1: ; -*- lexical-binding: t -*-
2: ;
3: ; syd.el --- Emacs Lisp implementation of the virtual Syd stat(2) interface
4: ;
5: ; Syd: rock-solid application kernel
6: ; src/syd.el: Emacs Lisp implementation of the virtual Syd stat(2) interface
7: ;
8: ; Copyright (c) 2023, 2024, 2025, 2026 Ali Polatel <alip@chesswob.org>
9: ;
10: ; SPDX-License-Identifier: GPL-3.0
11:
12: ; Define lock states as keywords
13: (defconst syd-lock-off :lock-off
14: "The sandbox lock is off, allowing all sandbox commands.")
15:
16: (defconst syd-lock-exec :lock-exec
17: "The sandbox lock is set to on for all processes except the initial process
18: \(syd exec child). This is the default state.")
19:
20: (defconst syd-lock-drop :lock-drop
21: "The sandbox lock is in drop-only mode, allowing only privilege-dropping
22: sandbox commands.")
23:
24: (defconst syd-lock-read :lock-read
25: "The sandbox lock is in read-only mode, allowing only read-only access
26: to sandbox state.")
27:
28: (defconst syd-lock-on :lock-on
29: "The sandbox lock is on, disallowing all sandbox commands.")
30:
31: ; Define sandbox actions as keywords
32: (defconst syd-action-allow :action-allow
33: "Allow system call.")
34:
35: (defconst syd-action-warn :action-warn
36: "Allow system call and warn.")
37:
38: (defconst syd-action-filter :action-filter
39: "Deny system call silently.")
40:
41: (defconst syd-action-deny :action-deny
42: "Deny system call and warn.")
43:
44: (defconst syd-action-panic :action-panic
45: "Deny system call, warn and panic the current Syd thread.")
46:
47: (defconst syd-action-stop :action-stop
48: "Deny system call, warn and stop offending process.")
49:
50: (defconst syd-action-abort :action-abort
51: "Deny system call, warn and abort offending process.")
52:
53: (defconst syd-action-kill :action-kill
54: "Deny system call, warn and kill offending process.")
55:
56: (defconst syd-action-exit :action-exit
57: "Warn, and exit Syd immediately with deny errno as exit value.")
58:
59: (defun syd-info ()
60: "Reads the state of the syd sandbox from /dev/syd and returns it as an alist.
61: If the `json' module is not available, returns nil."
62: (if (require 'json nil t)
63: (condition-case nil
64: (with-temp-buffer
65: (insert-file-contents "/dev/syd")
66: (with-no-warnings
67: (let ((json-object-type 'alist)
68: (json-array-type 'list)
69: (json-key-type 'symbol)
70: (json-false nil)
71: (json-null nil))
72: (json-read))))
73: (file-error
74: (message "Error reading /dev/syd.")
75: nil)
76: (json-error
77: (message "JSON decoding error.")
78: nil))
79: (progn
80: (message "JSON module not available.")
81: nil)))
82:
83: (defun syd-api ()
84: "Performs a syd API check."
85: (if (syd--stat "/dev/syd/3")
86: 3 ; API number on success
87: nil)) ; On error, return nil
88:
89: (defun syd-check ()
90: "Check if '/dev/syd' is a character device."
91: (syd--stat "/dev/syd"))
92:
93: (defun syd-panic ()
94: "Causes syd to exit immediately with code 127"
95: (syd--stat "/dev/syd/panic"))
96:
97: (defun syd-reset ()
98: "Causes syd to reset sandboxing to the default state."
99: (syd--stat "/dev/syd/reset"))
100:
101: (defun syd-load (fd)
102: "Causes syd to read configuration from the given file descriptor FD."
103: (let ((path (concat "/dev/syd/load/" (number-to-string fd))))
104: (syd--stat path)))
105:
106: (defun syd-lock (state)
107: "Sets the state of the sandbox lock.
108: STATE is one of the keywords :lock-off, :lock-exec, :lock-drop, :lock-read, or :lock-on.
109: Returns t on success, nil on failure."
110: (cond
111: ((eq state syd-lock-off) (syd--stat "/dev/syd/lock:off"))
112: ((eq state syd-lock-exec) (syd--stat "/dev/syd/lock:exec"))
113: ((eq state syd-lock-drop) (syd--stat "/dev/syd/lock:drop"))
114: ((eq state syd-lock-read) (syd--stat "/dev/syd/lock:read"))
115: ((eq state syd-lock-on) (syd--stat "/dev/syd/lock:on"))
116: (t nil))) ; Invalid state
117:
118: (defun syd-enabled-fs ()
119: "Checks if Filesystem sandboxing is enabled."
120: (syd--stat "/dev/syd/sandbox/fs?"))
121:
122: (defun syd-enable-fs ()
123: "Enable Filesystem sandboxing."
124: (syd--stat "/dev/syd/sandbox/fs:on"))
125:
126: (defun syd-disable-fs ()
127: "Disable Filesystem sandboxing."
128: (syd--stat "/dev/syd/sandbox/fs:off"))
129:
130: (defun syd-enabled-walk ()
131: "Checks if Walk sandboxing is enabled."
132: (syd--stat "/dev/syd/sandbox/walk?"))
133:
134: (defun syd-enable-walk ()
135: "Enable Walk sandboxing."
136: (syd--stat "/dev/syd/sandbox/walk:on"))
137:
138: (defun syd-disable-walk ()
139: "Disable Walk sandboxing."
140: (syd--stat "/dev/syd/sandbox/walk:off"))
141:
142: (defun syd-enabled-stat ()
143: "Checks if Stat sandboxing is enabled."
144: (syd--stat "/dev/syd/sandbox/stat?"))
145:
146: (defun syd-enable-stat ()
147: "Enable Stat sandboxing."
148: (syd--stat "/dev/syd/sandbox/stat:on"))
149:
150: (defun syd-disable-stat ()
151: "Disable Stat sandboxing."
152: (syd--stat "/dev/syd/sandbox/stat:off"))
153:
154: (defun syd-enabled-read ()
155: "Checks if Read sandboxing is enabled."
156: (syd--stat "/dev/syd/sandbox/read?"))
157:
158: (defun syd-enable-read ()
159: "Enable Read sandboxing."
160: (syd--stat "/dev/syd/sandbox/read:on"))
161:
162: (defun syd-disable-read ()
163: "Disable Read sandboxing."
164: (syd--stat "/dev/syd/sandbox/read:off"))
165:
166: (defun syd-enabled-write ()
167: "Checks if Write sandboxing is enabled."
168: (syd--stat "/dev/syd/sandbox/write?"))
169:
170: (defun syd-enable-write ()
171: "Enable Write sandboxing."
172: (syd--stat "/dev/syd/sandbox/write:on"))
173:
174: (defun syd-disable-write ()
175: "Disable Write sandboxing."
176: (syd--stat "/dev/syd/sandbox/write:off"))
177:
178: (defun syd-enabled-exec ()
179: "Checks if Exec sandboxing is enabled."
180: (syd--stat "/dev/syd/sandbox/exec?"))
181:
182: (defun syd-enable-exec ()
183: "Enable Exec sandboxing."
184: (syd--stat "/dev/syd/sandbox/exec:on"))
185:
186: (defun syd-disable-exec ()
187: "Disable Exec sandboxing."
188: (syd--stat "/dev/syd/sandbox/exec:off"))
189:
190: (defun syd-enabled-ioctl ()
191: "Checks if Ioctl sandboxing is enabled."
192: (syd--stat "/dev/syd/sandbox/ioctl?"))
193:
194: (defun syd-enable-ioctl ()
195: "Enable Ioctl sandboxing."
196: (syd--stat "/dev/syd/sandbox/ioctl:on"))
197:
198: (defun syd-disable-ioctl ()
199: "Disable Ioctl sandboxing."
200: (syd--stat "/dev/syd/sandbox/ioctl:off"))
201:
202: (defun syd-enabled-create ()
203: "Checks if create sandboxing is enabled."
204: (syd--stat "/dev/syd/sandbox/create?"))
205:
206: (defun syd-enable-create ()
207: "Enable create sandboxing."
208: (syd--stat "/dev/syd/sandbox/create:on"))
209:
210: (defun syd-disable-create ()
211: "Disable create sandboxing."
212: (syd--stat "/dev/syd/sandbox/create:off"))
213:
214: (defun syd-enabled-delete ()
215: "Checks if delete sandboxing is enabled."
216: (syd--stat "/dev/syd/sandbox/delete?"))
217:
218: (defun syd-enable-delete ()
219: "Enable delete sandboxing."
220: (syd--stat "/dev/syd/sandbox/delete:on"))
221:
222: (defun syd-disable-delete ()
223: "Disable delete sandboxing."
224: (syd--stat "/dev/syd/sandbox/delete:off"))
225:
226: (defun syd-enabled-rename ()
227: "Checks if rename sandboxing is enabled."
228: (syd--stat "/dev/syd/sandbox/rename?"))
229:
230: (defun syd-enable-rename ()
231: "Enable rename sandboxing."
232: (syd--stat "/dev/syd/sandbox/rename:on"))
233:
234: (defun syd-disable-rename ()
235: "Disable rename sandboxing."
236: (syd--stat "/dev/syd/sandbox/rename:off"))
237:
238: (defun syd-enabled-symlink ()
239: "Checks if symlink sandboxing is enabled."
240: (syd--stat "/dev/syd/sandbox/symlink?"))
241:
242: (defun syd-enable-symlink ()
243: "Enable symlink sandboxing."
244: (syd--stat "/dev/syd/sandbox/symlink:on"))
245:
246: (defun syd-disable-symlink ()
247: "Disable symlink sandboxing."
248: (syd--stat "/dev/syd/sandbox/symlink:off"))
249:
250: (defun syd-enabled-truncate ()
251: "Checks if Truncate sandboxing is enabled."
252: (syd--stat "/dev/syd/sandbox/truncate?"))
253:
254: (defun syd-enable-truncate ()
255: "Enable Truncate sandboxing."
256: (syd--stat "/dev/syd/sandbox/truncate:on"))
257:
258: (defun syd-disable-truncate ()
259: "Disable Truncate sandboxing."
260: (syd--stat "/dev/syd/sandbox/truncate:off"))
261:
262: (defun syd-enabled-chdir ()
263: "Checks if chdir sandboxing is enabled."
264: (syd--stat "/dev/syd/sandbox/chdir?"))
265:
266: (defun syd-enable-chdir ()
267: "Enable chdir sandboxing."
268: (syd--stat "/dev/syd/sandbox/chdir:on"))
269:
270: (defun syd-disable-chdir ()
271: "Disable chdir sandboxing."
272: (syd--stat "/dev/syd/sandbox/chdir:off"))
273:
274: (defun syd-enabled-readdir ()
275: "Checks if readdir sandboxing is enabled."
276: (syd--stat "/dev/syd/sandbox/readdir?"))
277:
278: (defun syd-enable-readdir ()
279: "Enable readdir sandboxing."
280: (syd--stat "/dev/syd/sandbox/readdir:on"))
281:
282: (defun syd-disable-readdir ()
283: "Disable readdir sandboxing."
284: (syd--stat "/dev/syd/sandbox/readdir:off"))
285:
286: (defun syd-enabled-mkdir ()
287: "Checks if mkdir sandboxing is enabled."
288: (syd--stat "/dev/syd/sandbox/mkdir?"))
289:
290: (defun syd-enable-mkdir ()
291: "Enable mkdir sandboxing."
292: (syd--stat "/dev/syd/sandbox/mkdir:on"))
293:
294: (defun syd-disable-mkdir ()
295: "Disable mkdir sandboxing."
296: (syd--stat "/dev/syd/sandbox/mkdir:off"))
297:
298: (defun syd-enabled-rmdir ()
299: "Checks if rmdir sandboxing is enabled."
300: (syd--stat "/dev/syd/sandbox/rmdir?"))
301:
302: (defun syd-enable-rmdir ()
303: "Enable rmdir sandboxing."
304: (syd--stat "/dev/syd/sandbox/rmdir:on"))
305:
306: (defun syd-disable-rmdir ()
307: "Disable rmdir sandboxing."
308: (syd--stat "/dev/syd/sandbox/rmdir:off"))
309:
310: (defun syd-enabled-chown ()
311: "Checks if chown sandboxing is enabled."
312: (syd--stat "/dev/syd/sandbox/chown?"))
313:
314: (defun syd-enable-chown ()
315: "Enable chown sandboxing."
316: (syd--stat "/dev/syd/sandbox/chown:on"))
317:
318: (defun syd-disable-chown ()
319: "Disable chown sandboxing."
320: (syd--stat "/dev/syd/sandbox/chown:off"))
321:
322: (defun syd-enabled-chgrp ()
323: "Checks if chgrp sandboxing is enabled."
324: (syd--stat "/dev/syd/sandbox/chgrp?"))
325:
326: (defun syd-enable-chgrp ()
327: "Enable chgrp sandboxing."
328: (syd--stat "/dev/syd/sandbox/chgrp:on"))
329:
330: (defun syd-disable-chgrp ()
331: "Disable chgrp sandboxing."
332: (syd--stat "/dev/syd/sandbox/chgrp:off"))
333:
334: (defun syd-enabled-chmod ()
335: "Checks if chmod sandboxing is enabled."
336: (syd--stat "/dev/syd/sandbox/chmod?"))
337:
338: (defun syd-enable-chmod ()
339: "Enable chmod sandboxing."
340: (syd--stat "/dev/syd/sandbox/chmod:on"))
341:
342: (defun syd-disable-chmod ()
343: "Disable chmod sandboxing."
344: (syd--stat "/dev/syd/sandbox/chmod:off"))
345:
346: (defun syd-enabled-chattr ()
347: "Checks if chattr sandboxing is enabled."
348: (syd--stat "/dev/syd/sandbox/chattr?"))
349:
350: (defun syd-enable-chattr ()
351: "Enable chattr sandboxing."
352: (syd--stat "/dev/syd/sandbox/chattr:on"))
353:
354: (defun syd-disable-chattr ()
355: "Disable chattr sandboxing."
356: (syd--stat "/dev/syd/sandbox/chattr:off"))
357:
358: (defun syd-enabled-chroot ()
359: "Checks if chroot sandboxing is enabled."
360: (syd--stat "/dev/syd/sandbox/chroot?"))
361:
362: (defun syd-enable-chroot ()
363: "Enable chroot sandboxing."
364: (syd--stat "/dev/syd/sandbox/chroot:on"))
365:
366: (defun syd-disable-chroot ()
367: "Disable chroot sandboxing."
368: (syd--stat "/dev/syd/sandbox/chroot:off"))
369:
370: (defun syd-enabled-utime ()
371: "Checks if utime sandboxing is enabled."
372: (syd--stat "/dev/syd/sandbox/utime?"))
373:
374: (defun syd-enable-utime ()
375: "Enable utime sandboxing."
376: (syd--stat "/dev/syd/sandbox/utime:on"))
377:
378: (defun syd-disable-utime ()
379: "Disable utime sandboxing."
380: (syd--stat "/dev/syd/sandbox/utime:off"))
381:
382: (defun syd-enabled-mkbdev ()
383: "Checks if mkbdev sandboxing is enabled."
384: (syd--stat "/dev/syd/sandbox/mkbdev?"))
385:
386: (defun syd-enable-mkbdev ()
387: "Enable mkbdev sandboxing."
388: (syd--stat "/dev/syd/sandbox/mkbdev:on"))
389:
390: (defun syd-disable-mkbdev ()
391: "Disable mkbdev sandboxing."
392: (syd--stat "/dev/syd/sandbox/mkbdev:off"))
393:
394: (defun syd-enabled-mkcdev ()
395: "Checks if mkcdev sandboxing is enabled."
396: (syd--stat "/dev/syd/sandbox/mkcdev?"))
397:
398: (defun syd-enable-mkcdev ()
399: "Enable mkcdev sandboxing."
400: (syd--stat "/dev/syd/sandbox/mkcdev:on"))
401:
402: (defun syd-disable-mkcdev ()
403: "Disable mkcdev sandboxing."
404: (syd--stat "/dev/syd/sandbox/mkcdev:off"))
405:
406: (defun syd-enabled-mkfifo ()
407: "Checks if mkfifo sandboxing is enabled."
408: (syd--stat "/dev/syd/sandbox/mkfifo?"))
409:
410: (defun syd-enable-mkfifo ()
411: "Enable mkfifo sandboxing."
412: (syd--stat "/dev/syd/sandbox/mkfifo:on"))
413:
414: (defun syd-disable-mkfifo ()
415: "Disable mkfifo sandboxing."
416: (syd--stat "/dev/syd/sandbox/mkfifo:off"))
417:
418: (defun syd-enabled-mktemp ()
419: "Checks if mktemp sandboxing is enabled."
420: (syd--stat "/dev/syd/sandbox/mktemp?"))
421:
422: (defun syd-enable-mktemp ()
423: "Enable mktemp sandboxing."
424: (syd--stat "/dev/syd/sandbox/mktemp:on"))
425:
426: (defun syd-disable-mktemp ()
427: "Disable mktemp sandboxing."
428: (syd--stat "/dev/syd/sandbox/mktemp:off"))
429:
430: (defun syd-enabled-net ()
431: "Checks if Network sandboxing is enabled."
432: (syd--stat "/dev/syd/sandbox/net?"))
433:
434: (defun syd-enable-net ()
435: "Enable Network sandboxing."
436: (syd--stat "/dev/syd/sandbox/net:on"))
437:
438: (defun syd-disable-net ()
439: "Disable Network sandboxing."
440: (syd--stat "/dev/syd/sandbox/net:off"))
441:
442: (defun syd-enabled-lock ()
443: "Checks if lock sandboxing is enabled."
444: (syd--stat "/dev/syd/sandbox/lock?"))
445:
446: (defun syd-enabled-crypt ()
447: "Checks if crypt sandboxing is enabled."
448: (syd--stat "/dev/syd/sandbox/crypt?"))
449:
450: (defun syd-enabled-proxy ()
451: "Checks if proxy sandboxing is enabled."
452: (syd--stat "/dev/syd/sandbox/proxy?"))
453:
454: (defun syd-enabled-mem ()
455: "Checks if memory sandboxing is enabled."
456: (syd--stat "/dev/syd/sandbox/mem?"))
457:
458: (defun syd-enable-mem ()
459: "Enable memory sandboxing."
460: (syd--stat "/dev/syd/sandbox/mem:on"))
461:
462: (defun syd-disable-mem ()
463: "Disable memory sandboxing."
464: (syd--stat "/dev/syd/sandbox/mem:off"))
465:
466: (defun syd-enabled-pid ()
467: "Checks if PID sandboxing is enabled."
468: (syd--stat "/dev/syd/sandbox/pid?"))
469:
470: (defun syd-enable-pid ()
471: "Enable PID sandboxing."
472: (syd--stat "/dev/syd/sandbox/pid:on"))
473:
474: (defun syd-disable-pid ()
475: "Disable PID sandboxing."
476: (syd--stat "/dev/syd/sandbox/pid:off"))
477:
478: (defun syd-enabled-force ()
479: "Checks if force sandboxing is enabled."
480: (syd--stat "/dev/syd/sandbox/force?"))
481:
482: (defun syd-enable-force ()
483: "Enable force sandboxing."
484: (syd--stat "/dev/syd/sandbox/force:on"))
485:
486: (defun syd-disable-force ()
487: "Disable force sandboxing."
488: (syd--stat "/dev/syd/sandbox/force:off"))
489:
490: (defun syd-enabled-tpe ()
491: "Checks if TPE sandboxing is enabled."
492: (syd--stat "/dev/syd/sandbox/tpe?"))
493:
494: (defun syd-enable-tpe ()
495: "Enable TPE sandboxing."
496: (syd--stat "/dev/syd/sandbox/tpe:on"))
497:
498: (defun syd-disable-tpe ()
499: "Disable TPE sandboxing."
500: (syd--stat "/dev/syd/sandbox/tpe:off"))
501:
502: (defun syd-default-fs (action)
503: "Set default action for Filesystem sandboxing.
504: ACTION is a constant representing the sandboxing action."
505: (let ((action (cond
506: ((eq action :action-allow) "allow")
507: ((eq action :action-warn) "warn")
508: ((eq action :action-filter) "filter")
509: ((eq action :action-deny) "deny")
510: ((eq action :action-panic) "panic")
511: ((eq action :action-stop) "stop")
512: ((eq action :action-abort) "abort")
513: ((eq action :action-kill) "kill")
514: ((eq action :action-exit) "exit"))))
515: ; Only proceed if action is not nil
516: (when action
517: (let ((cmd (format "/dev/syd/default/fs:%s" action)))
518: ; Call syd--stat with the command
519: (syd--stat cmd)))))
520:
521: (defun syd-default-walk (action)
522: "Set default action for Walk sandboxing.
523: ACTION is a constant representing the sandboxing action."
524: (let ((action (cond
525: ((eq action :action-allow) "allow")
526: ((eq action :action-warn) "warn")
527: ((eq action :action-filter) "filter")
528: ((eq action :action-deny) "deny")
529: ((eq action :action-panic) "panic")
530: ((eq action :action-stop) "stop")
531: ((eq action :action-abort) "abort")
532: ((eq action :action-kill) "kill")
533: ((eq action :action-exit) "exit"))))
534: ; Only proceed if action is not nil
535: (when action
536: (let ((cmd (format "/dev/syd/default/walk:%s" action)))
537: ; Call syd--stat with the command
538: (syd--stat cmd)))))
539:
540: (defun syd-default-stat (action)
541: "Set default action for Stat sandboxing.
542: ACTION is a constant representing the sandboxing action."
543: (let ((action (cond
544: ((eq action :action-allow) "allow")
545: ((eq action :action-warn) "warn")
546: ((eq action :action-filter) "filter")
547: ((eq action :action-deny) "deny")
548: ((eq action :action-panic) "panic")
549: ((eq action :action-stop) "stop")
550: ((eq action :action-abort) "abort")
551: ((eq action :action-kill) "kill")
552: ((eq action :action-exit) "exit"))))
553: ; Only proceed if action is not nil
554: (when action
555: (let ((cmd (format "/dev/syd/default/stat:%s" action)))
556: ; Call syd--stat with the command
557: (syd--stat cmd)))))
558:
559: (defun syd-default-read (action)
560: "Set default action for Read sandboxing.
561: ACTION is a constant representing the sandboxing action."
562: (let ((action (cond
563: ((eq action :action-allow) "allow")
564: ((eq action :action-warn) "warn")
565: ((eq action :action-filter) "filter")
566: ((eq action :action-deny) "deny")
567: ((eq action :action-panic) "panic")
568: ((eq action :action-stop) "stop")
569: ((eq action :action-abort) "abort")
570: ((eq action :action-kill) "kill")
571: ((eq action :action-exit) "exit"))))
572: ; Only proceed if action is not nil
573: (when action
574: (let ((cmd (format "/dev/syd/default/read:%s" action)))
575: ; Call syd--stat with the command
576: (syd--stat cmd)))))
577:
578: (defun syd-default-write (action)
579: "Set default action for Write sandboxing.
580: ACTION is a constant representing the sandboxing action."
581: (let ((action (cond
582: ((eq action :action-allow) "allow")
583: ((eq action :action-warn) "warn")
584: ((eq action :action-filter) "filter")
585: ((eq action :action-deny) "deny")
586: ((eq action :action-panic) "panic")
587: ((eq action :action-stop) "stop")
588: ((eq action :action-abort) "abort")
589: ((eq action :action-kill) "kill")
590: ((eq action :action-exit) "exit"))))
591: ; Only proceed if action is not nil
592: (when action
593: (let ((cmd (format "/dev/syd/default/write:%s" action)))
594: ; Call syd--write with the command
595: (syd--stat cmd)))))
596:
597: (defun syd-default-exec (action)
598: "Set default action for Exec sandboxing.
599: ACTION is a constant representing the sandboxing action."
600: (let ((action (cond
601: ((eq action :action-allow) "allow")
602: ((eq action :action-warn) "warn")
603: ((eq action :action-filter) "filter")
604: ((eq action :action-deny) "deny")
605: ((eq action :action-panic) "panic")
606: ((eq action :action-stop) "stop")
607: ((eq action :action-abort) "abort")
608: ((eq action :action-kill) "kill")
609: ((eq action :action-exit) "exit"))))
610: ; Only proceed if action is not nil
611: (when action
612: (let ((cmd (format "/dev/syd/default/exec:%s" action)))
613: ; Call syd--exec with the command
614: (syd--stat cmd)))))
615:
616: (defun syd-default-ioctl (action)
617: "Set default action for Ioctl sandboxing.
618: ACTION is a constant representing the sandboxing action."
619: (let ((action (cond
620: ((eq action :action-allow) "allow")
621: ((eq action :action-warn) "warn")
622: ((eq action :action-filter) "filter")
623: ((eq action :action-deny) "deny")
624: ((eq action :action-panic) "panic")
625: ((eq action :action-stop) "stop")
626: ((eq action :action-abort) "abort")
627: ((eq action :action-kill) "kill")
628: ((eq action :action-exit) "exit"))))
629: ; Only proceed if action is not nil
630: (when action
631: (let ((cmd (format "/dev/syd/default/ioctl:%s" action)))
632: ; Call syd--ioctl with the command
633: (syd--stat cmd)))))
634:
635: (defun syd-default-create (action)
636: "Set default action for Create sandboxing.
637: ACTION is a constant representing the sandboxing action."
638: (let ((action (cond
639: ((eq action :action-allow) "allow")
640: ((eq action :action-warn) "warn")
641: ((eq action :action-filter) "filter")
642: ((eq action :action-deny) "deny")
643: ((eq action :action-panic) "panic")
644: ((eq action :action-stop) "stop")
645: ((eq action :action-abort) "abort")
646: ((eq action :action-kill) "kill")
647: ((eq action :action-exit) "exit"))))
648: ; Only proceed if action is not nil
649: (when action
650: (let ((cmd (format "/dev/syd/default/create:%s" action)))
651: ; Call syd--stat with the command
652: (syd--stat cmd)))))
653:
654: (defun syd-default-delete (action)
655: "Set default action for Delete sandboxing.
656: ACTION is a constant representing the sandboxing action."
657: (let ((action (cond
658: ((eq action :action-allow) "allow")
659: ((eq action :action-warn) "warn")
660: ((eq action :action-filter) "filter")
661: ((eq action :action-deny) "deny")
662: ((eq action :action-panic) "panic")
663: ((eq action :action-stop) "stop")
664: ((eq action :action-abort) "abort")
665: ((eq action :action-kill) "kill")
666: ((eq action :action-exit) "exit"))))
667: ; Only proceed if action is not nil
668: (when action
669: (let ((cmd (format "/dev/syd/default/delete:%s" action)))
670: ; Call syd--stat with the command
671: (syd--stat cmd)))))
672:
673: (defun syd-default-rename (action)
674: "Set default action for rename sandboxing.
675: ACTION is a constant representing the sandboxing action."
676: (let ((action (cond
677: ((eq action :action-allow) "allow")
678: ((eq action :action-warn) "warn")
679: ((eq action :action-filter) "filter")
680: ((eq action :action-deny) "deny")
681: ((eq action :action-panic) "panic")
682: ((eq action :action-stop) "stop")
683: ((eq action :action-abort) "abort")
684: ((eq action :action-kill) "kill")
685: ((eq action :action-exit) "exit"))))
686: ; Only proceed if action is not nil
687: (when action
688: (let ((cmd (format "/dev/syd/default/rename:%s" action)))
689: ; Call syd--stat with the command
690: (syd--stat cmd)))))
691:
692: (defun syd-default-symlink (action)
693: "Set default action for symlink sandboxing.
694: ACTION is a constant representing the sandboxing action."
695: (let ((action (cond
696: ((eq action :action-allow) "allow")
697: ((eq action :action-warn) "warn")
698: ((eq action :action-filter) "filter")
699: ((eq action :action-deny) "deny")
700: ((eq action :action-panic) "panic")
701: ((eq action :action-stop) "stop")
702: ((eq action :action-abort) "abort")
703: ((eq action :action-kill) "kill")
704: ((eq action :action-exit) "exit"))))
705: ; Only proceed if action is not nil
706: (when action
707: (let ((cmd (format "/dev/syd/default/symlink:%s" action)))
708: ; Call syd--stat with the command
709: (syd--stat cmd)))))
710:
711: (defun syd-default-truncate (action)
712: "Set default action for Truncate sandboxing.
713: ACTION is a constant representing the sandboxing action."
714: (let ((action (cond
715: ((eq action :action-allow) "allow")
716: ((eq action :action-warn) "warn")
717: ((eq action :action-filter) "filter")
718: ((eq action :action-deny) "deny")
719: ((eq action :action-panic) "panic")
720: ((eq action :action-stop) "stop")
721: ((eq action :action-abort) "abort")
722: ((eq action :action-kill) "kill")
723: ((eq action :action-exit) "exit"))))
724: ; Only proceed if action is not nil
725: (when action
726: (let ((cmd (format "/dev/syd/default/truncate:%s" action)))
727: ; Call syd--truncate with the command
728: (syd--stat cmd)))))
729:
730: (defun syd-default-chdir (action)
731: "Set default action for chdir sandboxing.
732: ACTION is a constant representing the sandboxing action."
733: (let ((action (cond
734: ((eq action :action-allow) "allow")
735: ((eq action :action-warn) "warn")
736: ((eq action :action-filter) "filter")
737: ((eq action :action-deny) "deny")
738: ((eq action :action-panic) "panic")
739: ((eq action :action-stop) "stop")
740: ((eq action :action-abort) "abort")
741: ((eq action :action-kill) "kill")
742: ((eq action :action-exit) "exit"))))
743: ; Only proceed if action is not nil
744: (when action
745: (let ((cmd (format "/dev/syd/default/chdir:%s" action)))
746: ; Call syd--chdir with the command
747: (syd--stat cmd)))))
748:
749: (defun syd-default-readdir (action)
750: "Set default action for readdir sandboxing.
751: ACTION is a constant representing the sandboxing action."
752: (let ((action (cond
753: ((eq action :action-allow) "allow")
754: ((eq action :action-warn) "warn")
755: ((eq action :action-filter) "filter")
756: ((eq action :action-deny) "deny")
757: ((eq action :action-panic) "panic")
758: ((eq action :action-stop) "stop")
759: ((eq action :action-abort) "abort")
760: ((eq action :action-kill) "kill")
761: ((eq action :action-exit) "exit"))))
762: ; Only proceed if action is not nil
763: (when action
764: (let ((cmd (format "/dev/syd/default/readdir:%s" action)))
765: ; Call syd--readdir with the command
766: (syd--stat cmd)))))
767:
768: (defun syd-default-mkdir (action)
769: "Set default action for mkdir sandboxing.
770: ACTION is a constant representing the sandboxing action."
771: (let ((action (cond
772: ((eq action :action-allow) "allow")
773: ((eq action :action-warn) "warn")
774: ((eq action :action-filter) "filter")
775: ((eq action :action-deny) "deny")
776: ((eq action :action-panic) "panic")
777: ((eq action :action-stop) "stop")
778: ((eq action :action-abort) "abort")
779: ((eq action :action-kill) "kill")
780: ((eq action :action-exit) "exit"))))
781: ; Only proceed if action is not nil
782: (when action
783: (let ((cmd (format "/dev/syd/default/mkdir:%s" action)))
784: ; Call syd--mkdir with the command
785: (syd--stat cmd)))))
786:
787: (defun syd-default-rmdir (action)
788: "Set default action for rmdir sandboxing.
789: ACTION is a constant representing the sandboxing action."
790: (let ((action (cond
791: ((eq action :action-allow) "allow")
792: ((eq action :action-warn) "warn")
793: ((eq action :action-filter) "filter")
794: ((eq action :action-deny) "deny")
795: ((eq action :action-panic) "panic")
796: ((eq action :action-stop) "stop")
797: ((eq action :action-abort) "abort")
798: ((eq action :action-kill) "kill")
799: ((eq action :action-exit) "exit"))))
800: ; Only proceed if action is not nil
801: (when action
802: (let ((cmd (format "/dev/syd/default/rmdir:%s" action)))
803: ; Call syd--rmdir with the command
804: (syd--stat cmd)))))
805:
806: (defun syd-default-chown (action)
807: "Set default action for Chown sandboxing.
808: ACTION is a constant representing the sandboxing action."
809: (let ((action (cond
810: ((eq action :action-allow) "allow")
811: ((eq action :action-warn) "warn")
812: ((eq action :action-filter) "filter")
813: ((eq action :action-deny) "deny")
814: ((eq action :action-panic) "panic")
815: ((eq action :action-stop) "stop")
816: ((eq action :action-abort) "abort")
817: ((eq action :action-kill) "kill")
818: ((eq action :action-exit) "exit"))))
819: ; Only proceed if action is not nil
820: (when action
821: (let ((cmd (format "/dev/syd/default/chown:%s" action)))
822: ; Call syd--stat with the command
823: (syd--stat cmd)))))
824:
825: (defun syd-default-chgrp (action)
826: "Set default action for Chgrp sandboxing.
827: ACTION is a constant representing the sandboxing action."
828: (let ((action (cond
829: ((eq action :action-allow) "allow")
830: ((eq action :action-warn) "warn")
831: ((eq action :action-filter) "filter")
832: ((eq action :action-deny) "deny")
833: ((eq action :action-panic) "panic")
834: ((eq action :action-stop) "stop")
835: ((eq action :action-abort) "abort")
836: ((eq action :action-kill) "kill")
837: ((eq action :action-exit) "exit"))))
838: ; Only proceed if action is not nil
839: (when action
840: (let ((cmd (format "/dev/syd/default/chgrp:%s" action)))
841: ; Call syd--stat with the command
842: (syd--stat cmd)))))
843:
844: (defun syd-default-chmod (action)
845: "Set default action for chmod sandboxing.
846: ACTION is a constant representing the sandboxing action."
847: (let ((action (cond
848: ((eq action :action-allow) "allow")
849: ((eq action :action-warn) "warn")
850: ((eq action :action-filter) "filter")
851: ((eq action :action-deny) "deny")
852: ((eq action :action-panic) "panic")
853: ((eq action :action-stop) "stop")
854: ((eq action :action-abort) "abort")
855: ((eq action :action-kill) "kill")
856: ((eq action :action-exit) "exit"))))
857: ; Only proceed if action is not nil
858: (when action
859: (let ((cmd (format "/dev/syd/default/chmod:%s" action)))
860: ; Call syd--stat with the command
861: (syd--stat cmd)))))
862:
863: (defun syd-default-chattr (action)
864: "Set default action for chattr sandboxing.
865: ACTION is a constant representing the sandboxing action."
866: (let ((action (cond
867: ((eq action :action-allow) "allow")
868: ((eq action :action-warn) "warn")
869: ((eq action :action-filter) "filter")
870: ((eq action :action-deny) "deny")
871: ((eq action :action-panic) "panic")
872: ((eq action :action-stop) "stop")
873: ((eq action :action-abort) "abort")
874: ((eq action :action-kill) "kill")
875: ((eq action :action-exit) "exit"))))
876: ; Only proceed if action is not nil
877: (when action
878: (let ((cmd (format "/dev/syd/default/chattr:%s" action)))
879: ; Call syd--stat with the command
880: (syd--stat cmd)))))
881:
882: (defun syd-default-chroot (action)
883: "Set default action for chroot sandboxing.
884: ACTION is a constant representing the sandboxing action."
885: (let ((action (cond
886: ((eq action :action-allow) "allow")
887: ((eq action :action-warn) "warn")
888: ((eq action :action-filter) "filter")
889: ((eq action :action-deny) "deny")
890: ((eq action :action-panic) "panic")
891: ((eq action :action-stop) "stop")
892: ((eq action :action-abort) "abort")
893: ((eq action :action-kill) "kill")
894: ((eq action :action-exit) "exit"))))
895: ; Only proceed if action is not nil
896: (when action
897: (let ((cmd (format "/dev/syd/default/chroot:%s" action)))
898: ; Call syd--stat with the command
899: (syd--stat cmd)))))
900:
901: (defun syd-default-utime (action)
902: "Set default action for utime sandboxing.
903: ACTION is a constant representing the sandboxing action."
904: (let ((action (cond
905: ((eq action :action-allow) "allow")
906: ((eq action :action-warn) "warn")
907: ((eq action :action-filter) "filter")
908: ((eq action :action-deny) "deny")
909: ((eq action :action-panic) "panic")
910: ((eq action :action-stop) "stop")
911: ((eq action :action-abort) "abort")
912: ((eq action :action-kill) "kill")
913: ((eq action :action-exit) "exit"))))
914: ; Only proceed if action is not nil
915: (when action
916: (let ((cmd (format "/dev/syd/default/utime:%s" action)))
917: ; Call syd--stat with the command
918: (syd--stat cmd)))))
919:
920: (defun syd-default-mkbdev (action)
921: "Set default action for mkbdev sandboxing.
922: ACTION is a constant representing the sandboxing action."
923: (let ((action (cond
924: ((eq action :action-allow) "allow")
925: ((eq action :action-warn) "warn")
926: ((eq action :action-filter) "filter")
927: ((eq action :action-deny) "deny")
928: ((eq action :action-panic) "panic")
929: ((eq action :action-stop) "stop")
930: ((eq action :action-abort) "abort")
931: ((eq action :action-kill) "kill")
932: ((eq action :action-exit) "exit"))))
933: ; Only proceed if action is not nil
934: (when action
935: (let ((cmd (format "/dev/syd/default/mkbdev:%s" action)))
936: ; Call syd--stat with the command
937: (syd--stat cmd)))))
938:
939: (defun syd-default-mkcdev (action)
940: "Set default action for mkcdev sandboxing.
941: ACTION is a constant representing the sandboxing action."
942: (let ((action (cond
943: ((eq action :action-allow) "allow")
944: ((eq action :action-warn) "warn")
945: ((eq action :action-filter) "filter")
946: ((eq action :action-deny) "deny")
947: ((eq action :action-panic) "panic")
948: ((eq action :action-stop) "stop")
949: ((eq action :action-abort) "abort")
950: ((eq action :action-kill) "kill")
951: ((eq action :action-exit) "exit"))))
952: ; Only proceed if action is not nil
953: (when action
954: (let ((cmd (format "/dev/syd/default/mkcdev:%s" action)))
955: ; Call syd--stat with the command
956: (syd--stat cmd)))))
957:
958: (defun syd-default-mkfifo (action)
959: "Set default action for mkfifo sandboxing.
960: ACTION is a constant representing the sandboxing action."
961: (let ((action (cond
962: ((eq action :action-allow) "allow")
963: ((eq action :action-warn) "warn")
964: ((eq action :action-filter) "filter")
965: ((eq action :action-deny) "deny")
966: ((eq action :action-panic) "panic")
967: ((eq action :action-stop) "stop")
968: ((eq action :action-abort) "abort")
969: ((eq action :action-kill) "kill")
970: ((eq action :action-exit) "exit"))))
971: ; Only proceed if action is not nil
972: (when action
973: (let ((cmd (format "/dev/syd/default/mkfifo:%s" action)))
974: ; Call syd--stat with the command
975: (syd--stat cmd)))))
976:
977: (defun syd-default-mktemp (action)
978: "Set default action for mktemp sandboxing.
979: ACTION is a constant representing the sandboxing action."
980: (let ((action (cond
981: ((eq action :action-allow) "allow")
982: ((eq action :action-warn) "warn")
983: ((eq action :action-filter) "filter")
984: ((eq action :action-deny) "deny")
985: ((eq action :action-panic) "panic")
986: ((eq action :action-stop) "stop")
987: ((eq action :action-abort) "abort")
988: ((eq action :action-kill) "kill")
989: ((eq action :action-exit) "exit"))))
990: ; Only proceed if action is not nil
991: (when action
992: (let ((cmd (format "/dev/syd/default/mktemp:%s" action)))
993: ; Call syd--stat with the command
994: (syd--stat cmd)))))
995:
996: (defun syd-default-net (action)
997: "Set default action for Network sandboxing.
998: ACTION is a constant representing the sandboxing action."
999: (let ((action (cond
1000: ((eq action :action-allow) "allow")
1001: ((eq action :action-warn) "warn")
1002: ((eq action :action-filter) "filter")
1003: ((eq action :action-deny) "deny")
1004: ((eq action :action-panic) "panic")
1005: ((eq action :action-stop) "stop")
1006: ((eq action :action-abort) "abort")
1007: ((eq action :action-kill) "kill")
1008: ((eq action :action-exit) "exit"))))
1009: ; Only proceed if action is not nil
1010: (when action
1011: (let ((cmd (format "/dev/syd/default/net:%s" action)))
1012: ; Call syd--net with the command
1013: (syd--stat cmd)))))
1014:
1015: ; TODO: syd-default-block!
1016:
1017: (defun syd-default-mem (action)
1018: "Set default action for Memory sandboxing.
1019: ACTION is a constant representing the sandboxing action."
1020: (let ((action (cond
1021: ((eq action :action-allow) "allow")
1022: ((eq action :action-warn) "warn")
1023: ((eq action :action-filter) "filter")
1024: ((eq action :action-deny) "deny")
1025: ((eq action :action-panic) "panic")
1026: ((eq action :action-stop) "stop")
1027: ((eq action :action-abort) "abort")
1028: ((eq action :action-kill) "kill")
1029: ((eq action :action-exit) "exit"))))
1030: ; Only proceed if action is not nil
1031: (when action
1032: (let ((cmd (format "/dev/syd/default/mem:%s" action)))
1033: ; Call syd--net with the command
1034: (syd--stat cmd)))))
1035:
1036: (defun syd-default-pid (action)
1037: "Set default action for PID sandboxing.
1038: ACTION is a constant representing the sandboxing action."
1039: (let ((action (cond
1040: ((eq action :action-allow) "allow")
1041: ((eq action :action-warn) "warn")
1042: ((eq action :action-filter) "filter")
1043: ((eq action :action-deny) "deny")
1044: ((eq action :action-panic) "panic")
1045: ((eq action :action-stop) "stop")
1046: ((eq action :action-abort) "abort")
1047: ((eq action :action-kill) "kill")
1048: ((eq action :action-exit) "exit"))))
1049: ; Only proceed if action is not nil
1050: (when action
1051: (let ((cmd (format "/dev/syd/default/pid:%s" action)))
1052: ; Call syd--net with the command
1053: (syd--stat cmd)))))
1054:
1055: (defun syd-default-force (action)
1056: "Set default action for Force sandboxing.
1057: ACTION is a constant representing the sandboxing action."
1058: (let ((action (cond
1059: ((eq action :action-allow) "allow")
1060: ((eq action :action-warn) "warn")
1061: ((eq action :action-filter) "filter")
1062: ((eq action :action-deny) "deny")
1063: ((eq action :action-panic) "panic")
1064: ((eq action :action-stop) "stop")
1065: ((eq action :action-abort) "abort")
1066: ((eq action :action-kill) "kill")
1067: ((eq action :action-exit) "exit"))))
1068: ; Only proceed if action is not nil
1069: (when action
1070: (let ((cmd (format "/dev/syd/default/force:%s" action)))
1071: ; Call syd--net with the command
1072: (syd--stat cmd)))))
1073:
1074: (defun syd-default-segvguard (action)
1075: "Set default action for SegvGuard.
1076: ACTION is a constant representing the sandboxing action."
1077: (let ((action (cond
1078: ((eq action :action-allow) "allow")
1079: ((eq action :action-warn) "warn")
1080: ((eq action :action-filter) "filter")
1081: ((eq action :action-deny) "deny")
1082: ((eq action :action-panic) "panic")
1083: ((eq action :action-stop) "stop")
1084: ((eq action :action-abort) "abort")
1085: ((eq action :action-kill) "kill")
1086: ((eq action :action-exit) "exit"))))
1087: ; Only proceed if action is not nil
1088: (when action
1089: (let ((cmd (format "/dev/syd/default/segvguard:%s" action)))
1090: ; Call syd--net with the command
1091: (syd--stat cmd)))))
1092:
1093: (defun syd-default-tpe (action)
1094: "Set default action for TPE sandboxing.
1095: ACTION is a constant representing the sandboxing action."
1096: (let ((action (cond
1097: ((eq action :action-allow) "allow")
1098: ((eq action :action-warn) "warn")
1099: ((eq action :action-filter) "filter")
1100: ((eq action :action-deny) "deny")
1101: ((eq action :action-panic) "panic")
1102: ((eq action :action-stop) "stop")
1103: ((eq action :action-abort) "abort")
1104: ((eq action :action-kill) "kill")
1105: ((eq action :action-exit) "exit"))))
1106: ; Only proceed if action is not nil
1107: (when action
1108: (let ((cmd (format "/dev/syd/default/tpe:%s" action)))
1109: ; Call syd--net with the command
1110: (syd--stat cmd)))))
1111:
1112: (defun syd-ioctl-deny (request)
1113: "Adds a request to the _ioctl_(2) denylist.
1114: REQUEST is the _ioctl_(2) request number to add to the denylist."
1115: (unless (numberp request)
1116: (error "Request must be a number"))
1117: (let ((path (format "/dev/syd/ioctl/deny+%d" request)))
1118: (syd--stat path)))
1119:
1120: (defun syd-fs-add (action glob)
1121: "Adds to the given actionlist of Filesystem sandboxing.
1122: ACTION is a constant representing the sandboxing action.
1123: GLOB is a string representing the glob pattern."
1124: (let ((action (cond
1125: ((eq action :action-allow) "allow")
1126: ((eq action :action-warn) "warn")
1127: ((eq action :action-filter) "filter")
1128: ((eq action :action-deny) "deny")
1129: ((eq action :action-panic) "panic")
1130: ((eq action :action-stop) "stop")
1131: ((eq action :action-abort) "abort")
1132: ((eq action :action-kill) "kill")
1133: ((eq action :action-exit) "exit"))))
1134: ; Only proceed if action is not nil
1135: (when action
1136: ; Create the command string
1137: (let ((cmd (format "%s/fs" action)))
1138: ; Call syd--stat with the command
1139: (syd--stat (syd--rule cmd glob ?+))))))
1140:
1141: (defun syd-fs-del (action glob)
1142: "Removes the first matching entry from the end of the given actionlist
1143: of Filesystem sandboxing.
1144: ACTION is a constant representing the sandboxing action.
1145: GLOB is a string representing the glob pattern."
1146: (let ((action (cond
1147: ((eq action :action-allow) "allow")
1148: ((eq action :action-warn) "warn")
1149: ((eq action :action-filter) "filter")
1150: ((eq action :action-deny) "deny")
1151: ((eq action :action-panic) "panic")
1152: ((eq action :action-stop) "stop")
1153: ((eq action :action-abort) "abort")
1154: ((eq action :action-kill) "kill")
1155: ((eq action :action-exit) "exit"))))
1156: ; Only proceed if action is not nil
1157: (when action
1158: ; Create the command string
1159: (let ((cmd (format "%s/fs" action)))
1160: ; Call syd--stat with the command
1161: (syd--stat (syd--rule cmd glob ?-))))))
1162:
1163: (defun syd-fs-rem (action glob)
1164: "Removes all matching entries from the given actionlist of Filesystem sandboxing.
1165: ACTION is a constant representing the sandboxing action.
1166: GLOB is a string representing the glob pattern."
1167: (let ((action (cond
1168: ((eq action :action-allow) "allow")
1169: ((eq action :action-warn) "warn")
1170: ((eq action :action-filter) "filter")
1171: ((eq action :action-deny) "deny")
1172: ((eq action :action-panic) "panic")
1173: ((eq action :action-stop) "stop")
1174: ((eq action :action-abort) "abort")
1175: ((eq action :action-kill) "kill")
1176: ((eq action :action-exit) "exit"))))
1177: ; Only proceed if action is not nil
1178: (when action
1179: ; Create the command string
1180: (let ((cmd (format "%s/fs" action)))
1181: ; Call syd--stat with the command
1182: (syd--stat (syd--rule cmd glob ?^))))))
1183:
1184: (defun syd-walk-add (action glob)
1185: "Adds to the given actionlist of walk sandboxing.
1186: ACTION is a constant representing the sandboxing action.
1187: GLOB is a string representing the glob pattern."
1188: (let ((action (cond
1189: ((eq action :action-allow) "allow")
1190: ((eq action :action-warn) "warn")
1191: ((eq action :action-filter) "filter")
1192: ((eq action :action-deny) "deny")
1193: ((eq action :action-panic) "panic")
1194: ((eq action :action-stop) "stop")
1195: ((eq action :action-abort) "abort")
1196: ((eq action :action-kill) "kill")
1197: ((eq action :action-exit) "exit"))))
1198: ; Only proceed if action is not nil
1199: (when action
1200: ; Create the command string
1201: (let ((cmd (format "%s/walk" action)))
1202: ; Call syd--stat with the command
1203: (syd--stat (syd--rule cmd glob ?+))))))
1204:
1205: (defun syd-walk-del (action glob)
1206: "Removes the first matching entry from the end of the given actionlist
1207: of walk sandboxing.
1208: ACTION is a constant representing the sandboxing action.
1209: GLOB is a string representing the glob pattern."
1210: (let ((action (cond
1211: ((eq action :action-allow) "allow")
1212: ((eq action :action-warn) "warn")
1213: ((eq action :action-filter) "filter")
1214: ((eq action :action-deny) "deny")
1215: ((eq action :action-panic) "panic")
1216: ((eq action :action-stop) "stop")
1217: ((eq action :action-abort) "abort")
1218: ((eq action :action-kill) "kill")
1219: ((eq action :action-exit) "exit"))))
1220: ; Only proceed if action is not nil
1221: (when action
1222: ; Create the command string
1223: (let ((cmd (format "%s/walk" action)))
1224: ; Call syd--stat with the command
1225: (syd--stat (syd--rule cmd glob ?-))))))
1226:
1227: (defun syd-walk-rem (action glob)
1228: "Removes all matching entries from the given actionlist of walk sandboxing.
1229: ACTION is a constant representing the sandboxing action.
1230: GLOB is a string representing the glob pattern."
1231: (let ((action (cond
1232: ((eq action :action-allow) "allow")
1233: ((eq action :action-warn) "warn")
1234: ((eq action :action-filter) "filter")
1235: ((eq action :action-deny) "deny")
1236: ((eq action :action-panic) "panic")
1237: ((eq action :action-stop) "stop")
1238: ((eq action :action-abort) "abort")
1239: ((eq action :action-kill) "kill")
1240: ((eq action :action-exit) "exit"))))
1241: ; Only proceed if action is not nil
1242: (when action
1243: ; Create the command string
1244: (let ((cmd (format "%s/walk" action)))
1245: ; Call syd--stat with the command
1246: (syd--stat (syd--rule cmd glob ?^))))))
1247:
1248: (defun syd-stat-add (action glob)
1249: "Adds to the given actionlist of stat sandboxing.
1250: ACTION is a constant representing the sandboxing action.
1251: GLOB is a string representing the glob pattern."
1252: (let ((action (cond
1253: ((eq action :action-allow) "allow")
1254: ((eq action :action-warn) "warn")
1255: ((eq action :action-filter) "filter")
1256: ((eq action :action-deny) "deny")
1257: ((eq action :action-panic) "panic")
1258: ((eq action :action-stop) "stop")
1259: ((eq action :action-abort) "abort")
1260: ((eq action :action-kill) "kill")
1261: ((eq action :action-exit) "exit"))))
1262: ; Only proceed if action is not nil
1263: (when action
1264: ; Create the command string
1265: (let ((cmd (format "%s/stat" action)))
1266: ; Call syd--stat with the command
1267: (syd--stat (syd--rule cmd glob ?+))))))
1268:
1269: (defun syd-stat-del (action glob)
1270: "Removes the first matching entry from the end of the given actionlist
1271: of stat sandboxing.
1272: ACTION is a constant representing the sandboxing action.
1273: GLOB is a string representing the glob pattern."
1274: (let ((action (cond
1275: ((eq action :action-allow) "allow")
1276: ((eq action :action-warn) "warn")
1277: ((eq action :action-filter) "filter")
1278: ((eq action :action-deny) "deny")
1279: ((eq action :action-panic) "panic")
1280: ((eq action :action-stop) "stop")
1281: ((eq action :action-abort) "abort")
1282: ((eq action :action-kill) "kill")
1283: ((eq action :action-exit) "exit"))))
1284: ; Only proceed if action is not nil
1285: (when action
1286: ; Create the command string
1287: (let ((cmd (format "%s/stat" action)))
1288: ; Call syd--stat with the command
1289: (syd--stat (syd--rule cmd glob ?-))))))
1290:
1291: (defun syd-stat-rem (action glob)
1292: "Removes all matching entries from the given actionlist of stat sandboxing.
1293: ACTION is a constant representing the sandboxing action.
1294: GLOB is a string representing the glob pattern."
1295: (let ((action (cond
1296: ((eq action :action-allow) "allow")
1297: ((eq action :action-warn) "warn")
1298: ((eq action :action-filter) "filter")
1299: ((eq action :action-deny) "deny")
1300: ((eq action :action-panic) "panic")
1301: ((eq action :action-stop) "stop")
1302: ((eq action :action-abort) "abort")
1303: ((eq action :action-kill) "kill")
1304: ((eq action :action-exit) "exit"))))
1305: ; Only proceed if action is not nil
1306: (when action
1307: ; Create the command string
1308: (let ((cmd (format "%s/stat" action)))
1309: ; Call syd--stat with the command
1310: (syd--stat (syd--rule cmd glob ?^))))))
1311:
1312: (defun syd-read-add (action glob)
1313: "Adds to the given actionlist of read sandboxing.
1314: ACTION is a constant representing the sandboxing action.
1315: GLOB is a string representing the glob pattern."
1316: (let ((action (cond
1317: ((eq action :action-allow) "allow")
1318: ((eq action :action-warn) "warn")
1319: ((eq action :action-filter) "filter")
1320: ((eq action :action-deny) "deny")
1321: ((eq action :action-panic) "panic")
1322: ((eq action :action-stop) "stop")
1323: ((eq action :action-abort) "abort")
1324: ((eq action :action-kill) "kill")
1325: ((eq action :action-exit) "exit"))))
1326: ; Only proceed if action is not nil
1327: (when action
1328: ; Create the command string
1329: (let ((cmd (format "%s/read" action)))
1330: ; Call syd--stat with the command
1331: (syd--stat (syd--rule cmd glob ?+))))))
1332:
1333: (defun syd-read-del (action glob)
1334: "Removes the first matching entry from the end of the given actionlist
1335: of read sandboxing.
1336: ACTION is a constant representing the sandboxing action.
1337: GLOB is a string representing the glob pattern."
1338: (let ((action (cond
1339: ((eq action :action-allow) "allow")
1340: ((eq action :action-warn) "warn")
1341: ((eq action :action-filter) "filter")
1342: ((eq action :action-deny) "deny")
1343: ((eq action :action-panic) "panic")
1344: ((eq action :action-stop) "stop")
1345: ((eq action :action-abort) "abort")
1346: ((eq action :action-kill) "kill")
1347: ((eq action :action-exit) "exit"))))
1348: ; Only proceed if action is not nil
1349: (when action
1350: ; Create the command string
1351: (let ((cmd (format "%s/read" action)))
1352: ; Call syd--stat with the command
1353: (syd--stat (syd--rule cmd glob ?-))))))
1354:
1355: (defun syd-read-rem (action glob)
1356: "Removes all matching entries from the given actionlist of read sandboxing.
1357: ACTION is a constant representing the sandboxing action.
1358: GLOB is a string representing the glob pattern."
1359: (let ((action (cond
1360: ((eq action :action-allow) "allow")
1361: ((eq action :action-warn) "warn")
1362: ((eq action :action-filter) "filter")
1363: ((eq action :action-deny) "deny")
1364: ((eq action :action-panic) "panic")
1365: ((eq action :action-stop) "stop")
1366: ((eq action :action-abort) "abort")
1367: ((eq action :action-kill) "kill")
1368: ((eq action :action-exit) "exit"))))
1369: ; Only proceed if action is not nil
1370: (when action
1371: ; Create the command string
1372: (let ((cmd (format "%s/read" action)))
1373: ; Call syd--stat with the command
1374: (syd--stat (syd--rule cmd glob ?^))))))
1375:
1376: (defun syd-write-add (action glob)
1377: "Adds to the given actionlist of write sandboxing.
1378: ACTION is a constant representing the sandboxing action.
1379: GLOB is a string representing the glob pattern."
1380: (let ((action (cond
1381: ((eq action :action-allow) "allow")
1382: ((eq action :action-warn) "warn")
1383: ((eq action :action-filter) "filter")
1384: ((eq action :action-deny) "deny")
1385: ((eq action :action-panic) "panic")
1386: ((eq action :action-stop) "stop")
1387: ((eq action :action-abort) "abort")
1388: ((eq action :action-kill) "kill")
1389: ((eq action :action-exit) "exit"))))
1390: ; Only proceed if action is not nil
1391: (when action
1392: ; Create the command string
1393: (let ((cmd (format "%s/write" action)))
1394: ; Call syd--stat with the command
1395: (syd--stat (syd--rule cmd glob ?+))))))
1396:
1397: (defun syd-write-del (action glob)
1398: "Removes the first matching entry from the end of the given actionlist
1399: of write sandboxing.
1400: ACTION is a constant representing the sandboxing action.
1401: GLOB is a string representing the glob pattern."
1402: (let ((action (cond
1403: ((eq action :action-allow) "allow")
1404: ((eq action :action-warn) "warn")
1405: ((eq action :action-filter) "filter")
1406: ((eq action :action-deny) "deny")
1407: ((eq action :action-panic) "panic")
1408: ((eq action :action-stop) "stop")
1409: ((eq action :action-abort) "abort")
1410: ((eq action :action-kill) "kill")
1411: ((eq action :action-exit) "exit"))))
1412: ; Only proceed if action is not nil
1413: (when action
1414: ; Create the command string
1415: (let ((cmd (format "%s/write" action)))
1416: ; Call syd--stat with the command
1417: (syd--stat (syd--rule cmd glob ?-))))))
1418:
1419: (defun syd-write-rem (action glob)
1420: "Removes all matching entries from the given actionlist of write sandboxing.
1421: ACTION is a constant representing the sandboxing action.
1422: GLOB is a string representing the glob pattern."
1423: (let ((action (cond
1424: ((eq action :action-allow) "allow")
1425: ((eq action :action-warn) "warn")
1426: ((eq action :action-filter) "filter")
1427: ((eq action :action-deny) "deny")
1428: ((eq action :action-panic) "panic")
1429: ((eq action :action-stop) "stop")
1430: ((eq action :action-abort) "abort")
1431: ((eq action :action-kill) "kill")
1432: ((eq action :action-exit) "exit"))))
1433: ; Only proceed if action is not nil
1434: (when action
1435: ; Create the command string
1436: (let ((cmd (format "%s/write" action)))
1437: ; Call syd--stat with the command
1438: (syd--stat (syd--rule cmd glob ?^))))))
1439:
1440: (defun syd-exec-add (action glob)
1441: "Adds to the given actionlist of exec sandboxing.
1442: ACTION is a constant representing the sandboxing action.
1443: GLOB is a string representing the glob pattern."
1444: (let ((action (cond
1445: ((eq action :action-allow) "allow")
1446: ((eq action :action-warn) "warn")
1447: ((eq action :action-filter) "filter")
1448: ((eq action :action-deny) "deny")
1449: ((eq action :action-panic) "panic")
1450: ((eq action :action-stop) "stop")
1451: ((eq action :action-abort) "abort")
1452: ((eq action :action-kill) "kill")
1453: ((eq action :action-exit) "exit"))))
1454: ; Only proceed if action is not nil
1455: (when action
1456: ; Create the command string
1457: (let ((cmd (format "%s/exec" action)))
1458: ; Call syd--stat with the command
1459: (syd--stat (syd--rule cmd glob ?+))))))
1460:
1461: (defun syd-exec-del (action glob)
1462: "Removes the first matching entry from the end of the given actionlist
1463: of exec sandboxing.
1464: ACTION is a constant representing the sandboxing action.
1465: GLOB is a string representing the glob pattern."
1466: (let ((action (cond
1467: ((eq action :action-allow) "allow")
1468: ((eq action :action-warn) "warn")
1469: ((eq action :action-filter) "filter")
1470: ((eq action :action-deny) "deny")
1471: ((eq action :action-panic) "panic")
1472: ((eq action :action-stop) "stop")
1473: ((eq action :action-abort) "abort")
1474: ((eq action :action-kill) "kill")
1475: ((eq action :action-exit) "exit"))))
1476: ; Only proceed if action is not nil
1477: (when action
1478: ; Create the command string
1479: (let ((cmd (format "%s/exec" action)))
1480: ; Call syd--stat with the command
1481: (syd--stat (syd--rule cmd glob ?-))))))
1482:
1483: (defun syd-exec-rem (action glob)
1484: "Removes all matching entries from the given actionlist of exec sandboxing.
1485: ACTION is a constant representing the sandboxing action.
1486: GLOB is a string representing the glob pattern."
1487: (let ((action (cond
1488: ((eq action :action-allow) "allow")
1489: ((eq action :action-warn) "warn")
1490: ((eq action :action-filter) "filter")
1491: ((eq action :action-deny) "deny")
1492: ((eq action :action-panic) "panic")
1493: ((eq action :action-stop) "stop")
1494: ((eq action :action-abort) "abort")
1495: ((eq action :action-kill) "kill")
1496: ((eq action :action-exit) "exit"))))
1497: ; Only proceed if action is not nil
1498: (when action
1499: ; Create the command string
1500: (let ((cmd (format "%s/exec" action)))
1501: ; Call syd--stat with the command
1502: (syd--stat (syd--rule cmd glob ?^))))))
1503:
1504: (defun syd-ioctl-add (action glob)
1505: "Adds to the given actionlist of ioctl sandboxing.
1506: ACTION is a constant representing the sandboxing action.
1507: GLOB is a string representing the glob pattern."
1508: (let ((action (cond
1509: ((eq action :action-allow) "allow")
1510: ((eq action :action-warn) "warn")
1511: ((eq action :action-filter) "filter")
1512: ((eq action :action-deny) "deny")
1513: ((eq action :action-panic) "panic")
1514: ((eq action :action-stop) "stop")
1515: ((eq action :action-abort) "abort")
1516: ((eq action :action-kill) "kill")
1517: ((eq action :action-exit) "exit"))))
1518: ; Only proceed if action is not nil
1519: (when action
1520: ; Create the command string
1521: (let ((cmd (format "%s/ioctl" action)))
1522: ; Call syd--stat with the command
1523: (syd--stat (syd--rule cmd glob ?+))))))
1524:
1525: (defun syd-ioctl-del (action glob)
1526: "Removes the first matching entry from the end of the given actionlist
1527: of ioctl sandboxing.
1528: ACTION is a constant representing the sandboxing action.
1529: GLOB is a string representing the glob pattern."
1530: (let ((action (cond
1531: ((eq action :action-allow) "allow")
1532: ((eq action :action-warn) "warn")
1533: ((eq action :action-filter) "filter")
1534: ((eq action :action-deny) "deny")
1535: ((eq action :action-panic) "panic")
1536: ((eq action :action-stop) "stop")
1537: ((eq action :action-abort) "abort")
1538: ((eq action :action-kill) "kill")
1539: ((eq action :action-exit) "exit"))))
1540: ; Only proceed if action is not nil
1541: (when action
1542: ; Create the command string
1543: (let ((cmd (format "%s/ioctl" action)))
1544: ; Call syd--stat with the command
1545: (syd--stat (syd--rule cmd glob ?-))))))
1546:
1547: (defun syd-ioctl-rem (action glob)
1548: "Removes all matching entries from the given actionlist of ioctl sandboxing.
1549: ACTION is a constant representing the sandboxing action.
1550: GLOB is a string representing the glob pattern."
1551: (let ((action (cond
1552: ((eq action :action-allow) "allow")
1553: ((eq action :action-warn) "warn")
1554: ((eq action :action-filter) "filter")
1555: ((eq action :action-deny) "deny")
1556: ((eq action :action-panic) "panic")
1557: ((eq action :action-stop) "stop")
1558: ((eq action :action-abort) "abort")
1559: ((eq action :action-kill) "kill")
1560: ((eq action :action-exit) "exit"))))
1561: ; Only proceed if action is not nil
1562: (when action
1563: ; Create the command string
1564: (let ((cmd (format "%s/ioctl" action)))
1565: ; Call syd--stat with the command
1566: (syd--stat (syd--rule cmd glob ?^))))))
1567:
1568: (defun syd-create-add (action glob)
1569: "Adds to the given actionlist of create sandboxing.
1570: ACTION is a constant representing the sandboxing action.
1571: GLOB is a string representing the glob pattern."
1572: (let ((action (cond
1573: ((eq action :action-allow) "allow")
1574: ((eq action :action-warn) "warn")
1575: ((eq action :action-filter) "filter")
1576: ((eq action :action-deny) "deny")
1577: ((eq action :action-panic) "panic")
1578: ((eq action :action-stop) "stop")
1579: ((eq action :action-abort) "abort")
1580: ((eq action :action-kill) "kill")
1581: ((eq action :action-exit) "exit"))))
1582: ; Only proceed if action is not nil
1583: (when action
1584: ; Create the command string
1585: (let ((cmd (format "%s/create" action)))
1586: ; Call syd--stat with the command
1587: (syd--stat (syd--rule cmd glob ?+))))))
1588:
1589: (defun syd-create-del (action glob)
1590: "Removes the first matching entry from the end of the given actionlist
1591: of create sandboxing.
1592: ACTION is a constant representing the sandboxing action.
1593: GLOB is a string representing the glob pattern."
1594: (let ((action (cond
1595: ((eq action :action-allow) "allow")
1596: ((eq action :action-warn) "warn")
1597: ((eq action :action-filter) "filter")
1598: ((eq action :action-deny) "deny")
1599: ((eq action :action-panic) "panic")
1600: ((eq action :action-stop) "stop")
1601: ((eq action :action-abort) "abort")
1602: ((eq action :action-kill) "kill")
1603: ((eq action :action-exit) "exit"))))
1604: ; Only proceed if action is not nil
1605: (when action
1606: ; Create the command string
1607: (let ((cmd (format "%s/create" action)))
1608: ; Call syd--stat with the command
1609: (syd--stat (syd--rule cmd glob ?-))))))
1610:
1611: (defun syd-create-rem (action glob)
1612: "Removes all matching entries from the given actionlist of create sandboxing.
1613: ACTION is a constant representing the sandboxing action.
1614: GLOB is a string representing the glob pattern."
1615: (let ((action (cond
1616: ((eq action :action-allow) "allow")
1617: ((eq action :action-warn) "warn")
1618: ((eq action :action-filter) "filter")
1619: ((eq action :action-deny) "deny")
1620: ((eq action :action-panic) "panic")
1621: ((eq action :action-stop) "stop")
1622: ((eq action :action-abort) "abort")
1623: ((eq action :action-kill) "kill")
1624: ((eq action :action-exit) "exit"))))
1625: ; Only proceed if action is not nil
1626: (when action
1627: ; Create the command string
1628: (let ((cmd (format "%s/create" action)))
1629: ; Call syd--stat with the command
1630: (syd--stat (syd--rule cmd glob ?^))))))
1631:
1632: (defun syd-delete-add (action glob)
1633: "Adds to the given actionlist of delete sandboxing.
1634: ACTION is a constant representing the sandboxing action.
1635: GLOB is a string representing the glob pattern."
1636: (let ((action (cond
1637: ((eq action :action-allow) "allow")
1638: ((eq action :action-warn) "warn")
1639: ((eq action :action-filter) "filter")
1640: ((eq action :action-deny) "deny")
1641: ((eq action :action-panic) "panic")
1642: ((eq action :action-stop) "stop")
1643: ((eq action :action-abort) "abort")
1644: ((eq action :action-kill) "kill")
1645: ((eq action :action-exit) "exit"))))
1646: ; Only proceed if action is not nil
1647: (when action
1648: ; delete the command string
1649: (let ((cmd (format "%s/delete" action)))
1650: ; Call syd--stat with the command
1651: (syd--stat (syd--rule cmd glob ?+))))))
1652:
1653: (defun syd-delete-del (action glob)
1654: "Removes the first matching entry from the end of the given actionlist
1655: of delete sandboxing.
1656: ACTION is a constant representing the sandboxing action.
1657: GLOB is a string representing the glob pattern."
1658: (let ((action (cond
1659: ((eq action :action-allow) "allow")
1660: ((eq action :action-warn) "warn")
1661: ((eq action :action-filter) "filter")
1662: ((eq action :action-deny) "deny")
1663: ((eq action :action-panic) "panic")
1664: ((eq action :action-stop) "stop")
1665: ((eq action :action-abort) "abort")
1666: ((eq action :action-kill) "kill")
1667: ((eq action :action-exit) "exit"))))
1668: ; Only proceed if action is not nil
1669: (when action
1670: ; delete the command string
1671: (let ((cmd (format "%s/delete" action)))
1672: ; Call syd--stat with the command
1673: (syd--stat (syd--rule cmd glob ?-))))))
1674:
1675: (defun syd-delete-rem (action glob)
1676: "Removes all matching entries from the given actionlist of delete sandboxing.
1677: ACTION is a constant representing the sandboxing action.
1678: GLOB is a string representing the glob pattern."
1679: (let ((action (cond
1680: ((eq action :action-allow) "allow")
1681: ((eq action :action-warn) "warn")
1682: ((eq action :action-filter) "filter")
1683: ((eq action :action-deny) "deny")
1684: ((eq action :action-panic) "panic")
1685: ((eq action :action-stop) "stop")
1686: ((eq action :action-abort) "abort")
1687: ((eq action :action-kill) "kill")
1688: ((eq action :action-exit) "exit"))))
1689: ; Only proceed if action is not nil
1690: (when action
1691: ; delete the command string
1692: (let ((cmd (format "%s/delete" action)))
1693: ; Call syd--stat with the command
1694: (syd--stat (syd--rule cmd glob ?^))))))
1695:
1696: (defun syd-rename-add (action glob)
1697: "Adds to the given actionlist of rename sandboxing.
1698: ACTION is a constant representing the sandboxing action.
1699: GLOB is a string representing the glob pattern."
1700: (let ((action (cond
1701: ((eq action :action-allow) "allow")
1702: ((eq action :action-warn) "warn")
1703: ((eq action :action-filter) "filter")
1704: ((eq action :action-deny) "deny")
1705: ((eq action :action-panic) "panic")
1706: ((eq action :action-stop) "stop")
1707: ((eq action :action-abort) "abort")
1708: ((eq action :action-kill) "kill")
1709: ((eq action :action-exit) "exit"))))
1710: ; Only proceed if action is not nil
1711: (when action
1712: ; rename the command string
1713: (let ((cmd (format "%s/rename" action)))
1714: ; Call syd--stat with the command
1715: (syd--stat (syd--rule cmd glob ?+))))))
1716:
1717: (defun syd-rename-del (action glob)
1718: "Removes the first matching entry from the end of the given actionlist
1719: of rename sandboxing.
1720: ACTION is a constant representing the sandboxing action.
1721: GLOB is a string representing the glob pattern."
1722: (let ((action (cond
1723: ((eq action :action-allow) "allow")
1724: ((eq action :action-warn) "warn")
1725: ((eq action :action-filter) "filter")
1726: ((eq action :action-deny) "deny")
1727: ((eq action :action-panic) "panic")
1728: ((eq action :action-stop) "stop")
1729: ((eq action :action-abort) "abort")
1730: ((eq action :action-kill) "kill")
1731: ((eq action :action-exit) "exit"))))
1732: ; Only proceed if action is not nil
1733: (when action
1734: ; rename the command string
1735: (let ((cmd (format "%s/rename" action)))
1736: ; Call syd--stat with the command
1737: (syd--stat (syd--rule cmd glob ?-))))))
1738:
1739: (defun syd-rename-rem (action glob)
1740: "Removes all matching entries from the given actionlist of rename sandboxing.
1741: ACTION is a constant representing the sandboxing action.
1742: GLOB is a string representing the glob pattern."
1743: (let ((action (cond
1744: ((eq action :action-allow) "allow")
1745: ((eq action :action-warn) "warn")
1746: ((eq action :action-filter) "filter")
1747: ((eq action :action-deny) "deny")
1748: ((eq action :action-panic) "panic")
1749: ((eq action :action-stop) "stop")
1750: ((eq action :action-abort) "abort")
1751: ((eq action :action-kill) "kill")
1752: ((eq action :action-exit) "exit"))))
1753: ; Only proceed if action is not nil
1754: (when action
1755: ; rename the command string
1756: (let ((cmd (format "%s/rename" action)))
1757: ; Call syd--stat with the command
1758: (syd--stat (syd--rule cmd glob ?^))))))
1759:
1760: (defun syd-symlink-add (action glob)
1761: "Adds to the given actionlist of symlink sandboxing.
1762: ACTION is a constant representing the sandboxing action.
1763: GLOB is a string representing the glob pattern."
1764: (let ((action (cond
1765: ((eq action :action-allow) "allow")
1766: ((eq action :action-warn) "warn")
1767: ((eq action :action-filter) "filter")
1768: ((eq action :action-deny) "deny")
1769: ((eq action :action-panic) "panic")
1770: ((eq action :action-stop) "stop")
1771: ((eq action :action-abort) "abort")
1772: ((eq action :action-kill) "kill")
1773: ((eq action :action-exit) "exit"))))
1774: ; Only proceed if action is not nil
1775: (when action
1776: ; symlink the command string
1777: (let ((cmd (format "%s/symlink" action)))
1778: ; Call syd--stat with the command
1779: (syd--stat (syd--rule cmd glob ?+))))))
1780:
1781: (defun syd-symlink-del (action glob)
1782: "Removes the first matching entry from the end of the given actionlist
1783: of symlink sandboxing.
1784: ACTION is a constant representing the sandboxing action.
1785: GLOB is a string representing the glob pattern."
1786: (let ((action (cond
1787: ((eq action :action-allow) "allow")
1788: ((eq action :action-warn) "warn")
1789: ((eq action :action-filter) "filter")
1790: ((eq action :action-deny) "deny")
1791: ((eq action :action-panic) "panic")
1792: ((eq action :action-stop) "stop")
1793: ((eq action :action-abort) "abort")
1794: ((eq action :action-kill) "kill")
1795: ((eq action :action-exit) "exit"))))
1796: ; Only proceed if action is not nil
1797: (when action
1798: ; symlink the command string
1799: (let ((cmd (format "%s/symlink" action)))
1800: ; Call syd--stat with the command
1801: (syd--stat (syd--rule cmd glob ?-))))))
1802:
1803: (defun syd-symlink-rem (action glob)
1804: "Removes all matching entries from the given actionlist of symlink sandboxing.
1805: ACTION is a constant representing the sandboxing action.
1806: GLOB is a string representing the glob pattern."
1807: (let ((action (cond
1808: ((eq action :action-allow) "allow")
1809: ((eq action :action-warn) "warn")
1810: ((eq action :action-filter) "filter")
1811: ((eq action :action-deny) "deny")
1812: ((eq action :action-panic) "panic")
1813: ((eq action :action-stop) "stop")
1814: ((eq action :action-abort) "abort")
1815: ((eq action :action-kill) "kill")
1816: ((eq action :action-exit) "exit"))))
1817: ; Only proceed if action is not nil
1818: (when action
1819: ; symlink the command string
1820: (let ((cmd (format "%s/symlink" action)))
1821: ; Call syd--stat with the command
1822: (syd--stat (syd--rule cmd glob ?^))))))
1823:
1824: (defun syd-truncate-add (action glob)
1825: "Adds to the given actionlist of truncate sandboxing.
1826: ACTION is a constant representing the sandboxing action.
1827: GLOB is a string representing the glob pattern."
1828: (let ((action (cond
1829: ((eq action :action-allow) "allow")
1830: ((eq action :action-warn) "warn")
1831: ((eq action :action-filter) "filter")
1832: ((eq action :action-deny) "deny")
1833: ((eq action :action-panic) "panic")
1834: ((eq action :action-stop) "stop")
1835: ((eq action :action-abort) "abort")
1836: ((eq action :action-kill) "kill")
1837: ((eq action :action-exit) "exit"))))
1838: ; Only proceed if action is not nil
1839: (when action
1840: ; truncate the command string
1841: (let ((cmd (format "%s/truncate" action)))
1842: ; Call syd--stat with the command
1843: (syd--stat (syd--rule cmd glob ?+))))))
1844:
1845: (defun syd-truncate-del (action glob)
1846: "Removes the first matching entry from the end of the given actionlist
1847: of truncate sandboxing.
1848: ACTION is a constant representing the sandboxing action.
1849: GLOB is a string representing the glob pattern."
1850: (let ((action (cond
1851: ((eq action :action-allow) "allow")
1852: ((eq action :action-warn) "warn")
1853: ((eq action :action-filter) "filter")
1854: ((eq action :action-deny) "deny")
1855: ((eq action :action-panic) "panic")
1856: ((eq action :action-stop) "stop")
1857: ((eq action :action-abort) "abort")
1858: ((eq action :action-kill) "kill")
1859: ((eq action :action-exit) "exit"))))
1860: ; Only proceed if action is not nil
1861: (when action
1862: ; truncate the command string
1863: (let ((cmd (format "%s/truncate" action)))
1864: ; Call syd--stat with the command
1865: (syd--stat (syd--rule cmd glob ?-))))))
1866:
1867: (defun syd-truncate-rem (action glob)
1868: "Removes all matching entries from the given actionlist of truncate sandboxing.
1869: ACTION is a constant representing the sandboxing action.
1870: GLOB is a string representing the glob pattern."
1871: (let ((action (cond
1872: ((eq action :action-allow) "allow")
1873: ((eq action :action-warn) "warn")
1874: ((eq action :action-filter) "filter")
1875: ((eq action :action-deny) "deny")
1876: ((eq action :action-panic) "panic")
1877: ((eq action :action-stop) "stop")
1878: ((eq action :action-abort) "abort")
1879: ((eq action :action-kill) "kill")
1880: ((eq action :action-exit) "exit"))))
1881: ; Only proceed if action is not nil
1882: (when action
1883: ; truncate the command string
1884: (let ((cmd (format "%s/truncate" action)))
1885: ; Call syd--stat with the command
1886: (syd--stat (syd--rule cmd glob ?^))))))
1887:
1888: (defun syd-chdir-add (action glob)
1889: "Adds to the given actionlist of chdir sandboxing.
1890: ACTION is a constant representing the sandboxing action.
1891: GLOB is a string representing the glob pattern."
1892: (let ((action (cond
1893: ((eq action :action-allow) "allow")
1894: ((eq action :action-warn) "warn")
1895: ((eq action :action-filter) "filter")
1896: ((eq action :action-deny) "deny")
1897: ((eq action :action-panic) "panic")
1898: ((eq action :action-stop) "stop")
1899: ((eq action :action-abort) "abort")
1900: ((eq action :action-kill) "kill")
1901: ((eq action :action-exit) "exit"))))
1902: ; Only proceed if action is not nil
1903: (when action
1904: ; chdir the command string
1905: (let ((cmd (format "%s/chdir" action)))
1906: ; Call syd--stat with the command
1907: (syd--stat (syd--rule cmd glob ?+))))))
1908:
1909: (defun syd-chdir-del (action glob)
1910: "Removes the first matching entry from the end of the given actionlist
1911: of chdir sandboxing.
1912: ACTION is a constant representing the sandboxing action.
1913: GLOB is a string representing the glob pattern."
1914: (let ((action (cond
1915: ((eq action :action-allow) "allow")
1916: ((eq action :action-warn) "warn")
1917: ((eq action :action-filter) "filter")
1918: ((eq action :action-deny) "deny")
1919: ((eq action :action-panic) "panic")
1920: ((eq action :action-stop) "stop")
1921: ((eq action :action-abort) "abort")
1922: ((eq action :action-kill) "kill")
1923: ((eq action :action-exit) "exit"))))
1924: ; Only proceed if action is not nil
1925: (when action
1926: ; chdir the command string
1927: (let ((cmd (format "%s/chdir" action)))
1928: ; Call syd--stat with the command
1929: (syd--stat (syd--rule cmd glob ?-))))))
1930:
1931: (defun syd-chdir-rem (action glob)
1932: "Removes all matching entries from the given actionlist of chdir sandboxing.
1933: ACTION is a constant representing the sandboxing action.
1934: GLOB is a string representing the glob pattern."
1935: (let ((action (cond
1936: ((eq action :action-allow) "allow")
1937: ((eq action :action-warn) "warn")
1938: ((eq action :action-filter) "filter")
1939: ((eq action :action-deny) "deny")
1940: ((eq action :action-panic) "panic")
1941: ((eq action :action-stop) "stop")
1942: ((eq action :action-abort) "abort")
1943: ((eq action :action-kill) "kill")
1944: ((eq action :action-exit) "exit"))))
1945: ; Only proceed if action is not nil
1946: (when action
1947: ; chdir the command string
1948: (let ((cmd (format "%s/chdir" action)))
1949: ; Call syd--stat with the command
1950: (syd--stat (syd--rule cmd glob ?^))))))
1951:
1952: (defun syd-readdir-add (action glob)
1953: "Adds to the given actionlist of readdir sandboxing.
1954: ACTION is a constant representing the sandboxing action.
1955: GLOB is a string representing the glob pattern."
1956: (let ((action (cond
1957: ((eq action :action-allow) "allow")
1958: ((eq action :action-warn) "warn")
1959: ((eq action :action-filter) "filter")
1960: ((eq action :action-deny) "deny")
1961: ((eq action :action-panic) "panic")
1962: ((eq action :action-stop) "stop")
1963: ((eq action :action-abort) "abort")
1964: ((eq action :action-kill) "kill")
1965: ((eq action :action-exit) "exit"))))
1966: ; Only proceed if action is not nil
1967: (when action
1968: ; readdir the command string
1969: (let ((cmd (format "%s/readdir" action)))
1970: ; Call syd--stat with the command
1971: (syd--stat (syd--rule cmd glob ?+))))))
1972:
1973: (defun syd-readdir-del (action glob)
1974: "Removes the first matching entry from the end of the given actionlist
1975: of readdir sandboxing.
1976: ACTION is a constant representing the sandboxing action.
1977: GLOB is a string representing the glob pattern."
1978: (let ((action (cond
1979: ((eq action :action-allow) "allow")
1980: ((eq action :action-warn) "warn")
1981: ((eq action :action-filter) "filter")
1982: ((eq action :action-deny) "deny")
1983: ((eq action :action-panic) "panic")
1984: ((eq action :action-stop) "stop")
1985: ((eq action :action-abort) "abort")
1986: ((eq action :action-kill) "kill")
1987: ((eq action :action-exit) "exit"))))
1988: ; Only proceed if action is not nil
1989: (when action
1990: ; readdir the command string
1991: (let ((cmd (format "%s/readdir" action)))
1992: ; Call syd--stat with the command
1993: (syd--stat (syd--rule cmd glob ?-))))))
1994:
1995: (defun syd-readdir-rem (action glob)
1996: "Removes all matching entries from the given actionlist of readdir sandboxing.
1997: ACTION is a constant representing the sandboxing action.
1998: GLOB is a string representing the glob pattern."
1999: (let ((action (cond
2000: ((eq action :action-allow) "allow")
2001: ((eq action :action-warn) "warn")
2002: ((eq action :action-filter) "filter")
2003: ((eq action :action-deny) "deny")
2004: ((eq action :action-panic) "panic")
2005: ((eq action :action-stop) "stop")
2006: ((eq action :action-abort) "abort")
2007: ((eq action :action-kill) "kill")
2008: ((eq action :action-exit) "exit"))))
2009: ; Only proceed if action is not nil
2010: (when action
2011: ; readdir the command string
2012: (let ((cmd (format "%s/readdir" action)))
2013: ; Call syd--stat with the command
2014: (syd--stat (syd--rule cmd glob ?^))))))
2015:
2016: (defun syd-readdir-add (action glob)
2017: "Adds to the given actionlist of readdir sandboxing.
2018: ACTION is a constant representing the sandboxing action.
2019: GLOB is a string representing the glob pattern."
2020: (let ((action (cond
2021: ((eq action :action-allow) "allow")
2022: ((eq action :action-warn) "warn")
2023: ((eq action :action-filter) "filter")
2024: ((eq action :action-deny) "deny")
2025: ((eq action :action-panic) "panic")
2026: ((eq action :action-stop) "stop")
2027: ((eq action :action-abort) "abort")
2028: ((eq action :action-kill) "kill")
2029: ((eq action :action-exit) "exit"))))
2030: ; Only proceed if action is not nil
2031: (when action
2032: ; readdir the command string
2033: (let ((cmd (format "%s/readdir" action)))
2034: ; Call syd--stat with the command
2035: (syd--stat (syd--rule cmd glob ?+))))))
2036:
2037: (defun syd-readdir-del (action glob)
2038: "Removes the first matching entry from the end of the given actionlist
2039: of readdir sandboxing.
2040: ACTION is a constant representing the sandboxing action.
2041: GLOB is a string representing the glob pattern."
2042: (let ((action (cond
2043: ((eq action :action-allow) "allow")
2044: ((eq action :action-warn) "warn")
2045: ((eq action :action-filter) "filter")
2046: ((eq action :action-deny) "deny")
2047: ((eq action :action-panic) "panic")
2048: ((eq action :action-stop) "stop")
2049: ((eq action :action-abort) "abort")
2050: ((eq action :action-kill) "kill")
2051: ((eq action :action-exit) "exit"))))
2052: ; Only proceed if action is not nil
2053: (when action
2054: ; readdir the command string
2055: (let ((cmd (format "%s/readdir" action)))
2056: ; Call syd--stat with the command
2057: (syd--stat (syd--rule cmd glob ?-))))))
2058:
2059: (defun syd-readdir-rem (action glob)
2060: "Removes all matching entries from the given actionlist of readdir sandboxing.
2061: ACTION is a constant representing the sandboxing action.
2062: GLOB is a string representing the glob pattern."
2063: (let ((action (cond
2064: ((eq action :action-allow) "allow")
2065: ((eq action :action-warn) "warn")
2066: ((eq action :action-filter) "filter")
2067: ((eq action :action-deny) "deny")
2068: ((eq action :action-panic) "panic")
2069: ((eq action :action-stop) "stop")
2070: ((eq action :action-abort) "abort")
2071: ((eq action :action-kill) "kill")
2072: ((eq action :action-exit) "exit"))))
2073: ; Only proceed if action is not nil
2074: (when action
2075: ; readdir the command string
2076: (let ((cmd (format "%s/readdir" action)))
2077: ; Call syd--stat with the command
2078: (syd--stat (syd--rule cmd glob ?^))))))
2079:
2080: (defun syd-mkdir-add (action glob)
2081: "Adds to the given actionlist of mkdir sandboxing.
2082: ACTION is a constant representing the sandboxing action.
2083: GLOB is a string representing the glob pattern."
2084: (let ((action (cond
2085: ((eq action :action-allow) "allow")
2086: ((eq action :action-warn) "warn")
2087: ((eq action :action-filter) "filter")
2088: ((eq action :action-deny) "deny")
2089: ((eq action :action-panic) "panic")
2090: ((eq action :action-stop) "stop")
2091: ((eq action :action-abort) "abort")
2092: ((eq action :action-kill) "kill")
2093: ((eq action :action-exit) "exit"))))
2094: ; Only proceed if action is not nil
2095: (when action
2096: ; mkdir the command string
2097: (let ((cmd (format "%s/mkdir" action)))
2098: ; Call syd--stat with the command
2099: (syd--stat (syd--rule cmd glob ?+))))))
2100:
2101: (defun syd-mkdir-del (action glob)
2102: "Removes the first matching entry from the end of the given actionlist
2103: of mkdir sandboxing.
2104: ACTION is a constant representing the sandboxing action.
2105: GLOB is a string representing the glob pattern."
2106: (let ((action (cond
2107: ((eq action :action-allow) "allow")
2108: ((eq action :action-warn) "warn")
2109: ((eq action :action-filter) "filter")
2110: ((eq action :action-deny) "deny")
2111: ((eq action :action-panic) "panic")
2112: ((eq action :action-stop) "stop")
2113: ((eq action :action-abort) "abort")
2114: ((eq action :action-kill) "kill")
2115: ((eq action :action-exit) "exit"))))
2116: ; Only proceed if action is not nil
2117: (when action
2118: ; mkdir the command string
2119: (let ((cmd (format "%s/mkdir" action)))
2120: ; Call syd--stat with the command
2121: (syd--stat (syd--rule cmd glob ?-))))))
2122:
2123: (defun syd-mkdir-rem (action glob)
2124: "Removes all matching entries from the given actionlist of mkdir sandboxing.
2125: ACTION is a constant representing the sandboxing action.
2126: GLOB is a string representing the glob pattern."
2127: (let ((action (cond
2128: ((eq action :action-allow) "allow")
2129: ((eq action :action-warn) "warn")
2130: ((eq action :action-filter) "filter")
2131: ((eq action :action-deny) "deny")
2132: ((eq action :action-panic) "panic")
2133: ((eq action :action-stop) "stop")
2134: ((eq action :action-abort) "abort")
2135: ((eq action :action-kill) "kill")
2136: ((eq action :action-exit) "exit"))))
2137: ; Only proceed if action is not nil
2138: (when action
2139: ; mkdir the command string
2140: (let ((cmd (format "%s/mkdir" action)))
2141: ; Call syd--stat with the command
2142: (syd--stat (syd--rule cmd glob ?^))))))
2143:
2144: (defun syd-rmdir-add (action glob)
2145: "Adds to the given actionlist of rmdir sandboxing.
2146: ACTION is a constant representing the sandboxing action.
2147: GLOB is a string representing the glob pattern."
2148: (let ((action (cond
2149: ((eq action :action-allow) "allow")
2150: ((eq action :action-warn) "warn")
2151: ((eq action :action-filter) "filter")
2152: ((eq action :action-deny) "deny")
2153: ((eq action :action-panic) "panic")
2154: ((eq action :action-stop) "stop")
2155: ((eq action :action-abort) "abort")
2156: ((eq action :action-kill) "kill")
2157: ((eq action :action-exit) "exit"))))
2158: ; Only proceed if action is not nil
2159: (when action
2160: ; rmdir the command string
2161: (let ((cmd (format "%s/rmdir" action)))
2162: ; Call syd--stat with the command
2163: (syd--stat (syd--rule cmd glob ?+))))))
2164:
2165: (defun syd-rmdir-del (action glob)
2166: "Removes the first matching entry from the end of the given actionlist
2167: of rmdir sandboxing.
2168: ACTION is a constant representing the sandboxing action.
2169: GLOB is a string representing the glob pattern."
2170: (let ((action (cond
2171: ((eq action :action-allow) "allow")
2172: ((eq action :action-warn) "warn")
2173: ((eq action :action-filter) "filter")
2174: ((eq action :action-deny) "deny")
2175: ((eq action :action-panic) "panic")
2176: ((eq action :action-stop) "stop")
2177: ((eq action :action-abort) "abort")
2178: ((eq action :action-kill) "kill")
2179: ((eq action :action-exit) "exit"))))
2180: ; Only proceed if action is not nil
2181: (when action
2182: ; rmdir the command string
2183: (let ((cmd (format "%s/rmdir" action)))
2184: ; Call syd--stat with the command
2185: (syd--stat (syd--rule cmd glob ?-))))))
2186:
2187: (defun syd-rmdir-rem (action glob)
2188: "Removes all matching entries from the given actionlist of rmdir sandboxing.
2189: ACTION is a constant representing the sandboxing action.
2190: GLOB is a string representing the glob pattern."
2191: (let ((action (cond
2192: ((eq action :action-allow) "allow")
2193: ((eq action :action-warn) "warn")
2194: ((eq action :action-filter) "filter")
2195: ((eq action :action-deny) "deny")
2196: ((eq action :action-panic) "panic")
2197: ((eq action :action-stop) "stop")
2198: ((eq action :action-abort) "abort")
2199: ((eq action :action-kill) "kill")
2200: ((eq action :action-exit) "exit"))))
2201: ; Only proceed if action is not nil
2202: (when action
2203: ; rmdir the command string
2204: (let ((cmd (format "%s/rmdir" action)))
2205: ; Call syd--stat with the command
2206: (syd--stat (syd--rule cmd glob ?^))))))
2207:
2208: (defun syd-chown-add (action glob)
2209: "Adds to the given actionlist of chown sandboxing.
2210: ACTION is a constant representing the sandboxing action.
2211: GLOB is a string representing the glob pattern."
2212: (let ((action (cond
2213: ((eq action :action-allow) "allow")
2214: ((eq action :action-warn) "warn")
2215: ((eq action :action-filter) "filter")
2216: ((eq action :action-deny) "deny")
2217: ((eq action :action-panic) "panic")
2218: ((eq action :action-stop) "stop")
2219: ((eq action :action-abort) "abort")
2220: ((eq action :action-kill) "kill")
2221: ((eq action :action-exit) "exit"))))
2222: ; Only proceed if action is not nil
2223: (when action
2224: ; Create the command string
2225: (let ((cmd (format "%s/chown" action)))
2226: ; Call syd--stat with the command
2227: (syd--stat (syd--rule cmd glob ?+))))))
2228:
2229: (defun syd-chown-del (action glob)
2230: "Removes the first matching entry from the end of the given actionlist
2231: of chown sandboxing.
2232: ACTION is a constant representing the sandboxing action.
2233: GLOB is a string representing the glob pattern."
2234: (let ((action (cond
2235: ((eq action :action-allow) "allow")
2236: ((eq action :action-warn) "warn")
2237: ((eq action :action-filter) "filter")
2238: ((eq action :action-deny) "deny")
2239: ((eq action :action-panic) "panic")
2240: ((eq action :action-stop) "stop")
2241: ((eq action :action-abort) "abort")
2242: ((eq action :action-kill) "kill")
2243: ((eq action :action-exit) "exit"))))
2244: ; Only proceed if action is not nil
2245: (when action
2246: ; Create the command string
2247: (let ((cmd (format "%s/chown" action)))
2248: ; Call syd--stat with the command
2249: (syd--stat (syd--rule cmd glob ?-))))))
2250:
2251: (defun syd-chown-rem (action glob)
2252: "Removes all matching entries from the given actionlist of chown sandboxing.
2253: ACTION is a constant representing the sandboxing action.
2254: GLOB is a string representing the glob pattern."
2255: (let ((action (cond
2256: ((eq action :action-allow) "allow")
2257: ((eq action :action-warn) "warn")
2258: ((eq action :action-filter) "filter")
2259: ((eq action :action-deny) "deny")
2260: ((eq action :action-panic) "panic")
2261: ((eq action :action-stop) "stop")
2262: ((eq action :action-abort) "abort")
2263: ((eq action :action-kill) "kill")
2264: ((eq action :action-exit) "exit"))))
2265: ; Only proceed if action is not nil
2266: (when action
2267: ; Create the command string
2268: (let ((cmd (format "%s/chown" action)))
2269: ; Call syd--stat with the command
2270: (syd--stat (syd--rule cmd glob ?^))))))
2271:
2272: (defun syd-chgrp-add (action glob)
2273: "Adds to the given actionlist of chgrp sandboxing.
2274: ACTION is a constant representing the sandboxing action.
2275: GLOB is a string representing the glob pattern."
2276: (let ((action (cond
2277: ((eq action :action-allow) "allow")
2278: ((eq action :action-warn) "warn")
2279: ((eq action :action-filter) "filter")
2280: ((eq action :action-deny) "deny")
2281: ((eq action :action-panic) "panic")
2282: ((eq action :action-stop) "stop")
2283: ((eq action :action-abort) "abort")
2284: ((eq action :action-kill) "kill")
2285: ((eq action :action-exit) "exit"))))
2286: ; Only proceed if action is not nil
2287: (when action
2288: ; Create the command string
2289: (let ((cmd (format "%s/chgrp" action)))
2290: ; Call syd--stat with the command
2291: (syd--stat (syd--rule cmd glob ?+))))))
2292:
2293: (defun syd-chgrp-del (action glob)
2294: "Removes the first matching entry from the end of the given actionlist
2295: of chgrp sandboxing.
2296: ACTION is a constant representing the sandboxing action.
2297: GLOB is a string representing the glob pattern."
2298: (let ((action (cond
2299: ((eq action :action-allow) "allow")
2300: ((eq action :action-warn) "warn")
2301: ((eq action :action-filter) "filter")
2302: ((eq action :action-deny) "deny")
2303: ((eq action :action-panic) "panic")
2304: ((eq action :action-stop) "stop")
2305: ((eq action :action-abort) "abort")
2306: ((eq action :action-kill) "kill")
2307: ((eq action :action-exit) "exit"))))
2308: ; Only proceed if action is not nil
2309: (when action
2310: ; Create the command string
2311: (let ((cmd (format "%s/chgrp" action)))
2312: ; Call syd--stat with the command
2313: (syd--stat (syd--rule cmd glob ?-))))))
2314:
2315: (defun syd-chgrp-rem (action glob)
2316: "Removes all matching entries from the given actionlist of chgrp sandboxing.
2317: ACTION is a constant representing the sandboxing action.
2318: GLOB is a string representing the glob pattern."
2319: (let ((action (cond
2320: ((eq action :action-allow) "allow")
2321: ((eq action :action-warn) "warn")
2322: ((eq action :action-filter) "filter")
2323: ((eq action :action-deny) "deny")
2324: ((eq action :action-panic) "panic")
2325: ((eq action :action-stop) "stop")
2326: ((eq action :action-abort) "abort")
2327: ((eq action :action-kill) "kill")
2328: ((eq action :action-exit) "exit"))))
2329: ; Only proceed if action is not nil
2330: (when action
2331: ; Create the command string
2332: (let ((cmd (format "%s/chgrp" action)))
2333: ; Call syd--stat with the command
2334: (syd--stat (syd--rule cmd glob ?^))))))
2335:
2336: (defun syd-chmod-add (action glob)
2337: "Adds to the given actionlist of chmod sandboxing.
2338: ACTION is a constant representing the sandboxing action.
2339: GLOB is a string representing the glob pattern."
2340: (let ((action (cond
2341: ((eq action :action-allow) "allow")
2342: ((eq action :action-warn) "warn")
2343: ((eq action :action-filter) "filter")
2344: ((eq action :action-deny) "deny")
2345: ((eq action :action-panic) "panic")
2346: ((eq action :action-stop) "stop")
2347: ((eq action :action-abort) "abort")
2348: ((eq action :action-kill) "kill")
2349: ((eq action :action-exit) "exit"))))
2350: ; Only proceed if action is not nil
2351: (when action
2352: ; Create the command string
2353: (let ((cmd (format "%s/chmod" action)))
2354: ; Call syd--stat with the command
2355: (syd--stat (syd--rule cmd glob ?+))))))
2356:
2357: (defun syd-chmod-del (action glob)
2358: "Removes the first matching entry from the end of the given actionlist
2359: of chmod sandboxing.
2360: ACTION is a constant representing the sandboxing action.
2361: GLOB is a string representing the glob pattern."
2362: (let ((action (cond
2363: ((eq action :action-allow) "allow")
2364: ((eq action :action-warn) "warn")
2365: ((eq action :action-filter) "filter")
2366: ((eq action :action-deny) "deny")
2367: ((eq action :action-panic) "panic")
2368: ((eq action :action-stop) "stop")
2369: ((eq action :action-abort) "abort")
2370: ((eq action :action-kill) "kill")
2371: ((eq action :action-exit) "exit"))))
2372: ; Only proceed if action is not nil
2373: (when action
2374: ; Create the command string
2375: (let ((cmd (format "%s/chmod" action)))
2376: ; Call syd--stat with the command
2377: (syd--stat (syd--rule cmd glob ?-))))))
2378:
2379: (defun syd-chmod-rem (action glob)
2380: "Removes all matching entries from the given actionlist of chmod sandboxing.
2381: ACTION is a constant representing the sandboxing action.
2382: GLOB is a string representing the glob pattern."
2383: (let ((action (cond
2384: ((eq action :action-allow) "allow")
2385: ((eq action :action-warn) "warn")
2386: ((eq action :action-filter) "filter")
2387: ((eq action :action-deny) "deny")
2388: ((eq action :action-panic) "panic")
2389: ((eq action :action-stop) "stop")
2390: ((eq action :action-abort) "abort")
2391: ((eq action :action-kill) "kill")
2392: ((eq action :action-exit) "exit"))))
2393: ; Only proceed if action is not nil
2394: (when action
2395: ; Create the command string
2396: (let ((cmd (format "%s/chmod" action)))
2397: ; Call syd--stat with the command
2398: (syd--stat (syd--rule cmd glob ?^))))))
2399:
2400: (defun syd-chattr-add (action glob)
2401: "Adds to the given actionlist of chattr sandboxing.
2402: ACTION is a constant representing the sandboxing action.
2403: GLOB is a string representing the glob pattern."
2404: (let ((action (cond
2405: ((eq action :action-allow) "allow")
2406: ((eq action :action-warn) "warn")
2407: ((eq action :action-filter) "filter")
2408: ((eq action :action-deny) "deny")
2409: ((eq action :action-panic) "panic")
2410: ((eq action :action-stop) "stop")
2411: ((eq action :action-abort) "abort")
2412: ((eq action :action-kill) "kill")
2413: ((eq action :action-exit) "exit"))))
2414: ; Only proceed if action is not nil
2415: (when action
2416: ; Create the command string
2417: (let ((cmd (format "%s/chattr" action)))
2418: ; Call syd--stat with the command
2419: (syd--stat (syd--rule cmd glob ?+))))))
2420:
2421: (defun syd-chattr-del (action glob)
2422: "Removes the first matching entry from the end of the given actionlist
2423: of chattr sandboxing.
2424: ACTION is a constant representing the sandboxing action.
2425: GLOB is a string representing the glob pattern."
2426: (let ((action (cond
2427: ((eq action :action-allow) "allow")
2428: ((eq action :action-warn) "warn")
2429: ((eq action :action-filter) "filter")
2430: ((eq action :action-deny) "deny")
2431: ((eq action :action-panic) "panic")
2432: ((eq action :action-stop) "stop")
2433: ((eq action :action-abort) "abort")
2434: ((eq action :action-kill) "kill")
2435: ((eq action :action-exit) "exit"))))
2436: ; Only proceed if action is not nil
2437: (when action
2438: ; Create the command string
2439: (let ((cmd (format "%s/chattr" action)))
2440: ; Call syd--stat with the command
2441: (syd--stat (syd--rule cmd glob ?-))))))
2442:
2443: (defun syd-chattr-rem (action glob)
2444: "Removes all matching entries from the given actionlist of chattr sandboxing.
2445: ACTION is a constant representing the sandboxing action.
2446: GLOB is a string representing the glob pattern."
2447: (let ((action (cond
2448: ((eq action :action-allow) "allow")
2449: ((eq action :action-warn) "warn")
2450: ((eq action :action-filter) "filter")
2451: ((eq action :action-deny) "deny")
2452: ((eq action :action-panic) "panic")
2453: ((eq action :action-stop) "stop")
2454: ((eq action :action-abort) "abort")
2455: ((eq action :action-kill) "kill")
2456: ((eq action :action-exit) "exit"))))
2457: ; Only proceed if action is not nil
2458: (when action
2459: ; Create the command string
2460: (let ((cmd (format "%s/chattr" action)))
2461: ; Call syd--stat with the command
2462: (syd--stat (syd--rule cmd glob ?^))))))
2463:
2464: (defun syd-chroot-add (action glob)
2465: "Adds to the given actionlist of chroot sandboxing.
2466: ACTION is a constant representing the sandboxing action.
2467: GLOB is a string representing the glob pattern."
2468: (let ((action (cond
2469: ((eq action :action-allow) "allow")
2470: ((eq action :action-warn) "warn")
2471: ((eq action :action-filter) "filter")
2472: ((eq action :action-deny) "deny")
2473: ((eq action :action-panic) "panic")
2474: ((eq action :action-stop) "stop")
2475: ((eq action :action-abort) "abort")
2476: ((eq action :action-kill) "kill")
2477: ((eq action :action-exit) "exit"))))
2478: ; Only proceed if action is not nil
2479: (when action
2480: ; Create the command string
2481: (let ((cmd (format "%s/chroot" action)))
2482: ; Call syd--stat with the command
2483: (syd--stat (syd--rule cmd glob ?+))))))
2484:
2485: (defun syd-chroot-del (action glob)
2486: "Removes the first matching entry from the end of the given actionlist
2487: of chroot sandboxing.
2488: ACTION is a constant representing the sandboxing action.
2489: GLOB is a string representing the glob pattern."
2490: (let ((action (cond
2491: ((eq action :action-allow) "allow")
2492: ((eq action :action-warn) "warn")
2493: ((eq action :action-filter) "filter")
2494: ((eq action :action-deny) "deny")
2495: ((eq action :action-panic) "panic")
2496: ((eq action :action-stop) "stop")
2497: ((eq action :action-abort) "abort")
2498: ((eq action :action-kill) "kill")
2499: ((eq action :action-exit) "exit"))))
2500: ; Only proceed if action is not nil
2501: (when action
2502: ; Create the command string
2503: (let ((cmd (format "%s/chroot" action)))
2504: ; Call syd--stat with the command
2505: (syd--stat (syd--rule cmd glob ?-))))))
2506:
2507: (defun syd-chroot-rem (action glob)
2508: "Removes all matching entries from the given actionlist of chroot sandboxing.
2509: ACTION is a constant representing the sandboxing action.
2510: GLOB is a string representing the glob pattern."
2511: (let ((action (cond
2512: ((eq action :action-allow) "allow")
2513: ((eq action :action-warn) "warn")
2514: ((eq action :action-filter) "filter")
2515: ((eq action :action-deny) "deny")
2516: ((eq action :action-panic) "panic")
2517: ((eq action :action-stop) "stop")
2518: ((eq action :action-abort) "abort")
2519: ((eq action :action-kill) "kill")
2520: ((eq action :action-exit) "exit"))))
2521: ; Only proceed if action is not nil
2522: (when action
2523: ; Create the command string
2524: (let ((cmd (format "%s/chroot" action)))
2525: ; Call syd--stat with the command
2526: (syd--stat (syd--rule cmd glob ?^))))))
2527:
2528: (defun syd-utime-add (action glob)
2529: "Adds to the given actionlist of utime sandboxing.
2530: ACTION is a constant representing the sandboxing action.
2531: GLOB is a string representing the glob pattern."
2532: (let ((action (cond
2533: ((eq action :action-allow) "allow")
2534: ((eq action :action-warn) "warn")
2535: ((eq action :action-filter) "filter")
2536: ((eq action :action-deny) "deny")
2537: ((eq action :action-panic) "panic")
2538: ((eq action :action-stop) "stop")
2539: ((eq action :action-abort) "abort")
2540: ((eq action :action-kill) "kill")
2541: ((eq action :action-exit) "exit"))))
2542: ; Only proceed if action is not nil
2543: (when action
2544: ; Create the command string
2545: (let ((cmd (format "%s/utime" action)))
2546: ; Call syd--stat with the command
2547: (syd--stat (syd--rule cmd glob ?+))))))
2548:
2549: (defun syd-utime-del (action glob)
2550: "Removes the first matching entry from the end of the given actionlist
2551: of utime sandboxing.
2552: ACTION is a constant representing the sandboxing action.
2553: GLOB is a string representing the glob pattern."
2554: (let ((action (cond
2555: ((eq action :action-allow) "allow")
2556: ((eq action :action-warn) "warn")
2557: ((eq action :action-filter) "filter")
2558: ((eq action :action-deny) "deny")
2559: ((eq action :action-panic) "panic")
2560: ((eq action :action-stop) "stop")
2561: ((eq action :action-abort) "abort")
2562: ((eq action :action-kill) "kill")
2563: ((eq action :action-exit) "exit"))))
2564: ; Only proceed if action is not nil
2565: (when action
2566: ; Create the command string
2567: (let ((cmd (format "%s/utime" action)))
2568: ; Call syd--stat with the command
2569: (syd--stat (syd--rule cmd glob ?-))))))
2570:
2571: (defun syd-utime-rem (action glob)
2572: "Removes all matching entries from the given actionlist of utime sandboxing.
2573: ACTION is a constant representing the sandboxing action.
2574: GLOB is a string representing the glob pattern."
2575: (let ((action (cond
2576: ((eq action :action-allow) "allow")
2577: ((eq action :action-warn) "warn")
2578: ((eq action :action-filter) "filter")
2579: ((eq action :action-deny) "deny")
2580: ((eq action :action-panic) "panic")
2581: ((eq action :action-stop) "stop")
2582: ((eq action :action-abort) "abort")
2583: ((eq action :action-kill) "kill")
2584: ((eq action :action-exit) "exit"))))
2585: ; Only proceed if action is not nil
2586: (when action
2587: ; Create the command string
2588: (let ((cmd (format "%s/utime" action)))
2589: ; Call syd--stat with the command
2590: (syd--stat (syd--rule cmd glob ?^))))))
2591:
2592: (defun syd-mkbdev-add (action glob)
2593: "Adds to the given actionlist of mkbdev sandboxing.
2594: ACTION is a constant representing the sandboxing action.
2595: GLOB is a string representing the glob pattern."
2596: (let ((action (cond
2597: ((eq action :action-allow) "allow")
2598: ((eq action :action-warn) "warn")
2599: ((eq action :action-filter) "filter")
2600: ((eq action :action-deny) "deny")
2601: ((eq action :action-panic) "panic")
2602: ((eq action :action-stop) "stop")
2603: ((eq action :action-abort) "abort")
2604: ((eq action :action-kill) "kill")
2605: ((eq action :action-exit) "exit"))))
2606: ; Only proceed if action is not nil
2607: (when action
2608: ; Create the command string
2609: (let ((cmd (format "%s/mkbdev" action)))
2610: ; Call syd--stat with the command
2611: (syd--stat (syd--rule cmd glob ?+))))))
2612:
2613: (defun syd-mkbdev-del (action glob)
2614: "Removes the first matching entry from the end of the given actionlist
2615: of mkbdev sandboxing.
2616: ACTION is a constant representing the sandboxing action.
2617: GLOB is a string representing the glob pattern."
2618: (let ((action (cond
2619: ((eq action :action-allow) "allow")
2620: ((eq action :action-warn) "warn")
2621: ((eq action :action-filter) "filter")
2622: ((eq action :action-deny) "deny")
2623: ((eq action :action-panic) "panic")
2624: ((eq action :action-stop) "stop")
2625: ((eq action :action-abort) "abort")
2626: ((eq action :action-kill) "kill")
2627: ((eq action :action-exit) "exit"))))
2628: ; Only proceed if action is not nil
2629: (when action
2630: ; Create the command string
2631: (let ((cmd (format "%s/mkbdev" action)))
2632: ; Call syd--stat with the command
2633: (syd--stat (syd--rule cmd glob ?-))))))
2634:
2635: (defun syd-mkbdev-rem (action glob)
2636: "Removes all matching entries from the given actionlist of mkbdev sandboxing.
2637: ACTION is a constant representing the sandboxing action.
2638: GLOB is a string representing the glob pattern."
2639: (let ((action (cond
2640: ((eq action :action-allow) "allow")
2641: ((eq action :action-warn) "warn")
2642: ((eq action :action-filter) "filter")
2643: ((eq action :action-deny) "deny")
2644: ((eq action :action-panic) "panic")
2645: ((eq action :action-stop) "stop")
2646: ((eq action :action-abort) "abort")
2647: ((eq action :action-kill) "kill")
2648: ((eq action :action-exit) "exit"))))
2649: ; Only proceed if action is not nil
2650: (when action
2651: ; Create the command string
2652: (let ((cmd (format "%s/mkbdev" action)))
2653: ; Call syd--stat with the command
2654: (syd--stat (syd--rule cmd glob ?^))))))
2655:
2656: (defun syd-mkcdev-add (action glob)
2657: "Adds to the given actionlist of mkcdev sandboxing.
2658: ACTION is a constant representing the sandboxing action.
2659: GLOB is a string representing the glob pattern."
2660: (let ((action (cond
2661: ((eq action :action-allow) "allow")
2662: ((eq action :action-warn) "warn")
2663: ((eq action :action-filter) "filter")
2664: ((eq action :action-deny) "deny")
2665: ((eq action :action-panic) "panic")
2666: ((eq action :action-stop) "stop")
2667: ((eq action :action-abort) "abort")
2668: ((eq action :action-kill) "kill")
2669: ((eq action :action-exit) "exit"))))
2670: ; Only proceed if action is not nil
2671: (when action
2672: ; Create the command string
2673: (let ((cmd (format "%s/mkcdev" action)))
2674: ; Call syd--stat with the command
2675: (syd--stat (syd--rule cmd glob ?+))))))
2676:
2677: (defun syd-mkcdev-del (action glob)
2678: "Removes the first matching entry from the end of the given actionlist
2679: of mkcdev sandboxing.
2680: ACTION is a constant representing the sandboxing action.
2681: GLOB is a string representing the glob pattern."
2682: (let ((action (cond
2683: ((eq action :action-allow) "allow")
2684: ((eq action :action-warn) "warn")
2685: ((eq action :action-filter) "filter")
2686: ((eq action :action-deny) "deny")
2687: ((eq action :action-panic) "panic")
2688: ((eq action :action-stop) "stop")
2689: ((eq action :action-abort) "abort")
2690: ((eq action :action-kill) "kill")
2691: ((eq action :action-exit) "exit"))))
2692: ; Only proceed if action is not nil
2693: (when action
2694: ; Create the command string
2695: (let ((cmd (format "%s/mkcdev" action)))
2696: ; Call syd--stat with the command
2697: (syd--stat (syd--rule cmd glob ?-))))))
2698:
2699: (defun syd-mkcdev-rem (action glob)
2700: "Removes all matching entries from the given actionlist of mkcdev sandboxing.
2701: ACTION is a constant representing the sandboxing action.
2702: GLOB is a string representing the glob pattern."
2703: (let ((action (cond
2704: ((eq action :action-allow) "allow")
2705: ((eq action :action-warn) "warn")
2706: ((eq action :action-filter) "filter")
2707: ((eq action :action-deny) "deny")
2708: ((eq action :action-panic) "panic")
2709: ((eq action :action-stop) "stop")
2710: ((eq action :action-abort) "abort")
2711: ((eq action :action-kill) "kill")
2712: ((eq action :action-exit) "exit"))))
2713: ; Only proceed if action is not nil
2714: (when action
2715: ; Create the command string
2716: (let ((cmd (format "%s/mkcdev" action)))
2717: ; Call syd--stat with the command
2718: (syd--stat (syd--rule cmd glob ?^))))))
2719:
2720: (defun syd-mkfifo-add (action glob)
2721: "Adds to the given actionlist of mkfifo sandboxing.
2722: ACTION is a constant representing the sandboxing action.
2723: GLOB is a string representing the glob pattern."
2724: (let ((action (cond
2725: ((eq action :action-allow) "allow")
2726: ((eq action :action-warn) "warn")
2727: ((eq action :action-filter) "filter")
2728: ((eq action :action-deny) "deny")
2729: ((eq action :action-panic) "panic")
2730: ((eq action :action-stop) "stop")
2731: ((eq action :action-abort) "abort")
2732: ((eq action :action-kill) "kill")
2733: ((eq action :action-exit) "exit"))))
2734: ; Only proceed if action is not nil
2735: (when action
2736: ; Create the command string
2737: (let ((cmd (format "%s/mkfifo" action)))
2738: ; Call syd--stat with the command
2739: (syd--stat (syd--rule cmd glob ?+))))))
2740:
2741: (defun syd-mkfifo-del (action glob)
2742: "Removes the first matching entry from the end of the given actionlist
2743: of mkfifo sandboxing.
2744: ACTION is a constant representing the sandboxing action.
2745: GLOB is a string representing the glob pattern."
2746: (let ((action (cond
2747: ((eq action :action-allow) "allow")
2748: ((eq action :action-warn) "warn")
2749: ((eq action :action-filter) "filter")
2750: ((eq action :action-deny) "deny")
2751: ((eq action :action-panic) "panic")
2752: ((eq action :action-stop) "stop")
2753: ((eq action :action-abort) "abort")
2754: ((eq action :action-kill) "kill")
2755: ((eq action :action-exit) "exit"))))
2756: ; Only proceed if action is not nil
2757: (when action
2758: ; Create the command string
2759: (let ((cmd (format "%s/mkfifo" action)))
2760: ; Call syd--stat with the command
2761: (syd--stat (syd--rule cmd glob ?-))))))
2762:
2763: (defun syd-mkfifo-rem (action glob)
2764: "Removes all matching entries from the given actionlist of mkfifo sandboxing.
2765: ACTION is a constant representing the sandboxing action.
2766: GLOB is a string representing the glob pattern."
2767: (let ((action (cond
2768: ((eq action :action-allow) "allow")
2769: ((eq action :action-warn) "warn")
2770: ((eq action :action-filter) "filter")
2771: ((eq action :action-deny) "deny")
2772: ((eq action :action-panic) "panic")
2773: ((eq action :action-stop) "stop")
2774: ((eq action :action-abort) "abort")
2775: ((eq action :action-kill) "kill")
2776: ((eq action :action-exit) "exit"))))
2777: ; Only proceed if action is not nil
2778: (when action
2779: ; Create the command string
2780: (let ((cmd (format "%s/mkfifo" action)))
2781: ; Call syd--stat with the command
2782: (syd--stat (syd--rule cmd glob ?^))))))
2783:
2784: (defun syd-mktemp-add (action glob)
2785: "Adds to the given actionlist of mktemp sandboxing.
2786: ACTION is a constant representing the sandboxing action.
2787: GLOB is a string representing the glob pattern."
2788: (let ((action (cond
2789: ((eq action :action-allow) "allow")
2790: ((eq action :action-warn) "warn")
2791: ((eq action :action-filter) "filter")
2792: ((eq action :action-deny) "deny")
2793: ((eq action :action-panic) "panic")
2794: ((eq action :action-stop) "stop")
2795: ((eq action :action-abort) "abort")
2796: ((eq action :action-kill) "kill")
2797: ((eq action :action-exit) "exit"))))
2798: ; Only proceed if action is not nil
2799: (when action
2800: ; Create the command string
2801: (let ((cmd (format "%s/mktemp" action)))
2802: ; Call syd--stat with the command
2803: (syd--stat (syd--rule cmd glob ?+))))))
2804:
2805: (defun syd-mktemp-del (action glob)
2806: "Removes the first matching entry from the end of the given actionlist
2807: of mktemp sandboxing.
2808: ACTION is a constant representing the sandboxing action.
2809: GLOB is a string representing the glob pattern."
2810: (let ((action (cond
2811: ((eq action :action-allow) "allow")
2812: ((eq action :action-warn) "warn")
2813: ((eq action :action-filter) "filter")
2814: ((eq action :action-deny) "deny")
2815: ((eq action :action-panic) "panic")
2816: ((eq action :action-stop) "stop")
2817: ((eq action :action-abort) "abort")
2818: ((eq action :action-kill) "kill")
2819: ((eq action :action-exit) "exit"))))
2820: ; Only proceed if action is not nil
2821: (when action
2822: ; Create the command string
2823: (let ((cmd (format "%s/mktemp" action)))
2824: ; Call syd--stat with the command
2825: (syd--stat (syd--rule cmd glob ?-))))))
2826:
2827: (defun syd-mktemp-rem (action glob)
2828: "Removes all matching entries from the given actionlist of mktemp sandboxing.
2829: ACTION is a constant representing the sandboxing action.
2830: GLOB is a string representing the glob pattern."
2831: (let ((action (cond
2832: ((eq action :action-allow) "allow")
2833: ((eq action :action-warn) "warn")
2834: ((eq action :action-filter) "filter")
2835: ((eq action :action-deny) "deny")
2836: ((eq action :action-panic) "panic")
2837: ((eq action :action-stop) "stop")
2838: ((eq action :action-abort) "abort")
2839: ((eq action :action-kill) "kill")
2840: ((eq action :action-exit) "exit"))))
2841: ; Only proceed if action is not nil
2842: (when action
2843: ; Create the command string
2844: (let ((cmd (format "%s/mktemp" action)))
2845: ; Call syd--stat with the command
2846: (syd--stat (syd--rule cmd glob ?^))))))
2847:
2848: (defun syd-net-bind-add (action addr)
2849: "Adds to the given actionlist of net/bind sandboxing.
2850: ACTION is a constant representing the sandboxing action.
2851: ADDR is a string representing the address pattern."
2852: (let ((action (cond
2853: ((eq action :action-allow) "allow")
2854: ((eq action :action-warn) "warn")
2855: ((eq action :action-filter) "filter")
2856: ((eq action :action-deny) "deny")
2857: ((eq action :action-panic) "panic")
2858: ((eq action :action-stop) "stop")
2859: ((eq action :action-abort) "abort")
2860: ((eq action :action-kill) "kill")
2861: ((eq action :action-exit) "exit"))))
2862: ; Only proceed if action is not nil
2863: (when action
2864: ; Create the command string
2865: (let ((cmd (format "%s/net/bind" action)))
2866: ; Call syd--stat with the command
2867: (syd--stat (syd--rule cmd addr ?+))))))
2868:
2869: (defun syd-net-bind-del (action addr)
2870: "Removes the first matching entry from the end of the given actionlist
2871: of net/bind sandboxing.
2872: ACTION is a constant representing the sandboxing action.
2873: ADDR is a string representing the address pattern."
2874: (let ((action (cond
2875: ((eq action :action-allow) "allow")
2876: ((eq action :action-warn) "warn")
2877: ((eq action :action-filter) "filter")
2878: ((eq action :action-deny) "deny")
2879: ((eq action :action-panic) "panic")
2880: ((eq action :action-stop) "stop")
2881: ((eq action :action-abort) "abort")
2882: ((eq action :action-kill) "kill")
2883: ((eq action :action-exit) "exit"))))
2884: ; Only proceed if action is not nil
2885: (when action
2886: ; Create the command string
2887: (let ((cmd (format "%s/net/bind" action)))
2888: ; Call syd--stat with the command
2889: (syd--stat (syd--rule cmd addr ?-))))))
2890:
2891: (defun syd-net-bind-rem (action addr)
2892: "Removes all matching entries from the given actionlist of net/bind sandboxing.
2893: ACTION is a constant representing the sandboxing action.
2894: ADDR is a string representing the address pattern."
2895: (let ((action (cond
2896: ((eq action :action-allow) "allow")
2897: ((eq action :action-warn) "warn")
2898: ((eq action :action-filter) "filter")
2899: ((eq action :action-deny) "deny")
2900: ((eq action :action-panic) "panic")
2901: ((eq action :action-stop) "stop")
2902: ((eq action :action-abort) "abort")
2903: ((eq action :action-kill) "kill")
2904: ((eq action :action-exit) "exit"))))
2905: ; Only proceed if action is not nil
2906: (when action
2907: ; Create the command string
2908: (let ((cmd (format "%s/net/bind" action)))
2909: ; Call syd--stat with the command
2910: (syd--stat (syd--rule cmd addr ?^))))))
2911:
2912: (defun syd-net-connect-add (action addr)
2913: "Adds to the given actionlist of net/connect sandboxing.
2914: ACTION is a constant representing the sandboxing action.
2915: ADDR is a string representing the address pattern."
2916: (let ((action (cond
2917: ((eq action :action-allow) "allow")
2918: ((eq action :action-warn) "warn")
2919: ((eq action :action-filter) "filter")
2920: ((eq action :action-deny) "deny")
2921: ((eq action :action-panic) "panic")
2922: ((eq action :action-stop) "stop")
2923: ((eq action :action-abort) "abort")
2924: ((eq action :action-kill) "kill")
2925: ((eq action :action-exit) "exit"))))
2926: ; Only proceed if action is not nil
2927: (when action
2928: ; Create the command string
2929: (let ((cmd (format "%s/net/connect" action)))
2930: ; Call syd--stat with the command
2931: (syd--stat (syd--rule cmd addr ?+))))))
2932:
2933: (defun syd-net-connect-del (action addr)
2934: "Removes the first matching entry from the end of the given actionlist
2935: of net/connect sandboxing.
2936: ACTION is a constant representing the sandboxing action.
2937: ADDR is a string representing the address pattern."
2938: (let ((action (cond
2939: ((eq action :action-allow) "allow")
2940: ((eq action :action-warn) "warn")
2941: ((eq action :action-filter) "filter")
2942: ((eq action :action-deny) "deny")
2943: ((eq action :action-panic) "panic")
2944: ((eq action :action-stop) "stop")
2945: ((eq action :action-abort) "abort")
2946: ((eq action :action-kill) "kill")
2947: ((eq action :action-exit) "exit"))))
2948: ; Only proceed if action is not nil
2949: (when action
2950: ; Create the command string
2951: (let ((cmd (format "%s/net/connect" action)))
2952: ; Call syd--stat with the command
2953: (syd--stat (syd--rule cmd addr ?-))))))
2954:
2955: (defun syd-net-connect-rem (action addr)
2956: "Removes all matching entries from the given actionlist of net/connect
2957: sandboxing.
2958: ACTION is a constant representing the sandboxing action.
2959: ADDR is a string representing the address pattern."
2960: (let ((action (cond
2961: ((eq action :action-allow) "allow")
2962: ((eq action :action-warn) "warn")
2963: ((eq action :action-filter) "filter")
2964: ((eq action :action-deny) "deny")
2965: ((eq action :action-panic) "panic")
2966: ((eq action :action-stop) "stop")
2967: ((eq action :action-abort) "abort")
2968: ((eq action :action-kill) "kill")
2969: ((eq action :action-exit) "exit"))))
2970: ; Only proceed if action is not nil
2971: (when action
2972: ; Create the command string
2973: (let ((cmd (format "%s/net/connect" action)))
2974: ; Call syd--stat with the command
2975: (syd--stat (syd--rule cmd addr ?^))))))
2976:
2977: (defun syd-net-sendfd-add (action addr)
2978: "Adds to the given actionlist of net/sendfd sandboxing.
2979: ACTION is a constant representing the sandboxing action.
2980: ADDR is a string representing the address pattern."
2981: (let ((action (cond
2982: ((eq action :action-allow) "allow")
2983: ((eq action :action-warn) "warn")
2984: ((eq action :action-filter) "filter")
2985: ((eq action :action-deny) "deny")
2986: ((eq action :action-panic) "panic")
2987: ((eq action :action-stop) "stop")
2988: ((eq action :action-abort) "abort")
2989: ((eq action :action-kill) "kill")
2990: ((eq action :action-exit) "exit"))))
2991: ; Only proceed if action is not nil
2992: (when action
2993: ; Create the command string
2994: (let ((cmd (format "%s/net/sendfd" action)))
2995: ; Call syd--stat with the command
2996: (syd--stat (syd--rule cmd addr ?+))))))
2997:
2998: (defun syd-net-sendfd-del (action addr)
2999: "Removes the first matching entry from the end of the given actionlist
3000: of net/sendfd sandboxing.
3001: ACTION is a constant representing the sandboxing action.
3002: ADDR is a string representing the address pattern."
3003: (let ((action (cond
3004: ((eq action :action-allow) "allow")
3005: ((eq action :action-warn) "warn")
3006: ((eq action :action-filter) "filter")
3007: ((eq action :action-deny) "deny")
3008: ((eq action :action-panic) "panic")
3009: ((eq action :action-stop) "stop")
3010: ((eq action :action-abort) "abort")
3011: ((eq action :action-kill) "kill")
3012: ((eq action :action-exit) "exit"))))
3013: ; Only proceed if action is not nil
3014: (when action
3015: ; Create the command string
3016: (let ((cmd (format "%s/net/sendfd" action)))
3017: ; Call syd--stat with the command
3018: (syd--stat (syd--rule cmd addr ?-))))))
3019:
3020: (defun syd-net-sendfd-rem (action addr)
3021: "Removes all matching entries from the given actionlist of net/sendfd sandboxing.
3022: ACTION is a constant representing the sandboxing action.
3023: ADDR is a string representing the address pattern."
3024: (let ((action (cond
3025: ((eq action :action-allow) "allow")
3026: ((eq action :action-warn) "warn")
3027: ((eq action :action-filter) "filter")
3028: ((eq action :action-deny) "deny")
3029: ((eq action :action-panic) "panic")
3030: ((eq action :action-stop) "stop")
3031: ((eq action :action-abort) "abort")
3032: ((eq action :action-kill) "kill")
3033: ((eq action :action-exit) "exit"))))
3034: ; Only proceed if action is not nil
3035: (when action
3036: ; Create the command string
3037: (let ((cmd (format "%s/net/sendfd" action)))
3038: ; Call syd--stat with the command
3039: (syd--stat (syd--rule cmd addr ?^))))))
3040:
3041: (defun syd-net-link-add (action addr)
3042: "Adds to the given actionlist of net/link sandboxing.
3043: ACTION is a constant representing the sandboxing action.
3044: ADDR is a string representing the address pattern."
3045: (let ((action (cond
3046: ((eq action :action-allow) "allow")
3047: ((eq action :action-warn) "warn")
3048: ((eq action :action-filter) "filter")
3049: ((eq action :action-deny) "deny")
3050: ((eq action :action-panic) "panic")
3051: ((eq action :action-stop) "stop")
3052: ((eq action :action-abort) "abort")
3053: ((eq action :action-kill) "kill")
3054: ((eq action :action-exit) "exit"))))
3055: ; Only proceed if action is not nil
3056: (when action
3057: ; Create the command string
3058: (let ((cmd (format "%s/net/link" action)))
3059: ; Call syd--stat with the command
3060: (syd--stat (syd--rule cmd addr ?+))))))
3061:
3062: (defun syd-net-link-del (action addr)
3063: "Removes the first matching entry from the end of the given actionlist
3064: of net/link sandboxing.
3065: ACTION is a constant representing the sandboxing action.
3066: ADDR is a string representing the address pattern."
3067: (let ((action (cond
3068: ((eq action :action-allow) "allow")
3069: ((eq action :action-warn) "warn")
3070: ((eq action :action-filter) "filter")
3071: ((eq action :action-deny) "deny")
3072: ((eq action :action-panic) "panic")
3073: ((eq action :action-stop) "stop")
3074: ((eq action :action-abort) "abort")
3075: ((eq action :action-kill) "kill")
3076: ((eq action :action-exit) "exit"))))
3077: ; Only proceed if action is not nil
3078: (when action
3079: ; Create the command string
3080: (let ((cmd (format "%s/net/link" action)))
3081: ; Call syd--stat with the command
3082: (syd--stat (syd--rule cmd addr ?-))))))
3083:
3084: (defun syd-net-link-rem (action addr)
3085: "Removes all matching entries from the given actionlist of net/link sandboxing.
3086: ACTION is a constant representing the sandboxing action.
3087: ADDR is a string representing the address pattern."
3088: (let ((action (cond
3089: ((eq action :action-allow) "allow")
3090: ((eq action :action-warn) "warn")
3091: ((eq action :action-filter) "filter")
3092: ((eq action :action-deny) "deny")
3093: ((eq action :action-panic) "panic")
3094: ((eq action :action-stop) "stop")
3095: ((eq action :action-abort) "abort")
3096: ((eq action :action-kill) "kill")
3097: ((eq action :action-exit) "exit"))))
3098: ; Only proceed if action is not nil
3099: (when action
3100: ; Create the command string
3101: (let ((cmd (format "%s/net/link" action)))
3102: ; Call syd--stat with the command
3103: (syd--stat (syd--rule cmd addr ?^))))))
3104:
3105: (defun syd-force-add (path hash action)
3106: "Adds an entry to the Integrity Force map for Force Sandboxing.
3107: PATH is a fully-qualified file name.
3108: HASH is a hexadecimal encoded checksum.
3109: ACTION is one of :action-warn, :action-filter, :action-deny, :action-panic, :action-stop, :action-abort, :action-kill, or :action-exit."
3110: (let ((action (cond ((eq action :action-warn) "warn")
3111: ((eq action :action-filter) "filter")
3112: ((eq action :action-deny) "deny")
3113: ((eq action :action-deny) "panic")
3114: ((eq action :action-stop) "stop")
3115: ((eq action :action-abort) "abort")
3116: ((eq action :action-kill) "kill")
3117: ((eq action :action-kill) "exit"))))
3118: ; Only proceed if action is not nil
3119: (when action
3120: ; Create the command string
3121: (let ((cmd (format "/dev/syd/force+%s:%s:%s" path hash action)))
3122: ; Call syd--stat with the command
3123: (syd--stat cmd)))))
3124:
3125: (defun syd-force-del (path)
3126: "Removes an entry from the Integrity Force map for Force Sandboxing.
3127: PATH is a fully-qualified file name."
3128: ; Create the command string
3129: (let ((cmd (format "/dev/syd/force-%s" path)))
3130: ; Call syd--stat with the command
3131: (syd--stat cmd)))
3132:
3133: (defun syd-force-clr ()
3134: "Clears the Integrity Force map for Force Sandboxing."
3135: (syd--stat "/dev/syd/force^"))
3136:
3137: (defun syd-mem-max (size)
3138: "Set syd maximum per-process memory usage limit.
3139: SIZE can be an integer or a string representing the memory limit."
3140: (let ((size-str (cond ((integerp size) (number-to-string size))
3141: ((stringp size) size)
3142: (t (error "Size must be an integer or a string")))))
3143: (syd--stat (syd--rule "mem/max" size-str ?:))))
3144:
3145: (defun syd-mem-vm-max (size)
3146: "Set syd maximum per-process virtual memory usage limit.
3147: SIZE can be an integer or a string representing the memory limit."
3148: (let ((size-str (cond ((integerp size) (number-to-string size))
3149: ((stringp size) size)
3150: (t (error "Size must be an integer or a string")))))
3151: (syd--stat (syd--rule "mem/vm_max" size-str ?:))))
3152:
3153: (defun syd-pid-max (size)
3154: "Set syd maximum process ID limit for PID sandboxing.
3155: SIZE is a number representing the PID limit."
3156: (unless (numberp size)
3157: (error "Size must be a number"))
3158: (let ((path (format "/dev/syd/pid/max:%d" size)))
3159: (syd--stat path)))
3160:
3161: (defun syd-segvguard-expiry (timeout)
3162: "Specify SegvGuard entry expiry timeout in seconds.
3163: Setting this timeout to 0 effectively disables SegvGuard.
3164: TIMEOUT is a number representing the timeout in seconds."
3165: (unless (numberp timeout)
3166: (error "Timeout must be a number"))
3167: (let ((path (format "/dev/syd/segvguard/expiry:%d" timeout)))
3168: (syd--stat path)))
3169:
3170: (defun syd-segvguard-suspension (timeout)
3171: "Specify SegvGuard entry suspension timeout in seconds.
3172: TIMEOUT is a number representing the timeout in seconds."
3173: (unless (numberp timeout)
3174: (error "Timeout must be a number"))
3175: (let ((path (format "/dev/syd/segvguard/suspension:%d" timeout)))
3176: (syd--stat path)))
3177:
3178: (defun syd-segvguard-maxcrashes (limit)
3179: "Specify SegvGuard max number of crashes before suspension.
3180: LIMIT is a number representing the crash limit."
3181: (unless (numberp limit)
3182: (error "Limit must be a number"))
3183: (let ((path (format "/dev/syd/segvguard/maxcrashes:%d" limit)))
3184: (syd--stat path)))
3185:
3186: (defun syd-exec (file argv)
3187: "Execute a command outside the sandbox without sandboxing.
3188: FILE is the file path of the command as a string.
3189: ARGV is a list of strings representing the arguments to the command."
3190: (unless (stringp file)
3191: (error "File must be a string"))
3192: (let ((all-strings t))
3193: (dolist (arg argv)
3194: (unless (stringp arg)
3195: (setq all-strings nil)))
3196: (unless all-strings
3197: (error "All elements in ARGV must be strings")))
3198:
3199: (let ((cmd (mapconcat 'identity (cons file argv) "\x1F")))
3200: (syd--stat (concat "/dev/syd/cmd/exec!" cmd))))
3201:
3202: (defun syd--rule (rule elem op)
3203: "Helper function to construct a path for syd operations.
3204: RULE is a string representing the rule.
3205: ELEM is a string representing the element.
3206: OP is a character representing the operation."
3207: (unless (member op '(?+ ?- ?^ ?:))
3208: (error "Invalid operation"))
3209: (when (string-empty-p elem)
3210: (error "Element cannot be empty"))
3211: (concat "/dev/syd/" rule (char-to-string op) elem))
3212:
3213: (defun syd--stat (path)
3214: "Check if the file at PATH exists using `file-modes'."
3215: (condition-case nil
3216: (not (null (file-modes path)))
3217: (error nil))) ; On error, return nil
3218:
3219: (provide 'syd)
3220: ; syd.el ends here
3221:
23/02/2026 22:31:23, src/syd.el, Ali Polatel