat with the command
2537: (syd--stat (syd--rule cmd glob ?+))))))
2538:
2539: (defun syd-utime-del (action glob)
2540: "Removes the first matching entry from the end of the given actionlist
2541: of utime sandboxing.
2542: ACTION is a constant representing the sandboxing action.
2543: GLOB is a string representing the glob pattern."
2544: (let ((action (cond
2545: ((eq action :action-allow) "allow")
2546: ((eq action :action-warn) "warn")
2547: ((eq action :action-filter) "filter")
2548: ((eq action :action-deny) "deny")
2549: ((eq action :action-panic) "panic")
2550: ((eq action :action-stop) "stop")
2551: ((eq action :action-abort) "abort")
2552: ((eq action :action-kill) "kill")
2553: ((eq action :action-exit) "exit"))))
2554: ; Only proceed if action is not nil
2555: (when action
2556: ; Create the command string
2557: (let ((cmd (format "%s/utime" action)))
2558: ; Call syd--stat with the command
2559: (syd--stat (syd--rule cmd glob ?-))))))
2560:
2561: (defun syd-utime-rem (action glob)
2562: "Removes all matching entries from the given actionlist of utime sandboxing.
2563: ACTION is a constant representing the sandboxing action.
2564: GLOB is a string representing the glob pattern."
2565: (let ((action (cond
2566: ((eq action :action-allow) "allow")
2567: ((eq action :action-warn) "warn")
2568: ((eq action :action-filter) "filter")
2569: ((eq action :action-deny) "deny")
2570: ((eq action :action-panic) "panic")
2571: ((eq action :action-stop) "stop")
2572: ((eq action :action-abort) "abort")
2573: ((eq action :action-kill) "kill")
2574: ((eq action :action-exit) "exit"))))
2575: ; Only proceed if action is not nil
2576: (when action
2577: ; Create the command string
2578: (let ((cmd (format "%s/utime" action)))
2579: ; Call syd--stat with the command
2580: (syd--stat (syd--rule cmd glob ?^))))))
2581:
2582: (defun syd-mkbdev-add (action glob)
2583: "Adds to the given actionlist of mkbdev sandboxing.
2584: ACTION is a constant representing the sandboxing action.
2585: GLOB is a string representing the glob pattern."
2586: (let ((action (cond
2587: ((eq action :action-allow) "allow")
2588: ((eq action :action-warn) "warn")
2589: ((eq action :action-filter) "filter")
2590: ((eq action :action-deny) "deny")
2591: ((eq action :action-panic) "panic")
2592: ((eq action :action-stop) "stop")
2593: ((eq action :action-abort) "abort")
2594: ((eq action :action-kill) "kill")
2595: ((eq action :action-exit) "exit"))))
2596: ; Only proceed if action is not nil
2597: (when action
2598: ; Create the command string
2599: (let ((cmd (format "%s/mkbdev" action)))
2600: ; Call syd--stat with the command
2601: (syd--stat (syd--rule cmd glob ?+))))))
2602:
2603: (defun syd-mkbdev-del (action glob)
2604: "Removes the first matching entry from the end of the given actionlist
2605: of mkbdev sandboxing.
2606: ACTION is a constant representing the sandboxing action.
2607: GLOB is a string representing the glob pattern."
2608: (let ((action (cond
2609: ((eq action :action-allow) "allow")
2610: ((eq action :action-warn) "warn")
2611: ((eq action :action-filter) "filter")
2612: ((eq action :action-deny) "deny")
2613: ((eq action :action-panic) "panic")
2614: ((eq action :action-stop) "stop")
2615: ((eq action :action-abort) "abort")
2616: ((eq action :action-kill) "kill")
2617: ((eq action :action-exit) "exit"))))
2618: ; Only proceed if action is not nil
2619: (when action
2620: ; Create the command string
2621: (let ((cmd (format "%s/mkbdev" action)))
2622: ; Call syd--stat with the command
2623: (syd--stat (syd--rule cmd glob ?-))))))
2624:
2625: (defun syd-mkbdev-rem (action glob)
2626: "Removes all matching entries from the given actionlist of mkbdev sandboxing.
2627: ACTION is a constant representing the sandboxing action.
2628: GLOB is a string representing the glob pattern."
2629: (let ((action (cond
2630: ((eq action :action-allow) "allow")
2631: ((eq action :action-warn) "warn")
2632: ((eq action :action-filter) "filter")
2633: ((eq action :action-deny) "deny")
2634: ((eq action :action-panic) "panic")
2635: ((eq action :action-stop) "stop")
2636: ((eq action :action-abort) "abort")
2637: ((eq action :action-kill) "kill")
2638: ((eq action :action-exit) "exit"))))
2639: ; Only proceed if action is not nil
2640: (when action
2641: ; Create the command string
2642: (let ((cmd (format "%s/mkbdev" action)))
2643: ; Call syd--stat with the command
2644: (syd--stat (syd--rule cmd glob ?^))))))
2645:
2646: (defun syd-mkcdev-add (action glob)
2647: "Adds to the given actionlist of mkcdev sandboxing.
2648: ACTION is a constant representing the sandboxing action.
2649: GLOB is a string representing the glob pattern."
2650: (let ((action (cond
2651: ((eq action :action-allow) "allow")
2652: ((eq action :action-warn) "warn")
2653: ((eq action :action-filter) "filter")
2654: ((eq action :action-deny) "deny")
2655: ((eq action :action-panic) "panic")
2656: ((eq action :action-stop) "stop")
2657: ((eq action :action-abort) "abort")
2658: ((eq action :action-kill) "kill")
2659: ((eq action :action-exit) "exit"))))
2660: ; Only proceed if action is not nil
2661: (when action
2662: ; Create the command string
2663: (let ((cmd (format "%s/mkcdev" action)))
2664: ; Call syd--stat with the command
2665: (syd--stat (syd--rule cmd glob ?+))))))
2666:
2667: (defun syd-mkcdev-del (action glob)
2668: "Removes the first matching entry from the end of the given actionlist
2669: of mkcdev sandboxing.
2670: ACTION is a constant representing the sandboxing action.
2671: GLOB is a string representing the glob pattern."
2672: (let ((action (cond
2673: ((eq action :action-allow) "allow")
2674: ((eq action :action-warn) "warn")
2675: ((eq action :action-filter) "filter")
2676: ((eq action :action-deny) "deny")
2677: ((eq action :action-panic) "panic")
2678: ((eq action :action-stop) "stop")
2679: ((eq action :action-abort) "abort")
2680: ((eq action :action-kill) "kill")
2681: ((eq action :action-exit) "exit"))))
2682: ; Only proceed if action is not nil
2683: (when action
2684: ; Create the command string
2685: (let ((cmd (format "%s/mkcdev" action)))
2686: ; Call syd--stat with the command
2687: (syd--stat (syd--rule cmd glob ?-))))))
2688:
2689: (defun syd-mkcdev-rem (action glob)
2690: "Removes all matching entries from the given actionlist of mkcdev sandboxing.
2691: ACTION is a constant representing the sandboxing action.
2692: GLOB is a string representing the glob pattern."
2693: (let ((action (cond
2694: ((eq action :action-allow) "allow")
2695: ((eq action :action-warn) "warn")
2696: ((eq action :action-filter) "filter")
2697: ((eq action :action-deny) "deny")
2698: ((eq action :action-panic) "panic")
2699: ((eq action :action-stop) "stop")
2700: ((eq action :action-abort) "abort")
2701: ((eq action :action-kill) "kill")
2702: ((eq action :action-exit) "exit"))))
2703: ; Only proceed if action is not nil
2704: (when action
2705: ; Create the command string
2706: (let ((cmd (format "%s/mkcdev" action)))
2707: ; Call syd--stat with the command
2708: (syd--stat (syd--rule cmd glob ?^))))))
2709:
2710: (defun syd-mkfifo-add (action glob)
2711: "Adds to the given actionlist of mkfifo sandboxing.
2712: ACTION is a constant representing the sandboxing action.
2713: GLOB is a string representing the glob pattern."
2714: (let ((action (cond
2715: ((eq action :action-allow) "allow")
2716: ((eq action :action-warn) "warn")
2717: ((eq action :action-filter) "filter")
2718: ((eq action :action-deny) "deny")
2719: ((eq action :action-panic) "panic")
2720: ((eq action :action-stop) "stop")
2721: ((eq action :action-abort) "abort")
2722: ((eq action :action-kill) "kill")
2723: ((eq action :action-exit) "exit"))))
2724: ; Only proceed if action is not nil
2725: (when action
2726: ; Create the command string
2727: (let ((cmd (format "%s/mkfifo" action)))
2728: ; Call syd--stat with the command
2729: (syd--stat (syd--rule cmd glob ?+))))))
2730:
2731: (defun syd-mkfifo-del (action glob)
2732: "Removes the first matching entry from the end of the given actionlist
2733: of mkfifo sandboxing.
2734: ACTION is a constant representing the sandboxing action.
2735: GLOB is a string representing the glob pattern."
2736: (let ((action (cond
2737: ((eq action :action-allow) "allow")
2738: ((eq action :action-warn) "warn")
2739: ((eq action :action-filter) "filter")
2740: ((eq action :action-deny) "deny")
2741: ((eq action :action-panic) "panic")
2742: ((eq action :action-stop) "stop")
2743: ((eq action :action-abort) "abort")
2744: ((eq action :action-kill) "kill")
2745: ((eq action :action-exit) "exit"))))
2746: ; Only proceed if action is not nil
2747: (when action
2748: ; Create the command string
2749: (let ((cmd (format "%s/mkfifo" action)))
2750: ; Call syd--stat with the command
2751: (syd--stat (syd--rule cmd glob ?-))))))
2752:
2753: (defun syd-mkfifo-rem (action glob)
2754: "Removes all matching entries from the given actionlist of mkfifo sandboxing.
2755: ACTION is a constant representing the sandboxing action.
2756: GLOB is a string representing the glob pattern."
2757: (let ((action (cond
2758: ((eq action :action-allow) "allow")
2759: ((eq action :action-warn) "warn")
2760: ((eq action :action-filter) "filter")
2761: ((eq action :action-deny) "deny")
2762: ((eq action :action-panic) "panic")
2763: ((eq action :action-stop) "stop")
2764: ((eq action :action-abort) "abort")
2765: ((eq action :action-kill) "kill")
2766: ((eq action :action-exit) "exit"))))
2767: ; Only proceed if action is not nil
2768: (when action
2769: ; Create the command string
2770: (let ((cmd (format "%s/mkfifo" action)))
2771: ; Call syd--stat with the command
2772: (syd--stat (syd--rule cmd glob ?^))))))
2773:
2774: (defun syd-mktemp-add (action glob)
2775: "Adds to the given actionlist of mktemp sandboxing.
2776: ACTION is a constant representing the sandboxing action.
2777: GLOB is a string representing the glob pattern."
2778: (let ((action (cond
2779: ((eq action :action-allow) "allow")
2780: ((eq action :action-warn) "warn")
2781: ((eq action :action-filter) "filter")
2782: ((eq action :action-deny) "deny")
2783: ((eq action :action-panic) "panic")
2784: ((eq action :action-stop) "stop")
2785: ((eq action :action-abort) "abort")
2786: ((eq action :action-kill) "kill")
2787: ((eq action :action-exit) "exit"))))
2788: ; Only proceed if action is not nil
2789: (when action
2790: ; Create the command string
2791: (let ((cmd (format "%s/mktemp" action)))
2792: ; Call syd--stat with the command
2793: (syd--stat (syd--rule cmd glob ?+))))))
2794:
2795: (defun syd-mktemp-del (action glob)
2796: "Removes the first matching entry from the end of the given actionlist
2797: of mktemp sandboxing.
2798: ACTION is a constant representing the sandboxing action.
2799: GLOB is a string representing the glob pattern."
2800: (let ((action (cond
2801: ((eq action :action-allow) "allow")
2802: ((eq action :action-warn) "warn")
2803: ((eq action :action-filter) "filter")
2804: ((eq action :action-deny) "deny")
2805: ((eq action :action-panic) "panic")
2806: ((eq action :action-stop) "stop")
2807: ((eq action :action-abort) "abort")
2808: ((eq action :action-kill) "kill")
2809: ((eq action :action-exit) "exit"))))
2810: ; Only proceed if action is not nil
2811: (when action
2812: ; Create the command string
2813: (let ((cmd (format "%s/mktemp" action)))
2814: ; Call syd--stat with the command
2815: (syd--stat (syd--rule cmd glob ?-))))))
2816:
2817: (defun syd-mktemp-rem (action glob)
2818: "Removes all matching entries from the given actionlist of mktemp sandboxing.
2819: ACTION is a constant representing the sandboxing action.
2820: GLOB is a string representing the glob pattern."
2821: (let ((action (cond
2822: ((eq action :action-allow) "allow")
2823: ((eq action :action-warn) "warn")
2824: ((eq action :action-filter) "filter")
2825: ((eq action :action-deny) "deny")
2826: ((eq action :action-panic) "panic")
2827: ((eq action :action-stop) "stop")
2828: ((eq action :action-abort) "abort")
2829: ((eq action :action-kill) "kill")
2830: ((eq action :action-exit) "exit"))))
2831: ; Only proceed if action is not nil
2832: (when action
2833: ; Create the command string
2834: (let ((cmd (format "%s/mktemp" action)))
2835: ; Call syd--stat with the command
2836: (syd--stat (syd--rule cmd glob ?^))))))
2837:
2838: (defun syd-net-bind-add (action addr)
2839: "Adds to the given actionlist of net/bind sandboxing.
2840: ACTION is a constant representing the sandboxing action.
2841: ADDR is a string representing the address pattern."
2842: (let ((action (cond
2843: ((eq action :action-allow) "allow")
2844: ((eq action :action-warn) "warn")
2845: ((eq action :action-filter) "filter")
2846: ((eq action :action-deny) "deny")
2847: ((eq action :action-panic) "panic")
2848: ((eq action :action-stop) "stop")
2849: ((eq action :action-abort) "abort")
2850: ((eq action :action-kill) "kill")
2851: ((eq action :action-exit) "exit"))))
2852: ; Only proceed if action is not nil
2853: (when action
2854: ; Create the command string
2855: (let ((cmd (format "%s/net/bind" action)))
2856: ; Call syd--stat with the command
2857: (syd--stat (syd--rule cmd addr ?+))))))
2858:
2859: (defun syd-net-bind-del (action addr)
2860: "Removes the first matching entry from the end of the given actionlist
2861: of net/bind sandboxing.
2862: ACTION is a constant representing the sandboxing action.
2863: ADDR is a string representing the address pattern."
2864: (let ((action (cond
2865: ((eq action :action-allow) "allow")
2866: ((eq action :action-warn) "warn")
2867: ((eq action :action-filter) "filter")
2868: ((eq action :action-deny) "deny")
2869: ((eq action :action-panic) "panic")
2870: ((eq action :action-stop) "stop")
2871: ((eq action :action-abort) "abort")
2872: ((eq action :action-kill) "kill")
2873: ((eq action :action-exit) "exit"))))
2874: ; Only proceed if action is not nil
2875: (when action
2876: ; Create the command string
2877: (let ((cmd (format "%s/net/bind" action)))
2878: ; Call syd--stat with the command
2879: (syd--stat (syd--rule cmd addr ?-))))))
2880:
2881: (defun syd-net-bind-rem (action addr)
2882: "Removes all matching entries from the given actionlist of net/bind sandboxing.
2883: ACTION is a constant representing the sandboxing action.
2884: ADDR is a string representing the address pattern."
2885: (let ((action (cond
2886: ((eq action :action-allow) "allow")
2887: ((eq action :action-warn) "warn")
2888: ((eq action :action-filter) "filter")
2889: ((eq action :action-deny) "deny")
2890: ((eq action :action-panic) "panic")
2891: ((eq action :action-stop) "stop")
2892: ((eq action :action-abort) "abort")
2893: ((eq action :action-kill) "kill")
2894: ((eq action :action-exit) "exit"))))
2895: ; Only proceed if action is not nil
2896: (when action
2897: ; Create the command string
2898: (let ((cmd (format "%s/net/bind" action)))
2899: ; Call syd--stat with the command
2900: (syd--stat (syd--rule cmd addr ?^))))))
2901:
2902: (defun syd-net-connect-add (action addr)
2903: "Adds to the given actionlist of net/connect sandboxing.
2904: ACTION is a constant representing the sandboxing action.
2905: ADDR is a string representing the address pattern."
2906: (let ((action (cond
2907: ((eq action :action-allow) "allow")
2908: ((eq action :action-warn) "warn")
2909: ((eq action :action-filter) "filter")
2910: ((eq action :action-deny) "deny")
2911: ((eq action :action-panic) "panic")
2912: ((eq action :action-stop) "stop")
2913: ((eq action :action-abort) "abort")
2914: ((eq action :action-kill) "kill")
2915: ((eq action :action-exit) "exit"))))
2916: ; Only proceed if action is not nil
2917: (when action
2918: ; Create the command string
2919: (let ((cmd (format "%s/net/connect" action)))
2920: ; Call syd--stat with the command
2921: (syd--stat (syd--rule cmd addr ?+))))))
2922:
2923: (defun syd-net-connect-del (action addr)
2924: "Removes the first matching entry from the end of the given actionlist
2925: of net/connect sandboxing.
2926: ACTION is a constant representing the sandboxing action.
2927: ADDR is a string representing the address pattern."
2928: (let ((action (cond
2929: ((eq action :action-allow) "allow")
2930: ((eq action :action-warn) "warn")
2931: ((eq action :action-filter) "filter")
2932: ((eq action :action-deny) "deny")
2933: ((eq action :action-panic) "panic")
2934: ((eq action :action-stop) "stop")
2935: ((eq action :action-abort) "abort")
2936: ((eq action :action-kill) "kill")
2937: ((eq action :action-exit) "exit"))))
2938: ; Only proceed if action is not nil
2939: (when action
2940: ; Create the command string
2941: (let ((cmd (format "%s/net/connect" action)))
2942: ; Call syd--stat with the command
2943: (syd--stat (syd--rule cmd addr ?-))))))
2944:
2945: (defun syd-net-connect-rem (action addr)
2946: "Removes all matching entries from the given actionlist of net/connect
2947: sandboxing.
2948: ACTION is a constant representing the sandboxing action.
2949: ADDR is a string representing the address pattern."
2950: (let ((action (cond
2951: ((eq action :action-allow) "allow")
2952: ((eq action :action-warn) "warn")
2953: ((eq action :action-filter) "filter")
2954: ((eq action :action-deny) "deny")
2955: ((eq action :action-panic) "panic")
2956: ((eq action :action-stop) "stop")
2957: ((eq action :action-abort) "abort")
2958: ((eq action :action-kill) "kill")
2959: ((eq action :action-exit) "exit"))))
2960: ; Only proceed if action is not nil
2961: (when action
2962: ; Create the command string
2963: (let ((cmd (format "%s/net/connect" action)))
2964: ; Call syd--stat with the command
2965: (syd--stat (syd--rule cmd addr ?^))))))
2966:
2967: (defun syd-net-sendfd-add (action addr)
2968: "Adds to the given actionlist of net/sendfd sandboxing.
2969: ACTION is a constant representing the sandboxing action.
2970: ADDR is a string representing the address pattern."
2971: (let ((action (cond
2972: ((eq action :action-allow) "allow")
2973: ((eq action :action-warn) "warn")
2974: ((eq action :action-filter) "filter")
2975: ((eq action :action-deny) "deny")
2976: ((eq action :action-panic) "panic")
2977: ((eq action :action-stop) "stop")
2978: ((eq action :action-abort) "abort")
2979: ((eq action :action-kill) "kill")
2980: ((eq action :action-exit) "exit"))))
2981: ; Only proceed if action is not nil
2982: (when action
2983: ; Create the command string
2984: (let ((cmd (format "%s/net/sendfd" action)))
2985: ; Call syd--stat with the command
2986: (syd--stat (syd--rule cmd addr ?+))))))
2987:
2988: (defun syd-net-sendfd-del (action addr)
2989: "Removes the first matching entry from the end of the given actionlist
2990: of net/sendfd sandboxing.
2991: ACTION is a constant representing the sandboxing action.
2992: ADDR is a string representing the address pattern."
2993: (let ((action (cond
2994: ((eq action :action-allow) "allow")
2995: ((eq action :action-warn) "warn")
2996: ((eq action :action-filter) "filter")
2997: ((eq action :action-deny) "deny")
2998: ((eq action :action-panic) "panic")
2999: ((eq action :action-stop) "stop")
3000: ((eq action :action-abort) "abort")
3001: ((eq action :action-kill) "kill")
3002: ((eq action :action-exit) "exit"))))
3003: ; Only proceed if action is not nil
3004: (when action
3005: ; Create the command string
3006: (let ((cmd (format "%s/net/sendfd" action)))
3007: ; Call syd--stat with the command
3008: (syd--stat (syd--rule cmd addr ?-))))))
3009:
3010: (defun syd-net-sendfd-rem (action addr)
3011: "Removes all matching entries from the given actionlist of net/sendfd sandboxing.
3012: ACTION is a constant representing the sandboxing action.
3013: ADDR is a string representing the address pattern."
3014: (let ((action (cond
3015: ((eq action :action-allow) "allow")
3016: ((eq action :action-warn) "warn")
3017: ((eq action :action-filter) "filter")
3018: ((eq action :action-deny) "deny")
3019: ((eq action :action-panic) "panic")
3020: ((eq action :action-stop) "stop")
3021: ((eq action :action-abort) "abort")
3022: ((eq action :action-kill) "kill")
3023: ((eq action :action-exit) "exit"))))
3024: ; Only proceed if action is not nil
3025: (when action
3026: ; Create the command string
3027: (let ((cmd (format "%s/net/sendfd" action)))
3028: ; Call syd--stat with the command
3029: (syd--stat (syd--rule cmd addr ?^))))))
3030:
3031: (defun syd-net-link-add (action addr)
3032: "Adds to the given actionlist of net/link sandboxing.
3033: ACTION is a constant representing the sandboxing action.
3034: ADDR is a string representing the address pattern."
3035: (let ((action (cond
3036: ((eq action :action-allow) "allow")
3037: ((eq action :action-warn) "warn")
3038: ((eq action :action-filter) "filter")
3039: ((eq action :action-deny) "deny")
3040: ((eq action :action-panic) "panic")
3041: ((eq action :action-stop) "stop")
3042: ((eq action :action-abort) "abort")
3043: ((eq action :action-kill) "kill")
3044: ((eq action :action-exit) "exit"))))
3045: ; Only proceed if action is not nil
3046: (when action
3047: ; Create the command string
3048: (let ((cmd (format "%s/net/link" action)))
3049: ; Call syd--stat with the command
3050: (syd--stat (syd--rule cmd addr ?+))))))
3051:
3052: (defun syd-net-link-del (action addr)
3053: "Removes the first matching entry from the end of the given actionlist
3054: of net/link sandboxing.
3055: ACTION is a constant representing the sandboxing action.
3056: ADDR is a string representing the address pattern."
3057: (let ((action (cond
3058: ((eq action :action-allow) "allow")
3059: ((eq action :action-warn) "warn")
3060: ((eq action :action-filter) "filter")
3061: ((eq action :action-deny) "deny")
3062: ((eq action :action-panic) "panic")
3063: ((eq action :action-stop) "stop")
3064: ((eq action :action-abort) "abort")
3065: ((eq action :action-kill) "kill")
3066: ((eq action :action-exit) "exit"))))
3067: ; Only proceed if action is not nil
3068: (when action
3069: ; Create the command string
3070: (let ((cmd (format "%s/net/link" action)))
3071: ; Call syd--stat with the command
3072: (syd--stat (syd--rule cmd addr ?-))))))
3073:
3074: (defun syd-net-link-rem (action addr)
3075: "Removes all matching entries from the given actionlist of net/link sandboxing.
3076: ACTION is a constant representing the sandboxing action.
3077: ADDR is a string representing the address pattern."
3078: (let ((action (cond
3079: ((eq action :action-allow) "allow")
3080: ((eq action :action-warn) "warn")
3081: ((eq action :action-filter) "filter")
3082: ((eq action :action-deny) "deny")
3083: ((eq action :action-panic) "panic")
3084: ((eq action :action-stop) "stop")
3085: ((eq action :action-abort) "abort")
3086: ((eq action :action-kill) "kill")
3087: ((eq action :action-exit) "exit"))))
3088: ; Only proceed if action is not nil
3089: (when action
3090: ; Create the command string
3091: (let ((cmd (format "%s/net/link" action)))
3092: ; Call syd--stat with the command
3093: (syd--stat (syd--rule cmd addr ?^))))))
3094:
3095: (defun syd-force-add (path hash action)
3096: "Adds an entry to the Integrity Force map for Force Sandboxing.
3097: PATH is a fully-qualified file name.
3098: HASH is a hexadecimal encoded checksum.
3099: ACTION is one of :action-warn, :action-filter, :action-deny, :action-panic, :action-stop, :action-abort, :action-kill, or :action-exit."
3100: (let ((action (cond ((eq action :action-warn) "warn")
3101: ((eq action :action-filter) "filter")
3102: ((eq action :action-deny) "deny")
3103: ((eq action :action-deny) "panic")
3104: ((eq action :action-stop) "stop")
3105: ((eq action :action-abort) "abort")
3106: ((eq action :action-kill) "kill")
3107: ((eq action :action-kill) "exit"))))
3108: ; Only proceed if action is not nil
3109: (when action
3110: ; Create the command string
3111: (let ((cmd (format "/dev/syd/force+%s:%s:%s" path hash action)))
3112: ; Call syd--stat with the command
3113: (syd--stat cmd)))))
3114:
3115: (defun syd-force-del (path)
3116: "Removes an entry from the Integrity Force map for Force Sandboxing.
3117: PATH is a fully-qualified file name."
3118: ; Create the command string
3119: (let ((cmd (format "/dev/syd/force-%s" path)))
3120: ; Call syd--stat with the command
3121: (syd--stat cmd)))
3122:
3123: (defun syd-force-clr ()
3124: "Clears the Integrity Force map for Force Sandboxing."
3125: (syd--stat "/dev/syd/force^"))
3126:
3127: (defun syd-mem-max (size)
3128: "Set syd maximum per-process memory usage limit.
3129: SIZE can be an integer or a string representing the memory limit."
3130: (let ((size-str (cond ((integerp size) (number-to-string size))
3131: ((stringp size) size)
3132: (t (error "Size must be an integer or a string")))))
3133: (syd--stat (syd--rule "mem/max" size-str ?:))))
3134:
3135: (defun syd-mem-vm-max (size)
3136: "Set syd maximum per-process virtual memory usage limit.
3137: SIZE can be an integer or a string representing the memory limit."
3138: (let ((size-str (cond ((integerp size) (number-to-string size))
3139: ((stringp size) size)
3140: (t (error "Size must be an integer or a string")))))
3141: (syd--stat (syd--rule "mem/vm_max" size-str ?:))))
3142:
3143: (defun syd-pid-max (size)
3144: "Set syd maximum process ID limit for PID sandboxing.
3145: SIZE is a number representing the PID limit."
3146: (unless (numberp size)
3147: (error "Size must be a number"))
3148: (let ((path (format "/dev/syd/pid/max:%d" size)))
3149: (syd--stat path)))
3150:
3151: (defun syd-segvguard-expiry (timeout)
3152: "Specify SegvGuard entry expiry timeout in seconds.
3153: Setting this timeout to 0 effectively disables SegvGuard.
3154: TIMEOUT is a number representing the timeout in seconds."
3155: (unless (numberp timeout)
3156: (error "Timeout must be a number"))
3157: (let ((path (format "/dev/syd/segvguard/expiry:%d" timeout)))
3158: (syd--stat path)))
3159:
3160: (defun syd-segvguard-suspension (timeout)
3161: "Specify SegvGuard entry suspension timeout in seconds.
3162: TIMEOUT is a number representing the timeout in seconds."
3163: (unless (numberp timeout)
3164: (error "Timeout must be a number"))
3165: (let ((path (format "/dev/syd/segvguard/suspension:%d" timeout)))
3166: (syd--stat path)))
3167:
3168: (defun syd-segvguard-maxcrashes (limit)
3169: "Specify SegvGuard max number of crashes before suspension.
3170: LIMIT is a number representing the crash limit."
3171: (unless (numberp limit)
3172: (error "Limit must be a number"))
3173: (let ((path (format "/dev/syd/segvguard/maxcrashes:%d" limit)))
3174: (syd--stat path)))
3175:
3176: (defun syd-exec (file argv)
3177: "Execute a command outside the sandbox without sandboxing.
3178: FILE is the file path of the command as a string.
3179: ARGV is a list of strings representing the arguments to the command."
3180: (unless (stringp file)
3181: (error "File must be a string"))
3182: (let ((all-strings t))
3183: (dolist (arg argv)
3184: (unless (stringp arg)
3185: (setq all-strings nil)))
3186: (unless all-strings
3187: (error "All elements in ARGV must be strings")))
3188:
3189: (let ((cmd (mapconcat 'identity (cons file argv) "\x1F")))
3190: (syd--stat (concat "/dev/syd/cmd/exec!" cmd))))
3191:
3192: (defun syd--rule (rule elem op)
3193: "Helper function to construct a path for syd operations.
3194: RULE is a string representing the rule.
3195: ELEM is a string representing the element.
3196: OP is a character representing the operation."
3197: (unless (member op '(?+ ?- ?^ ?:))
3198: (error "Invalid operation"))
3199: (when (string-empty-p elem)
3200: (error "Element cannot be empty"))
3201: (concat "/dev/syd/" rule (char-to-string op) elem))
3202:
3203: (defun syd--stat (path)
3204: "Check if the file at PATH exists using `file-modes'."
3205: (condition-case nil
3206: (not (null (file-modes path)))
3207: (error nil))) ; On error, return nil
3208:
3209: (provide 'syd)
3210: ; syd.el ends here
3211:
16/12/2025 19:01:53, src/syd.el, Ali Polatel