1: ; -*- lexical-binding: t -*-
2: ;
3: ; syd.el --- Emacs Lisp implementation of the virtual Syd stat(2) interface
4: ;
5: ; Syd: rock-solid application kernel
6: ; src/syd.el: Emacs Lisp implementation of the virtual Syd stat(2) interface
7: ;
8: ; Copyright (c) 2023, 2024, 2025, 2026 Ali Polatel <alip@chesswob.org>
9: ;
10: ; SPDX-License-Identifier: GPL-3.0
11:
12: ; Define lock states as keywords
13: (defconst syd-lock-off :lock-off
14: "The sandbox lock is off, allowing all sandbox commands.")
15:
16: (defconst syd-lock-exec :lock-exec
17: "The sandbox lock is set to on for all processes except the initial process
18: \(syd exec child). This is the default state.")
19:
20: (defconst syd-lock-drop :lock-drop
21: "The sandbox lock is in drop-only mode, allowing only privilege-dropping
22: sandbox commands.")
23:
24: (defconst syd-lock-read :lock-read
25: "The sandbox lock is in read-only mode, allowing only read-only access
26: to sandbox state.")
27:
28: (defconst syd-lock-on :lock-on
29: "The sandbox lock is on, disallowing all sandbox commands.")
30:
31: ; Define sandbox actions as keywords
32: (defconst syd-action-allow :action-allow
33: "Allow system call.")
34:
35: (defconst syd-action-warn :action-warn
36: "Allow system call and warn.")
37:
38: (defconst syd-action-filter :action-filter
39: "Deny system call silently.")
40:
41: (defconst syd-action-deny :action-deny
42: "Deny system call and warn.")
43:
44: (defconst syd-action-panic :action-panic
45: "Deny system call, warn and panic the current Syd thread.")
46:
47: (defconst syd-action-stop :action-stop
48: "Deny system call, warn and stop offending process.")
49:
50: (defconst syd-action-abort :action-abort
51: "Deny system call, warn and abort offending process.")
52:
53: (defconst syd-action-kill :action-kill
54: "Deny system call, warn and kill offending process.")
55:
56: (defconst syd-action-exit :action-exit
57: "Warn, and exit Syd immediately with deny errno as exit value.")
58:
59: (defun syd-info ()
60: "Reads the state of the syd sandbox from /dev/syd and returns it as an alist.
61: If the `json' module is not available, returns nil."
62: (if (require 'json nil t)
63: (condition-case nil
64: (with-temp-buffer
65: (insert-file-contents "/dev/syd")
66: (with-no-warnings
67: (let ((json-object-type 'alist)
68: (json-array-type 'list)
69: (json-key-type 'symbol)
70: (json-false nil)
71: (json-null nil))
72: (json-read))))
73: (file-error
74: (message "Error reading /dev/syd.")
75: nil)
76: (json-error
77: (message "JSON decoding error.")
78: nil))
79: (progn
80: (message "JSON module not available.")
81: nil)))
82:
83: (defun syd-api ()
84: "Performs a syd API check."
85: (if (syd--stat "/dev/syd/3")
86: 3 ; API number on success
87: nil)) ; On error, return nil
88:
89: (defun syd-check ()
90: "Check if '/dev/syd' is a character device."
91: (syd--stat "/dev/syd"))
92:
93: (defun syd-panic ()
94: "Causes syd to exit immediately with code 127"
95: (syd--stat "/dev/syd/panic"))
96:
97: (defun syd-reset ()
98: "Causes syd to reset sandboxing to the default state."
99: (syd--stat "/dev/syd/reset"))
100:
101: (defun syd-load (fd)
102: "Causes syd to read configuration from the given file descriptor FD."
103: (let ((path (concat "/dev/syd/load/" (number-to-string fd))))
104: (syd--stat path)))
105:
106: (defun syd-lock (state)
107: "Sets the state of the sandbox lock.
108: STATE is one of the keywords :lock-off, :lock-exec, :lock-drop, :lock-read, or :lock-on.
109: Returns t on success, nil on failure."
110: (cond
111: ((eq state syd-lock-off) (syd--stat "/dev/syd/lock:off"))
112: ((eq state syd-lock-exec) (syd--stat "/dev/syd/lock:exec"))
113: ((eq state syd-lock-drop) (syd--stat "/dev/syd/lock:drop"))
114: ((eq state syd-lock-read) (syd--stat "/dev/syd/lock:read"))
115: ((eq state syd-lock-on) (syd--stat "/dev/syd/lock:on"))
116: (t nil))) ; Invalid state
117:
118: (defun syd-enabled-fs ()
119: "Checks if Filesystem sandboxing is enabled."
120: (syd--stat "/dev/syd/sandbox/fs?"))
121:
122: (defun syd-enable-fs ()
123: "Enable Filesystem sandboxing."
124: (syd--stat "/dev/syd/sandbox/fs:on"))
125:
126: (defun syd-disable-fs ()
127: "Disable Filesystem sandboxing."
128: (syd--stat "/dev/syd/sandbox/fs:off"))
129:
130: (defun syd-enabled-walk ()
131: "Checks if Walk sandboxing is enabled."
132: (syd--stat "/dev/syd/sandbox/walk?"))
133:
134: (defun syd-enable-walk ()
135: "Enable Walk sandboxing."
136: (syd--stat "/dev/syd/sandbox/walk:on"))
137:
138: (defun syd-disable-walk ()
139: "Disable Walk sandboxing."
140: (syd--stat "/dev/syd/sandbox/walk:off"))
141:
142: (defun syd-enabled-stat ()
143: "Checks if Stat sandboxing is enabled."
144: (syd--stat "/dev/syd/sandbox/stat?"))
145:
146: (defun syd-enable-stat ()
147: "Enable Stat sandboxing."
148: (syd--stat "/dev/syd/sandbox/stat:on"))
149:
150: (defun syd-disable-stat ()
151: "Disable Stat sandboxing."
152: (syd--stat "/dev/syd/sandbox/stat:off"))
153:
154: (defun syd-enabled-read ()
155: "Checks if Read sandboxing is enabled."
156: (syd--stat "/dev/syd/sandbox/read?"))
157:
158: (defun syd-enable-read ()
159: "Enable Read sandboxing."
160: (syd--stat "/dev/syd/sandbox/read:on"))
161:
162: (defun syd-disable-read ()
163: "Disable Read sandboxing."
164: (syd--stat "/dev/syd/sandbox/read:off"))
165:
166: (defun syd-enabled-write ()
167: "Checks if Write sandboxing is enabled."
168: (syd--stat "/dev/syd/sandbox/write?"))
169:
170: (defun syd-enable-write ()
171: "Enable Write sandboxing."
172: (syd--stat "/dev/syd/sandbox/write:on"))
173:
174: (defun syd-disable-write ()
175: "Disable Write sandboxing."
176: (syd--stat "/dev/syd/sandbox/write:off"))
177:
178: (defun syd-enabled-exec ()
179: "Checks if Exec sandboxing is enabled."
180: (syd--stat "/dev/syd/sandbox/exec?"))
181:
182: (defun syd-enable-exec ()
183: "Enable Exec sandboxing."
184: (syd--stat "/dev/syd/sandbox/exec:on"))
185:
186: (defun syd-disable-exec ()
187: "Disable Exec sandboxing."
188: (syd--stat "/dev/syd/sandbox/exec:off"))
189:
190: (defun syd-enabled-ioctl ()
191: "Checks if Ioctl sandboxing is enabled."
192: (syd--stat "/dev/syd/sandbox/ioctl?"))
193:
194: (defun syd-enable-ioctl ()
195: "Enable Ioctl sandboxing."
196: (syd--stat "/dev/syd/sandbox/ioctl:on"))
197:
198: (defun syd-disable-ioctl ()
199: "Disable Ioctl sandboxing."
200: (syd--stat "/dev/syd/sandbox/ioctl:off"))
201:
202: (defun syd-enabled-create ()
203: "Checks if create sandboxing is enabled."
204: (syd--stat "/dev/syd/sandbox/create?"))
205:
206: (defun syd-enable-create ()
207: "Enable create sandboxing."
208: (syd--stat "/dev/syd/sandbox/create:on"))
209:
210: (defun syd-disable-create ()
211: "Disable create sandboxing."
212: (syd--stat "/dev/syd/sandbox/create:off"))
213:
214: (defun syd-enabled-delete ()
215: "Checks if delete sandboxing is enabled."
216: (syd--stat "/dev/syd/sandbox/delete?"))
217:
218: (defun syd-enable-delete ()
219: "Enable delete sandboxing."
220: (syd--stat "/dev/syd/sandbox/delete:on"))
221:
222: (defun syd-disable-delete ()
223: "Disable delete sandboxing."
224: (syd--stat "/dev/syd/sandbox/delete:off"))
225:
226: (defun syd-enabled-rename ()
227: "Checks if rename sandboxing is enabled."
228: (syd--stat "/dev/syd/sandbox/rename?"))
229:
230: (defun syd-enable-rename ()
231: "Enable rename sandboxing."
232: (syd--stat "/dev/syd/sandbox/rename:on"))
233:
234: (defun syd-disable-rename ()
235: "Disable rename sandboxing."
236: (syd--stat "/dev/syd/sandbox/rename:off"))
237:
238: (defun syd-enabled-symlink ()
239: "Checks if symlink sandboxing is enabled."
240: (syd--stat "/dev/syd/sandbox/symlink?"))
241:
242: (defun syd-enable-symlink ()
243: "Enable symlink sandboxing."
244: (syd--stat "/dev/syd/sandbox/symlink:on"))
245:
246: (defun syd-disable-symlink ()
247: "Disable symlink sandboxing."
248: (syd--stat "/dev/syd/sandbox/symlink:off"))
249:
250: (defun syd-enabled-truncate ()
251: "Checks if Truncate sandboxing is enabled."
252: (syd--stat "/dev/syd/sandbox/truncate?"))
253:
254: (defun syd-enable-truncate ()
255: "Enable Truncate sandboxing."
256: (syd--stat "/dev/syd/sandbox/truncate:on"))
257:
258: (defun syd-disable-truncate ()
259: "Disable Truncate sandboxing."
260: (syd--stat "/dev/syd/sandbox/truncate:off"))
261:
262: (defun syd-enabled-chdir ()
263: "Checks if chdir sandboxing is enabled."
264: (syd--stat "/dev/syd/sandbox/chdir?"))
265:
266: (defun syd-enable-chdir ()
267: "Enable chdir sandboxing."
268: (syd--stat "/dev/syd/sandbox/chdir:on"))
269:
270: (defun syd-disable-chdir ()
271: "Disable chdir sandboxing."
272: (syd--stat "/dev/syd/sandbox/chdir:off"))
273:
274: (defun syd-enabled-readdir ()
275: "Checks if readdir sandboxing is enabled."
276: (syd--stat "/dev/syd/sandbox/readdir?"))
277:
278: (defun syd-enable-readdir ()
279: "Enable readdir sandboxing."
280: (syd--stat "/dev/syd/sandbox/readdir:on"))
281:
282: (defun syd-disable-readdir ()
283: "Disable readdir sandboxing."
284: (syd--stat "/dev/syd/sandbox/readdir:off"))
285:
286: (defun syd-enabled-mkdir ()
287: "Checks if mkdir sandboxing is enabled."
288: (syd--stat "/dev/syd/sandbox/mkdir?"))
289:
290: (defun syd-enable-mkdir ()
291: "Enable mkdir sandboxing."
292: (syd--stat "/dev/syd/sandbox/mkdir:on"))
293:
294: (defun syd-disable-mkdir ()
295: "Disable mkdir sandboxing."
296: (syd--stat "/dev/syd/sandbox/mkdir:off"))
297:
298: (defun syd-enabled-rmdir ()
299: "Checks if rmdir sandboxing is enabled."
300: (syd--stat "/dev/syd/sandbox/rmdir?"))
301:
302: (defun syd-enable-rmdir ()
303: "Enable rmdir sandboxing."
304: (syd--stat "/dev/syd/sandbox/rmdir:on"))
305:
306: (defun syd-disable-rmdir ()
307: "Disable rmdir sandboxing."
308: (syd--stat "/dev/syd/sandbox/rmdir:off"))
309:
310: (defun syd-enabled-chown ()
311: "Checks if chown sandboxing is enabled."
312: (syd--stat "/dev/syd/sandbox/chown?"))
313:
314: (defun syd-enable-chown ()
315: "Enable chown sandboxing."
316: (syd--stat "/dev/syd/sandbox/chown:on"))
317:
318: (defun syd-disable-chown ()
319: "Disable chown sandboxing."
320: (syd--stat "/dev/syd/sandbox/chown:off"))
321:
322: (defun syd-enabled-chgrp ()
323: "Checks if chgrp sandboxing is enabled."
324: (syd--stat "/dev/syd/sandbox/chgrp?"))
325:
326: (defun syd-enable-chgrp ()
327: "Enable chgrp sandboxing."
328: (syd--stat "/dev/syd/sandbox/chgrp:on"))
329:
330: (defun syd-disable-chgrp ()
331: "Disable chgrp sandboxing."
332: (syd--stat "/dev/syd/sandbox/chgrp:off"))
333:
334: (defun syd-enabled-chmod ()
335: "Checks if chmod sandboxing is enabled."
336: (syd--stat "/dev/syd/sandbox/chmod?"))
337:
338: (defun syd-enable-chmod ()
339: "Enable chmod sandboxing."
340: (syd--stat "/dev/syd/sandbox/chmod:on"))
341:
342: (defun syd-disable-chmod ()
343: "Disable chmod sandboxing."
344: (syd--stat "/dev/syd/sandbox/chmod:off"))
345:
346: (defun syd-enabled-chattr ()
347: "Checks if chattr sandboxing is enabled."
348: (syd--stat "/dev/syd/sandbox/chattr?"))
349:
350: (defun syd-enable-chattr ()
351: "Enable chattr sandboxing."
352: (syd--stat "/dev/syd/sandbox/chattr:on"))
353:
354: (defun syd-disable-chattr ()
355: "Disable chattr sandboxing."
356: (syd--stat "/dev/syd/sandbox/chattr:off"))
357:
358: (defun syd-enabled-chroot ()
359: "Checks if chroot sandboxing is enabled."
360: (syd--stat "/dev/syd/sandbox/chroot?"))
361:
362: (defun syd-enable-chroot ()
363: "Enable chroot sandboxing."
364: (syd--stat "/dev/syd/sandbox/chroot:on"))
365:
366: (defun syd-disable-chroot ()
367: "Disable chroot sandboxing."
368: (syd--stat "/dev/syd/sandbox/chroot:off"))
369:
370: (defun syd-enabled-notify ()
371: "Checks if notify sandboxing is enabled."
372: (syd--stat "/dev/syd/sandbox/notify?"))
373:
374: (defun syd-enable-notify ()
375: "Enable notify sandboxing."
376: (syd--stat "/dev/syd/sandbox/notify:on"))
377:
378: (defun syd-disable-notify ()
379: "Disable notify sandboxing."
380: (syd--stat "/dev/syd/sandbox/notify:off"))
381:
382: (defun syd-enabled-utime ()
383: "Checks if utime sandboxing is enabled."
384: (syd--stat "/dev/syd/sandbox/utime?"))
385:
386: (defun syd-enable-utime ()
387: "Enable utime sandboxing."
388: (syd--stat "/dev/syd/sandbox/utime:on"))
389:
390: (defun syd-disable-utime ()
391: "Disable utime sandboxing."
392: (syd--stat "/dev/syd/sandbox/utime:off"))
393:
394: (defun syd-enabled-mkbdev ()
395: "Checks if mkbdev sandboxing is enabled."
396: (syd--stat "/dev/syd/sandbox/mkbdev?"))
397:
398: (defun syd-enable-mkbdev ()
399: "Enable mkbdev sandboxing."
400: (syd--stat "/dev/syd/sandbox/mkbdev:on"))
401:
402: (defun syd-disable-mkbdev ()
403: "Disable mkbdev sandboxing."
404: (syd--stat "/dev/syd/sandbox/mkbdev:off"))
405:
406: (defun syd-enabled-mkcdev ()
407: "Checks if mkcdev sandboxing is enabled."
408: (syd--stat "/dev/syd/sandbox/mkcdev?"))
409:
410: (defun syd-enable-mkcdev ()
411: "Enable mkcdev sandboxing."
412: (syd--stat "/dev/syd/sandbox/mkcdev:on"))
413:
414: (defun syd-disable-mkcdev ()
415: "Disable mkcdev sandboxing."
416: (syd--stat "/dev/syd/sandbox/mkcdev:off"))
417:
418: (defun syd-enabled-mkfifo ()
419: "Checks if mkfifo sandboxing is enabled."
420: (syd--stat "/dev/syd/sandbox/mkfifo?"))
421:
422: (defun syd-enable-mkfifo ()
423: "Enable mkfifo sandboxing."
424: (syd--stat "/dev/syd/sandbox/mkfifo:on"))
425:
426: (defun syd-disable-mkfifo ()
427: "Disable mkfifo sandboxing."
428: (syd--stat "/dev/syd/sandbox/mkfifo:off"))
429:
430: (defun syd-enabled-mktemp ()
431: "Checks if mktemp sandboxing is enabled."
432: (syd--stat "/dev/syd/sandbox/mktemp?"))
433:
434: (defun syd-enable-mktemp ()
435: "Enable mktemp sandboxing."
436: (syd--stat "/dev/syd/sandbox/mktemp:on"))
437:
438: (defun syd-disable-mktemp ()
439: "Disable mktemp sandboxing."
440: (syd--stat "/dev/syd/sandbox/mktemp:off"))
441:
442: (defun syd-enabled-net ()
443: "Checks if Network sandboxing is enabled."
444: (syd--stat "/dev/syd/sandbox/net?"))
445:
446: (defun syd-enable-net ()
447: "Enable Network sandboxing."
448: (syd--stat "/dev/syd/sandbox/net:on"))
449:
450: (defun syd-disable-net ()
451: "Disable Network sandboxing."
452: (syd--stat "/dev/syd/sandbox/net:off"))
453:
454: (defun syd-enabled-lock ()
455: "Checks if lock sandboxing is enabled."
456: (syd--stat "/dev/syd/sandbox/lock?"))
457:
458: (defun syd-enabled-crypt ()
459: "Checks if crypt sandboxing is enabled."
460: (syd--stat "/dev/syd/sandbox/crypt?"))
461:
462: (defun syd-enabled-proxy ()
463: "Checks if proxy sandboxing is enabled."
464: (syd--stat "/dev/syd/sandbox/proxy?"))
465:
466: (defun syd-enabled-mem ()
467: "Checks if memory sandboxing is enabled."
468: (syd--stat "/dev/syd/sandbox/mem?"))
469:
470: (defun syd-disable-mem ()
471: "Disable memory sandboxing."
472: (syd--stat "/dev/syd/sandbox/mem:off"))
473:
474: (defun syd-enabled-pid ()
475: "Checks if PID sandboxing is enabled."
476: (syd--stat "/dev/syd/sandbox/pid?"))
477:
478: (defun syd-enable-pid ()
479: "Enable PID sandboxing."
480: (syd--stat "/dev/syd/sandbox/pid:on"))
481:
482: (defun syd-disable-pid ()
483: "Disable PID sandboxing."
484: (syd--stat "/dev/syd/sandbox/pid:off"))
485:
486: (defun syd-enabled-force ()
487: "Checks if force sandboxing is enabled."
488: (syd--stat "/dev/syd/sandbox/force?"))
489:
490: (defun syd-disable-force ()
491: "Disable force sandboxing."
492: (syd--stat "/dev/syd/sandbox/force:off"))
493:
494: (defun syd-enabled-tpe ()
495: "Checks if TPE sandboxing is enabled."
496: (syd--stat "/dev/syd/sandbox/tpe?"))
497:
498: (defun syd-enable-tpe ()
499: "Enable TPE sandboxing."
500: (syd--stat "/dev/syd/sandbox/tpe:on"))
501:
502: (defun syd-disable-tpe ()
503: "Disable TPE sandboxing."
504: (syd--stat "/dev/syd/sandbox/tpe:off"))
505:
506: (defun syd-default-fs (action)
507: "Set default action for Filesystem sandboxing.
508: ACTION is a constant representing the sandboxing action."
509: (let ((action (cond
510: ((eq action :action-allow) "allow")
511: ((eq action :action-warn) "warn")
512: ((eq action :action-filter) "filter")
513: ((eq action :action-deny) "deny")
514: ((eq action :action-panic) "panic")
515: ((eq action :action-stop) "stop")
516: ((eq action :action-abort) "abort")
517: ((eq action :action-kill) "kill")
518: ((eq action :action-exit) "exit"))))
519: ; Only proceed if action is not nil
520: (when action
521: (let ((cmd (format "/dev/syd/default/fs:%s" action)))
522: ; Call syd--stat with the command
523: (syd--stat cmd)))))
524:
525: (defun syd-default-walk (action)
526: "Set default action for Walk sandboxing.
527: ACTION is a constant representing the sandboxing action."
528: (let ((action (cond
529: ((eq action :action-allow) "allow")
530: ((eq action :action-warn) "warn")
531: ((eq action :action-filter) "filter")
532: ((eq action :action-deny) "deny")
533: ((eq action :action-panic) "panic")
534: ((eq action :action-stop) "stop")
535: ((eq action :action-abort) "abort")
536: ((eq action :action-kill) "kill")
537: ((eq action :action-exit) "exit"))))
538: ; Only proceed if action is not nil
539: (when action
540: (let ((cmd (format "/dev/syd/default/walk:%s" action)))
541: ; Call syd--stat with the command
542: (syd--stat cmd)))))
543:
544: (defun syd-default-stat (action)
545: "Set default action for Stat sandboxing.
546: ACTION is a constant representing the sandboxing action."
547: (let ((action (cond
548: ((eq action :action-allow) "allow")
549: ((eq action :action-warn) "warn")
550: ((eq action :action-filter) "filter")
551: ((eq action :action-deny) "deny")
552: ((eq action :action-panic) "panic")
553: ((eq action :action-stop) "stop")
554: ((eq action :action-abort) "abort")
555: ((eq action :action-kill) "kill")
556: ((eq action :action-exit) "exit"))))
557: ; Only proceed if action is not nil
558: (when action
559: (let ((cmd (format "/dev/syd/default/stat:%s" action)))
560: ; Call syd--stat with the command
561: (syd--stat cmd)))))
562:
563: (defun syd-default-read (action)
564: "Set default action for Read sandboxing.
565: ACTION is a constant representing the sandboxing action."
566: (let ((action (cond
567: ((eq action :action-allow) "allow")
568: ((eq action :action-warn) "warn")
569: ((eq action :action-filter) "filter")
570: ((eq action :action-deny) "deny")
571: ((eq action :action-panic) "panic")
572: ((eq action :action-stop) "stop")
573: ((eq action :action-abort) "abort")
574: ((eq action :action-kill) "kill")
575: ((eq action :action-exit) "exit"))))
576: ; Only proceed if action is not nil
577: (when action
578: (let ((cmd (format "/dev/syd/default/read:%s" action)))
579: ; Call syd--stat with the command
580: (syd--stat cmd)))))
581:
582: (defun syd-default-write (action)
583: "Set default action for Write sandboxing.
584: ACTION is a constant representing the sandboxing action."
585: (let ((action (cond
586: ((eq action :action-allow) "allow")
587: ((eq action :action-warn) "warn")
588: ((eq action :action-filter) "filter")
589: ((eq action :action-deny) "deny")
590: ((eq action :action-panic) "panic")
591: ((eq action :action-stop) "stop")
592: ((eq action :action-abort) "abort")
593: ((eq action :action-kill) "kill")
594: ((eq action :action-exit) "exit"))))
595: ; Only proceed if action is not nil
596: (when action
597: (let ((cmd (format "/dev/syd/default/write:%s" action)))
598: ; Call syd--write with the command
599: (syd--stat cmd)))))
600:
601: (defun syd-default-exec (action)
602: "Set default action for Exec sandboxing.
603: ACTION is a constant representing the sandboxing action."
604: (let ((action (cond
605: ((eq action :action-allow) "allow")
606: ((eq action :action-warn) "warn")
607: ((eq action :action-filter) "filter")
608: ((eq action :action-deny) "deny")
609: ((eq action :action-panic) "panic")
610: ((eq action :action-stop) "stop")
611: ((eq action :action-abort) "abort")
612: ((eq action :action-kill) "kill")
613: ((eq action :action-exit) "exit"))))
614: ; Only proceed if action is not nil
615: (when action
616: (let ((cmd (format "/dev/syd/default/exec:%s" action)))
617: ; Call syd--exec with the command
618: (syd--stat cmd)))))
619:
620: (defun syd-default-ioctl (action)
621: "Set default action for Ioctl sandboxing.
622: ACTION is a constant representing the sandboxing action."
623: (let ((action (cond
624: ((eq action :action-allow) "allow")
625: ((eq action :action-warn) "warn")
626: ((eq action :action-filter) "filter")
627: ((eq action :action-deny) "deny")
628: ((eq action :action-panic) "panic")
629: ((eq action :action-stop) "stop")
630: ((eq action :action-abort) "abort")
631: ((eq action :action-kill) "kill")
632: ((eq action :action-exit) "exit"))))
633: ; Only proceed if action is not nil
634: (when action
635: (let ((cmd (format "/dev/syd/default/ioctl:%s" action)))
636: ; Call syd--ioctl with the command
637: (syd--stat cmd)))))
638:
639: (defun syd-default-create (action)
640: "Set default action for Create sandboxing.
641: ACTION is a constant representing the sandboxing action."
642: (let ((action (cond
643: ((eq action :action-allow) "allow")
644: ((eq action :action-warn) "warn")
645: ((eq action :action-filter) "filter")
646: ((eq action :action-deny) "deny")
647: ((eq action :action-panic) "panic")
648: ((eq action :action-stop) "stop")
649: ((eq action :action-abort) "abort")
650: ((eq action :action-kill) "kill")
651: ((eq action :action-exit) "exit"))))
652: ; Only proceed if action is not nil
653: (when action
654: (let ((cmd (format "/dev/syd/default/create:%s" action)))
655: ; Call syd--stat with the command
656: (syd--stat cmd)))))
657:
658: (defun syd-default-delete (action)
659: "Set default action for Delete sandboxing.
660: ACTION is a constant representing the sandboxing action."
661: (let ((action (cond
662: ((eq action :action-allow) "allow")
663: ((eq action :action-warn) "warn")
664: ((eq action :action-filter) "filter")
665: ((eq action :action-deny) "deny")
666: ((eq action :action-panic) "panic")
667: ((eq action :action-stop) "stop")
668: ((eq action :action-abort) "abort")
669: ((eq action :action-kill) "kill")
670: ((eq action :action-exit) "exit"))))
671: ; Only proceed if action is not nil
672: (when action
673: (let ((cmd (format "/dev/syd/default/delete:%s" action)))
674: ; Call syd--stat with the command
675: (syd--stat cmd)))))
676:
677: (defun syd-default-rename (action)
678: "Set default action for rename sandboxing.
679: ACTION is a constant representing the sandboxing action."
680: (let ((action (cond
681: ((eq action :action-allow) "allow")
682: ((eq action :action-warn) "warn")
683: ((eq action :action-filter) "filter")
684: ((eq action :action-deny) "deny")
685: ((eq action :action-panic) "panic")
686: ((eq action :action-stop) "stop")
687: ((eq action :action-abort) "abort")
688: ((eq action :action-kill) "kill")
689: ((eq action :action-exit) "exit"))))
690: ; Only proceed if action is not nil
691: (when action
692: (let ((cmd (format "/dev/syd/default/rename:%s" action)))
693: ; Call syd--stat with the command
694: (syd--stat cmd)))))
695:
696: (defun syd-default-symlink (action)
697: "Set default action for symlink sandboxing.
698: ACTION is a constant representing the sandboxing action."
699: (let ((action (cond
700: ((eq action :action-allow) "allow")
701: ((eq action :action-warn) "warn")
702: ((eq action :action-filter) "filter")
703: ((eq action :action-deny) "deny")
704: ((eq action :action-panic) "panic")
705: ((eq action :action-stop) "stop")
706: ((eq action :action-abort) "abort")
707: ((eq action :action-kill) "kill")
708: ((eq action :action-exit) "exit"))))
709: ; Only proceed if action is not nil
710: (when action
711: (let ((cmd (format "/dev/syd/default/symlink:%s" action)))
712: ; Call syd--stat with the command
713: (syd--stat cmd)))))
714:
715: (defun syd-default-truncate (action)
716: "Set default action for Truncate sandboxing.
717: ACTION is a constant representing the sandboxing action."
718: (let ((action (cond
719: ((eq action :action-allow) "allow")
720: ((eq action :action-warn) "warn")
721: ((eq action :action-filter) "filter")
722: ((eq action :action-deny) "deny")
723: ((eq action :action-panic) "panic")
724: ((eq action :action-stop) "stop")
725: ((eq action :action-abort) "abort")
726: ((eq action :action-kill) "kill")
727: ((eq action :action-exit) "exit"))))
728: ; Only proceed if action is not nil
729: (when action
730: (let ((cmd (format "/dev/syd/default/truncate:%s" action)))
731: ; Call syd--truncate with the command
732: (syd--stat cmd)))))
733:
734: (defun syd-default-chdir (action)
735: "Set default action for chdir sandboxing.
736: ACTION is a constant representing the sandboxing action."
737: (let ((action (cond
738: ((eq action :action-allow) "allow")
739: ((eq action :action-warn) "warn")
740: ((eq action :action-filter) "filter")
741: ((eq action :action-deny) "deny")
742: ((eq action :action-panic) "panic")
743: ((eq action :action-stop) "stop")
744: ((eq action :action-abort) "abort")
745: ((eq action :action-kill) "kill")
746: ((eq action :action-exit) "exit"))))
747: ; Only proceed if action is not nil
748: (when action
749: (let ((cmd (format "/dev/syd/default/chdir:%s" action)))
750: ; Call syd--chdir with the command
751: (syd--stat cmd)))))
752:
753: (defun syd-default-readdir (action)
754: "Set default action for readdir sandboxing.
755: ACTION is a constant representing the sandboxing action."
756: (let ((action (cond
757: ((eq action :action-allow) "allow")
758: ((eq action :action-warn) "warn")
759: ((eq action :action-filter) "filter")
760: ((eq action :action-deny) "deny")
761: ((eq action :action-panic) "panic")
762: ((eq action :action-stop) "stop")
763: ((eq action :action-abort) "abort")
764: ((eq action :action-kill) "kill")
765: ((eq action :action-exit) "exit"))))
766: ; Only proceed if action is not nil
767: (when action
768: (let ((cmd (format "/dev/syd/default/readdir:%s" action)))
769: ; Call syd--readdir with the command
770: (syd--stat cmd)))))
771:
772: (defun syd-default-mkdir (action)
773: "Set default action for mkdir sandboxing.
774: ACTION is a constant representing the sandboxing action."
775: (let ((action (cond
776: ((eq action :action-allow) "allow")
777: ((eq action :action-warn) "warn")
778: ((eq action :action-filter) "filter")
779: ((eq action :action-deny) "deny")
780: ((eq action :action-panic) "panic")
781: ((eq action :action-stop) "stop")
782: ((eq action :action-abort) "abort")
783: ((eq action :action-kill) "kill")
784: ((eq action :action-exit) "exit"))))
785: ; Only proceed if action is not nil
786: (when action
787: (let ((cmd (format "/dev/syd/default/mkdir:%s" action)))
788: ; Call syd--mkdir with the command
789: (syd--stat cmd)))))
790:
791: (defun syd-default-rmdir (action)
792: "Set default action for rmdir sandboxing.
793: ACTION is a constant representing the sandboxing action."
794: (let ((action (cond
795: ((eq action :action-allow) "allow")
796: ((eq action :action-warn) "warn")
797: ((eq action :action-filter) "filter")
798: ((eq action :action-deny) "deny")
799: ((eq action :action-panic) "panic")
800: ((eq action :action-stop) "stop")
801: ((eq action :action-abort) "abort")
802: ((eq action :action-kill) "kill")
803: ((eq action :action-exit) "exit"))))
804: ; Only proceed if action is not nil
805: (when action
806: (let ((cmd (format "/dev/syd/default/rmdir:%s" action)))
807: ; Call syd--rmdir with the command
808: (syd--stat cmd)))))
809:
810: (defun syd-default-chown (action)
811: "Set default action for Chown sandboxing.
812: ACTION is a constant representing the sandboxing action."
813: (let ((action (cond
814: ((eq action :action-allow) "allow")
815: ((eq action :action-warn) "warn")
816: ((eq action :action-filter) "filter")
817: ((eq action :action-deny) "deny")
818: ((eq action :action-panic) "panic")
819: ((eq action :action-stop) "stop")
820: ((eq action :action-abort) "abort")
821: ((eq action :action-kill) "kill")
822: ((eq action :action-exit) "exit"))))
823: ; Only proceed if action is not nil
824: (when action
825: (let ((cmd (format "/dev/syd/default/chown:%s" action)))
826: ; Call syd--stat with the command
827: (syd--stat cmd)))))
828:
829: (defun syd-default-chgrp (action)
830: "Set default action for Chgrp sandboxing.
831: ACTION is a constant representing the sandboxing action."
832: (let ((action (cond
833: ((eq action :action-allow) "allow")
834: ((eq action :action-warn) "warn")
835: ((eq action :action-filter) "filter")
836: ((eq action :action-deny) "deny")
837: ((eq action :action-panic) "panic")
838: ((eq action :action-stop) "stop")
839: ((eq action :action-abort) "abort")
840: ((eq action :action-kill) "kill")
841: ((eq action :action-exit) "exit"))))
842: ; Only proceed if action is not nil
843: (when action
844: (let ((cmd (format "/dev/syd/default/chgrp:%s" action)))
845: ; Call syd--stat with the command
846: (syd--stat cmd)))))
847:
848: (defun syd-default-chmod (action)
849: "Set default action for chmod sandboxing.
850: ACTION is a constant representing the sandboxing action."
851: (let ((action (cond
852: ((eq action :action-allow) "allow")
853: ((eq action :action-warn) "warn")
854: ((eq action :action-filter) "filter")
855: ((eq action :action-deny) "deny")
856: ((eq action :action-panic) "panic")
857: ((eq action :action-stop) "stop")
858: ((eq action :action-abort) "abort")
859: ((eq action :action-kill) "kill")
860: ((eq action :action-exit) "exit"))))
861: ; Only proceed if action is not nil
862: (when action
863: (let ((cmd (format "/dev/syd/default/chmod:%s" action)))
864: ; Call syd--stat with the command
865: (syd--stat cmd)))))
866:
867: (defun syd-default-chattr (action)
868: "Set default action for chattr sandboxing.
869: ACTION is a constant representing the sandboxing action."
870: (let ((action (cond
871: ((eq action :action-allow) "allow")
872: ((eq action :action-warn) "warn")
873: ((eq action :action-filter) "filter")
874: ((eq action :action-deny) "deny")
875: ((eq action :action-panic) "panic")
876: ((eq action :action-stop) "stop")
877: ((eq action :action-abort) "abort")
878: ((eq action :action-kill) "kill")
879: ((eq action :action-exit) "exit"))))
880: ; Only proceed if action is not nil
881: (when action
882: (let ((cmd (format "/dev/syd/default/chattr:%s" action)))
883: ; Call syd--stat with the command
884: (syd--stat cmd)))))
885:
886: (defun syd-default-chroot (action)
887: "Set default action for chroot sandboxing.
888: ACTION is a constant representing the sandboxing action."
889: (let ((action (cond
890: ((eq action :action-allow) "allow")
891: ((eq action :action-warn) "warn")
892: ((eq action :action-filter) "filter")
893: ((eq action :action-deny) "deny")
894: ((eq action :action-panic) "panic")
895: ((eq action :action-stop) "stop")
896: ((eq action :action-abort) "abort")
897: ((eq action :action-kill) "kill")
898: ((eq action :action-exit) "exit"))))
899: ; Only proceed if action is not nil
900: (when action
901: (let ((cmd (format "/dev/syd/default/chroot:%s" action)))
902: ; Call syd--stat with the command
903: (syd--stat cmd)))))
904:
905: (defun syd-default-notify (action)
906: "Set default action for notify sandboxing.
907: ACTION is a constant representing the sandboxing action."
908: (let ((action (cond
909: ((eq action :action-allow) "allow")
910: ((eq action :action-warn) "warn")
911: ((eq action :action-filter) "filter")
912: ((eq action :action-deny) "deny")
913: ((eq action :action-panic) "panic")
914: ((eq action :action-stop) "stop")
915: ((eq action :action-abort) "abort")
916: ((eq action :action-kill) "kill")
917: ((eq action :action-exit) "exit"))))
918: ; Only proceed if action is not nil
919: (when action
920: (let ((cmd (format "/dev/syd/default/notify:%s" action)))
921: ; Call syd--stat with the command
922: (syd--stat cmd)))))
923:
924: (defun syd-default-utime (action)
925: "Set default action for utime sandboxing.
926: ACTION is a constant representing the sandboxing action."
927: (let ((action (cond
928: ((eq action :action-allow) "allow")
929: ((eq action :action-warn) "warn")
930: ((eq action :action-filter) "filter")
931: ((eq action :action-deny) "deny")
932: ((eq action :action-panic) "panic")
933: ((eq action :action-stop) "stop")
934: ((eq action :action-abort) "abort")
935: ((eq action :action-kill) "kill")
936: ((eq action :action-exit) "exit"))))
937: ; Only proceed if action is not nil
938: (when action
939: (let ((cmd (format "/dev/syd/default/utime:%s" action)))
940: ; Call syd--stat with the command
941: (syd--stat cmd)))))
942:
943: (defun syd-default-mkbdev (action)
944: "Set default action for mkbdev sandboxing.
945: ACTION is a constant representing the sandboxing action."
946: (let ((action (cond
947: ((eq action :action-allow) "allow")
948: ((eq action :action-warn) "warn")
949: ((eq action :action-filter) "filter")
950: ((eq action :action-deny) "deny")
951: ((eq action :action-panic) "panic")
952: ((eq action :action-stop) "stop")
953: ((eq action :action-abort) "abort")
954: ((eq action :action-kill) "kill")
955: ((eq action :action-exit) "exit"))))
956: ; Only proceed if action is not nil
957: (when action
958: (let ((cmd (format "/dev/syd/default/mkbdev:%s" action)))
959: ; Call syd--stat with the command
960: (syd--stat cmd)))))
961:
962: (defun syd-default-mkcdev (action)
963: "Set default action for mkcdev sandboxing.
964: ACTION is a constant representing the sandboxing action."
965: (let ((action (cond
966: ((eq action :action-allow) "allow")
967: ((eq action :action-warn) "warn")
968: ((eq action :action-filter) "filter")
969: ((eq action :action-deny) "deny")
970: ((eq action :action-panic) "panic")
971: ((eq action :action-stop) "stop")
972: ((eq action :action-abort) "abort")
973: ((eq action :action-kill) "kill")
974: ((eq action :action-exit) "exit"))))
975: ; Only proceed if action is not nil
976: (when action
977: (let ((cmd (format "/dev/syd/default/mkcdev:%s" action)))
978: ; Call syd--stat with the command
979: (syd--stat cmd)))))
980:
981: (defun syd-default-mkfifo (action)
982: "Set default action for mkfifo sandboxing.
983: ACTION is a constant representing the sandboxing action."
984: (let ((action (cond
985: ((eq action :action-allow) "allow")
986: ((eq action :action-warn) "warn")
987: ((eq action :action-filter) "filter")
988: ((eq action :action-deny) "deny")
989: ((eq action :action-panic) "panic")
990: ((eq action :action-stop) "stop")
991: ((eq action :action-abort) "abort")
992: ((eq action :action-kill) "kill")
993: ((eq action :action-exit) "exit"))))
994: ; Only proceed if action is not nil
995: (when action
996: (let ((cmd (format "/dev/syd/default/mkfifo:%s" action)))
997: ; Call syd--stat with the command
998: (syd--stat cmd)))))
999:
1000: (defun syd-default-mktemp (action)
1001: "Set default action for mktemp sandboxing.
1002: ACTION is a constant representing the sandboxing action."
1003: (let ((action (cond
1004: ((eq action :action-allow) "allow")
1005: ((eq action :action-warn) "warn")
1006: ((eq action :action-filter) "filter")
1007: ((eq action :action-deny) "deny")
1008: ((eq action :action-panic) "panic")
1009: ((eq action :action-stop) "stop")
1010: ((eq action :action-abort) "abort")
1011: ((eq action :action-kill) "kill")
1012: ((eq action :action-exit) "exit"))))
1013: ; Only proceed if action is not nil
1014: (when action
1015: (let ((cmd (format "/dev/syd/default/mktemp:%s" action)))
1016: ; Call syd--stat with the command
1017: (syd--stat cmd)))))
1018:
1019: (defun syd-default-net (action)
1020: "Set default action for Network sandboxing.
1021: ACTION is a constant representing the sandboxing action."
1022: (let ((action (cond
1023: ((eq action :action-allow) "allow")
1024: ((eq action :action-warn) "warn")
1025: ((eq action :action-filter) "filter")
1026: ((eq action :action-deny) "deny")
1027: ((eq action :action-panic) "panic")
1028: ((eq action :action-stop) "stop")
1029: ((eq action :action-abort) "abort")
1030: ((eq action :action-kill) "kill")
1031: ((eq action :action-exit) "exit"))))
1032: ; Only proceed if action is not nil
1033: (when action
1034: (let ((cmd (format "/dev/syd/default/net:%s" action)))
1035: ; Call syd--net with the command
1036: (syd--stat cmd)))))
1037:
1038: ; TODO: syd-default-block!
1039:
1040: (defun syd-default-mem (action)
1041: "Set default action for Memory sandboxing.
1042: ACTION is a constant representing the sandboxing action."
1043: (let ((action (cond
1044: ((eq action :action-allow) "allow")
1045: ((eq action :action-warn) "warn")
1046: ((eq action :action-filter) "filter")
1047: ((eq action :action-deny) "deny")
1048: ((eq action :action-panic) "panic")
1049: ((eq action :action-stop) "stop")
1050: ((eq action :action-abort) "abort")
1051: ((eq action :action-kill) "kill")
1052: ((eq action :action-exit) "exit"))))
1053: ; Only proceed if action is not nil
1054: (when action
1055: (let ((cmd (format "/dev/syd/default/mem:%s" action)))
1056: ; Call syd--net with the command
1057: (syd--stat cmd)))))
1058:
1059: (defun syd-default-pid (action)
1060: "Set default action for PID sandboxing.
1061: ACTION is a constant representing the sandboxing action."
1062: (let ((action (cond
1063: ((eq action :action-allow) "allow")
1064: ((eq action :action-warn) "warn")
1065: ((eq action :action-filter) "filter")
1066: ((eq action :action-deny) "deny")
1067: ((eq action :action-panic) "panic")
1068: ((eq action :action-stop) "stop")
1069: ((eq action :action-abort) "abort")
1070: ((eq action :action-kill) "kill")
1071: ((eq action :action-exit) "exit"))))
1072: ; Only proceed if action is not nil
1073: (when action
1074: (let ((cmd (format "/dev/syd/default/pid:%s" action)))
1075: ; Call syd--net with the command
1076: (syd--stat cmd)))))
1077:
1078: (defun syd-default-force (action)
1079: "Set default action for Force sandboxing.
1080: ACTION is a constant representing the sandboxing action."
1081: (let ((action (cond
1082: ((eq action :action-allow) "allow")
1083: ((eq action :action-warn) "warn")
1084: ((eq action :action-filter) "filter")
1085: ((eq action :action-deny) "deny")
1086: ((eq action :action-panic) "panic")
1087: ((eq action :action-stop) "stop")
1088: ((eq action :action-abort) "abort")
1089: ((eq action :action-kill) "kill")
1090: ((eq action :action-exit) "exit"))))
1091: ; Only proceed if action is not nil
1092: (when action
1093: (let ((cmd (format "/dev/syd/default/force:%s" action)))
1094: ; Call syd--net with the command
1095: (syd--stat cmd)))))
1096:
1097: (defun syd-default-segvguard (action)
1098: "Set default action for SegvGuard.
1099: ACTION is a constant representing the sandboxing action."
1100: (let ((action (cond
1101: ((eq action :action-allow) "allow")
1102: ((eq action :action-warn) "warn")
1103: ((eq action :action-filter) "filter")
1104: ((eq action :action-deny) "deny")
1105: ((eq action :action-panic) "panic")
1106: ((eq action :action-stop) "stop")
1107: ((eq action :action-abort) "abort")
1108: ((eq action :action-kill) "kill")
1109: ((eq action :action-exit) "exit"))))
1110: ; Only proceed if action is not nil
1111: (when action
1112: (let ((cmd (format "/dev/syd/default/segvguard:%s" action)))
1113: ; Call syd--net with the command
1114: (syd--stat cmd)))))
1115:
1116: (defun syd-default-tpe (action)
1117: "Set default action for TPE sandboxing.
1118: ACTION is a constant representing the sandboxing action."
1119: (let ((action (cond
1120: ((eq action :action-allow) "allow")
1121: ((eq action :action-warn) "warn")
1122: ((eq action :action-filter) "filter")
1123: ((eq action :action-deny) "deny")
1124: ((eq action :action-panic) "panic")
1125: ((eq action :action-stop) "stop")
1126: ((eq action :action-abort) "abort")
1127: ((eq action :action-kill) "kill")
1128: ((eq action :action-exit) "exit"))))
1129: ; Only proceed if action is not nil
1130: (when action
1131: (let ((cmd (format "/dev/syd/default/tpe:%s" action)))
1132: ; Call syd--net with the command
1133: (syd--stat cmd)))))
1134:
1135: (defun syd-ioctl-deny (request)
1136: "Adds a request to the _ioctl_(2) denylist.
1137: REQUEST is the _ioctl_(2) request number to add to the denylist."
1138: (unless (numberp request)
1139: (error "Request must be a number"))
1140: (let ((path (format "/dev/syd/ioctl/deny+%d" request)))
1141: (syd--stat path)))
1142:
1143: (defun syd-fs-add (action glob)
1144: "Adds to the given actionlist of Filesystem sandboxing.
1145: ACTION is a constant representing the sandboxing action.
1146: GLOB is a string representing the glob pattern."
1147: (let ((action (cond
1148: ((eq action :action-allow) "allow")
1149: ((eq action :action-warn) "warn")
1150: ((eq action :action-filter) "filter")
1151: ((eq action :action-deny) "deny")
1152: ((eq action :action-panic) "panic")
1153: ((eq action :action-stop) "stop")
1154: ((eq action :action-abort) "abort")
1155: ((eq action :action-kill) "kill")
1156: ((eq action :action-exit) "exit"))))
1157: ; Only proceed if action is not nil
1158: (when action
1159: ; Create the command string
1160: (let ((cmd (format "%s/fs" action)))
1161: ; Call syd--stat with the command
1162: (syd--stat (syd--rule cmd glob ?+))))))
1163:
1164: (defun syd-fs-del (action glob)
1165: "Removes the first matching entry from the end of the given actionlist
1166: of Filesystem sandboxing.
1167: ACTION is a constant representing the sandboxing action.
1168: GLOB is a string representing the glob pattern."
1169: (let ((action (cond
1170: ((eq action :action-allow) "allow")
1171: ((eq action :action-warn) "warn")
1172: ((eq action :action-filter) "filter")
1173: ((eq action :action-deny) "deny")
1174: ((eq action :action-panic) "panic")
1175: ((eq action :action-stop) "stop")
1176: ((eq action :action-abort) "abort")
1177: ((eq action :action-kill) "kill")
1178: ((eq action :action-exit) "exit"))))
1179: ; Only proceed if action is not nil
1180: (when action
1181: ; Create the command string
1182: (let ((cmd (format "%s/fs" action)))
1183: ; Call syd--stat with the command
1184: (syd--stat (syd--rule cmd glob ?-))))))
1185:
1186: (defun syd-fs-rem (action glob)
1187: "Removes all matching entries from the given actionlist of Filesystem sandboxing.
1188: ACTION is a constant representing the sandboxing action.
1189: GLOB is a string representing the glob pattern."
1190: (let ((action (cond
1191: ((eq action :action-allow) "allow")
1192: ((eq action :action-warn) "warn")
1193: ((eq action :action-filter) "filter")
1194: ((eq action :action-deny) "deny")
1195: ((eq action :action-panic) "panic")
1196: ((eq action :action-stop) "stop")
1197: ((eq action :action-abort) "abort")
1198: ((eq action :action-kill) "kill")
1199: ((eq action :action-exit) "exit"))))
1200: ; Only proceed if action is not nil
1201: (when action
1202: ; Create the command string
1203: (let ((cmd (format "%s/fs" action)))
1204: ; Call syd--stat with the command
1205: (syd--stat (syd--rule cmd glob ?^))))))
1206:
1207: (defun syd-walk-add (action glob)
1208: "Adds to the given actionlist of walk sandboxing.
1209: ACTION is a constant representing the sandboxing action.
1210: GLOB is a string representing the glob pattern."
1211: (let ((action (cond
1212: ((eq action :action-allow) "allow")
1213: ((eq action :action-warn) "warn")
1214: ((eq action :action-filter) "filter")
1215: ((eq action :action-deny) "deny")
1216: ((eq action :action-panic) "panic")
1217: ((eq action :action-stop) "stop")
1218: ((eq action :action-abort) "abort")
1219: ((eq action :action-kill) "kill")
1220: ((eq action :action-exit) "exit"))))
1221: ; Only proceed if action is not nil
1222: (when action
1223: ; Create the command string
1224: (let ((cmd (format "%s/walk" action)))
1225: ; Call syd--stat with the command
1226: (syd--stat (syd--rule cmd glob ?+))))))
1227:
1228: (defun syd-walk-del (action glob)
1229: "Removes the first matching entry from the end of the given actionlist
1230: of walk sandboxing.
1231: ACTION is a constant representing the sandboxing action.
1232: GLOB is a string representing the glob pattern."
1233: (let ((action (cond
1234: ((eq action :action-allow) "allow")
1235: ((eq action :action-warn) "warn")
1236: ((eq action :action-filter) "filter")
1237: ((eq action :action-deny) "deny")
1238: ((eq action :action-panic) "panic")
1239: ((eq action :action-stop) "stop")
1240: ((eq action :action-abort) "abort")
1241: ((eq action :action-kill) "kill")
1242: ((eq action :action-exit) "exit"))))
1243: ; Only proceed if action is not nil
1244: (when action
1245: ; Create the command string
1246: (let ((cmd (format "%s/walk" action)))
1247: ; Call syd--stat with the command
1248: (syd--stat (syd--rule cmd glob ?-))))))
1249:
1250: (defun syd-walk-rem (action glob)
1251: "Removes all matching entries from the given actionlist of walk sandboxing.
1252: ACTION is a constant representing the sandboxing action.
1253: GLOB is a string representing the glob pattern."
1254: (let ((action (cond
1255: ((eq action :action-allow) "allow")
1256: ((eq action :action-warn) "warn")
1257: ((eq action :action-filter) "filter")
1258: ((eq action :action-deny) "deny")
1259: ((eq action :action-panic) "panic")
1260: ((eq action :action-stop) "stop")
1261: ((eq action :action-abort) "abort")
1262: ((eq action :action-kill) "kill")
1263: ((eq action :action-exit) "exit"))))
1264: ; Only proceed if action is not nil
1265: (when action
1266: ; Create the command string
1267: (let ((cmd (format "%s/walk" action)))
1268: ; Call syd--stat with the command
1269: (syd--stat (syd--rule cmd glob ?^))))))
1270:
1271: (defun syd-stat-add (action glob)
1272: "Adds to the given actionlist of stat sandboxing.
1273: ACTION is a constant representing the sandboxing action.
1274: GLOB is a string representing the glob pattern."
1275: (let ((action (cond
1276: ((eq action :action-allow) "allow")
1277: ((eq action :action-warn) "warn")
1278: ((eq action :action-filter) "filter")
1279: ((eq action :action-deny) "deny")
1280: ((eq action :action-panic) "panic")
1281: ((eq action :action-stop) "stop")
1282: ((eq action :action-abort) "abort")
1283: ((eq action :action-kill) "kill")
1284: ((eq action :action-exit) "exit"))))
1285: ; Only proceed if action is not nil
1286: (when action
1287: ; Create the command string
1288: (let ((cmd (format "%s/stat" action)))
1289: ; Call syd--stat with the command
1290: (syd--stat (syd--rule cmd glob ?+))))))
1291:
1292: (defun syd-stat-del (action glob)
1293: "Removes the first matching entry from the end of the given actionlist
1294: of stat sandboxing.
1295: ACTION is a constant representing the sandboxing action.
1296: GLOB is a string representing the glob pattern."
1297: (let ((action (cond
1298: ((eq action :action-allow) "allow")
1299: ((eq action :action-warn) "warn")
1300: ((eq action :action-filter) "filter")
1301: ((eq action :action-deny) "deny")
1302: ((eq action :action-panic) "panic")
1303: ((eq action :action-stop) "stop")
1304: ((eq action :action-abort) "abort")
1305: ((eq action :action-kill) "kill")
1306: ((eq action :action-exit) "exit"))))
1307: ; Only proceed if action is not nil
1308: (when action
1309: ; Create the command string
1310: (let ((cmd (format "%s/stat" action)))
1311: ; Call syd--stat with the command
1312: (syd--stat (syd--rule cmd glob ?-))))))
1313:
1314: (defun syd-stat-rem (action glob)
1315: "Removes all matching entries from the given actionlist of stat sandboxing.
1316: ACTION is a constant representing the sandboxing action.
1317: GLOB is a string representing the glob pattern."
1318: (let ((action (cond
1319: ((eq action :action-allow) "allow")
1320: ((eq action :action-warn) "warn")
1321: ((eq action :action-filter) "filter")
1322: ((eq action :action-deny) "deny")
1323: ((eq action :action-panic) "panic")
1324: ((eq action :action-stop) "stop")
1325: ((eq action :action-abort) "abort")
1326: ((eq action :action-kill) "kill")
1327: ((eq action :action-exit) "exit"))))
1328: ; Only proceed if action is not nil
1329: (when action
1330: ; Create the command string
1331: (let ((cmd (format "%s/stat" action)))
1332: ; Call syd--stat with the command
1333: (syd--stat (syd--rule cmd glob ?^))))))
1334:
1335: (defun syd-read-add (action glob)
1336: "Adds to the given actionlist of read sandboxing.
1337: ACTION is a constant representing the sandboxing action.
1338: GLOB is a string representing the glob pattern."
1339: (let ((action (cond
1340: ((eq action :action-allow) "allow")
1341: ((eq action :action-warn) "warn")
1342: ((eq action :action-filter) "filter")
1343: ((eq action :action-deny) "deny")
1344: ((eq action :action-panic) "panic")
1345: ((eq action :action-stop) "stop")
1346: ((eq action :action-abort) "abort")
1347: ((eq action :action-kill) "kill")
1348: ((eq action :action-exit) "exit"))))
1349: ; Only proceed if action is not nil
1350: (when action
1351: ; Create the command string
1352: (let ((cmd (format "%s/read" action)))
1353: ; Call syd--stat with the command
1354: (syd--stat (syd--rule cmd glob ?+))))))
1355:
1356: (defun syd-read-del (action glob)
1357: "Removes the first matching entry from the end of the given actionlist
1358: of read sandboxing.
1359: ACTION is a constant representing the sandboxing action.
1360: GLOB is a string representing the glob pattern."
1361: (let ((action (cond
1362: ((eq action :action-allow) "allow")
1363: ((eq action :action-warn) "warn")
1364: ((eq action :action-filter) "filter")
1365: ((eq action :action-deny) "deny")
1366: ((eq action :action-panic) "panic")
1367: ((eq action :action-stop) "stop")
1368: ((eq action :action-abort) "abort")
1369: ((eq action :action-kill) "kill")
1370: ((eq action :action-exit) "exit"))))
1371: ; Only proceed if action is not nil
1372: (when action
1373: ; Create the command string
1374: (let ((cmd (format "%s/read" action)))
1375: ; Call syd--stat with the command
1376: (syd--stat (syd--rule cmd glob ?-))))))
1377:
1378: (defun syd-read-rem (action glob)
1379: "Removes all matching entries from the given actionlist of read sandboxing.
1380: ACTION is a constant representing the sandboxing action.
1381: GLOB is a string representing the glob pattern."
1382: (let ((action (cond
1383: ((eq action :action-allow) "allow")
1384: ((eq action :action-warn) "warn")
1385: ((eq action :action-filter) "filter")
1386: ((eq action :action-deny) "deny")
1387: ((eq action :action-panic) "panic")
1388: ((eq action :action-stop) "stop")
1389: ((eq action :action-abort) "abort")
1390: ((eq action :action-kill) "kill")
1391: ((eq action :action-exit) "exit"))))
1392: ; Only proceed if action is not nil
1393: (when action
1394: ; Create the command string
1395: (let ((cmd (format "%s/read" action)))
1396: ; Call syd--stat with the command
1397: (syd--stat (syd--rule cmd glob ?^))))))
1398:
1399: (defun syd-write-add (action glob)
1400: "Adds to the given actionlist of write sandboxing.
1401: ACTION is a constant representing the sandboxing action.
1402: GLOB is a string representing the glob pattern."
1403: (let ((action (cond
1404: ((eq action :action-allow) "allow")
1405: ((eq action :action-warn) "warn")
1406: ((eq action :action-filter) "filter")
1407: ((eq action :action-deny) "deny")
1408: ((eq action :action-panic) "panic")
1409: ((eq action :action-stop) "stop")
1410: ((eq action :action-abort) "abort")
1411: ((eq action :action-kill) "kill")
1412: ((eq action :action-exit) "exit"))))
1413: ; Only proceed if action is not nil
1414: (when action
1415: ; Create the command string
1416: (let ((cmd (format "%s/write" action)))
1417: ; Call syd--stat with the command
1418: (syd--stat (syd--rule cmd glob ?+))))))
1419:
1420: (defun syd-write-del (action glob)
1421: "Removes the first matching entry from the end of the given actionlist
1422: of write sandboxing.
1423: ACTION is a constant representing the sandboxing action.
1424: GLOB is a string representing the glob pattern."
1425: (let ((action (cond
1426: ((eq action :action-allow) "allow")
1427: ((eq action :action-warn) "warn")
1428: ((eq action :action-filter) "filter")
1429: ((eq action :action-deny) "deny")
1430: ((eq action :action-panic) "panic")
1431: ((eq action :action-stop) "stop")
1432: ((eq action :action-abort) "abort")
1433: ((eq action :action-kill) "kill")
1434: ((eq action :action-exit) "exit"))))
1435: ; Only proceed if action is not nil
1436: (when action
1437: ; Create the command string
1438: (let ((cmd (format "%s/write" action)))
1439: ; Call syd--stat with the command
1440: (syd--stat (syd--rule cmd glob ?-))))))
1441:
1442: (defun syd-write-rem (action glob)
1443: "Removes all matching entries from the given actionlist of write sandboxing.
1444: ACTION is a constant representing the sandboxing action.
1445: GLOB is a string representing the glob pattern."
1446: (let ((action (cond
1447: ((eq action :action-allow) "allow")
1448: ((eq action :action-warn) "warn")
1449: ((eq action :action-filter) "filter")
1450: ((eq action :action-deny) "deny")
1451: ((eq action :action-panic) "panic")
1452: ((eq action :action-stop) "stop")
1453: ((eq action :action-abort) "abort")
1454: ((eq action :action-kill) "kill")
1455: ((eq action :action-exit) "exit"))))
1456: ; Only proceed if action is not nil
1457: (when action
1458: ; Create the command string
1459: (let ((cmd (format "%s/write" action)))
1460: ; Call syd--stat with the command
1461: (syd--stat (syd--rule cmd glob ?^))))))
1462:
1463: (defun syd-exec-add (action glob)
1464: "Adds to the given actionlist of exec sandboxing.
1465: ACTION is a constant representing the sandboxing action.
1466: GLOB is a string representing the glob pattern."
1467: (let ((action (cond
1468: ((eq action :action-allow) "allow")
1469: ((eq action :action-warn) "warn")
1470: ((eq action :action-filter) "filter")
1471: ((eq action :action-deny) "deny")
1472: ((eq action :action-panic) "panic")
1473: ((eq action :action-stop) "stop")
1474: ((eq action :action-abort) "abort")
1475: ((eq action :action-kill) "kill")
1476: ((eq action :action-exit) "exit"))))
1477: ; Only proceed if action is not nil
1478: (when action
1479: ; Create the command string
1480: (let ((cmd (format "%s/exec" action)))
1481: ; Call syd--stat with the command
1482: (syd--stat (syd--rule cmd glob ?+))))))
1483:
1484: (defun syd-exec-del (action glob)
1485: "Removes the first matching entry from the end of the given actionlist
1486: of exec sandboxing.
1487: ACTION is a constant representing the sandboxing action.
1488: GLOB is a string representing the glob pattern."
1489: (let ((action (cond
1490: ((eq action :action-allow) "allow")
1491: ((eq action :action-warn) "warn")
1492: ((eq action :action-filter) "filter")
1493: ((eq action :action-deny) "deny")
1494: ((eq action :action-panic) "panic")
1495: ((eq action :action-stop) "stop")
1496: ((eq action :action-abort) "abort")
1497: ((eq action :action-kill) "kill")
1498: ((eq action :action-exit) "exit"))))
1499: ; Only proceed if action is not nil
1500: (when action
1501: ; Create the command string
1502: (let ((cmd (format "%s/exec" action)))
1503: ; Call syd--stat with the command
1504: (syd--stat (syd--rule cmd glob ?-))))))
1505:
1506: (defun syd-exec-rem (action glob)
1507: "Removes all matching entries from the given actionlist of exec sandboxing.
1508: ACTION is a constant representing the sandboxing action.
1509: GLOB is a string representing the glob pattern."
1510: (let ((action (cond
1511: ((eq action :action-allow) "allow")
1512: ((eq action :action-warn) "warn")
1513: ((eq action :action-filter) "filter")
1514: ((eq action :action-deny) "deny")
1515: ((eq action :action-panic) "panic")
1516: ((eq action :action-stop) "stop")
1517: ((eq action :action-abort) "abort")
1518: ((eq action :action-kill) "kill")
1519: ((eq action :action-exit) "exit"))))
1520: ; Only proceed if action is not nil
1521: (when action
1522: ; Create the command string
1523: (let ((cmd (format "%s/exec" action)))
1524: ; Call syd--stat with the command
1525: (syd--stat (syd--rule cmd glob ?^))))))
1526:
1527: (defun syd-ioctl-add (action glob)
1528: "Adds to the given actionlist of ioctl sandboxing.
1529: ACTION is a constant representing the sandboxing action.
1530: GLOB is a string representing the glob pattern."
1531: (let ((action (cond
1532: ((eq action :action-allow) "allow")
1533: ((eq action :action-warn) "warn")
1534: ((eq action :action-filter) "filter")
1535: ((eq action :action-deny) "deny")
1536: ((eq action :action-panic) "panic")
1537: ((eq action :action-stop) "stop")
1538: ((eq action :action-abort) "abort")
1539: ((eq action :action-kill) "kill")
1540: ((eq action :action-exit) "exit"))))
1541: ; Only proceed if action is not nil
1542: (when action
1543: ; Create the command string
1544: (let ((cmd (format "%s/ioctl" action)))
1545: ; Call syd--stat with the command
1546: (syd--stat (syd--rule cmd glob ?+))))))
1547:
1548: (defun syd-ioctl-del (action glob)
1549: "Removes the first matching entry from the end of the given actionlist
1550: of ioctl sandboxing.
1551: ACTION is a constant representing the sandboxing action.
1552: GLOB is a string representing the glob pattern."
1553: (let ((action (cond
1554: ((eq action :action-allow) "allow")
1555: ((eq action :action-warn) "warn")
1556: ((eq action :action-filter) "filter")
1557: ((eq action :action-deny) "deny")
1558: ((eq action :action-panic) "panic")
1559: ((eq action :action-stop) "stop")
1560: ((eq action :action-abort) "abort")
1561: ((eq action :action-kill) "kill")
1562: ((eq action :action-exit) "exit"))))
1563: ; Only proceed if action is not nil
1564: (when action
1565: ; Create the command string
1566: (let ((cmd (format "%s/ioctl" action)))
1567: ; Call syd--stat with the command
1568: (syd--stat (syd--rule cmd glob ?-))))))
1569:
1570: (defun syd-ioctl-rem (action glob)
1571: "Removes all matching entries from the given actionlist of ioctl sandboxing.
1572: ACTION is a constant representing the sandboxing action.
1573: GLOB is a string representing the glob pattern."
1574: (let ((action (cond
1575: ((eq action :action-allow) "allow")
1576: ((eq action :action-warn) "warn")
1577: ((eq action :action-filter) "filter")
1578: ((eq action :action-deny) "deny")
1579: ((eq action :action-panic) "panic")
1580: ((eq action :action-stop) "stop")
1581: ((eq action :action-abort) "abort")
1582: ((eq action :action-kill) "kill")
1583: ((eq action :action-exit) "exit"))))
1584: ; Only proceed if action is not nil
1585: (when action
1586: ; Create the command string
1587: (let ((cmd (format "%s/ioctl" action)))
1588: ; Call syd--stat with the command
1589: (syd--stat (syd--rule cmd glob ?^))))))
1590:
1591: (defun syd-create-add (action glob)
1592: "Adds to the given actionlist of create sandboxing.
1593: ACTION is a constant representing the sandboxing action.
1594: GLOB is a string representing the glob pattern."
1595: (let ((action (cond
1596: ((eq action :action-allow) "allow")
1597: ((eq action :action-warn) "warn")
1598: ((eq action :action-filter) "filter")
1599: ((eq action :action-deny) "deny")
1600: ((eq action :action-panic) "panic")
1601: ((eq action :action-stop) "stop")
1602: ((eq action :action-abort) "abort")
1603: ((eq action :action-kill) "kill")
1604: ((eq action :action-exit) "exit"))))
1605: ; Only proceed if action is not nil
1606: (when action
1607: ; Create the command string
1608: (let ((cmd (format "%s/create" action)))
1609: ; Call syd--stat with the command
1610: (syd--stat (syd--rule cmd glob ?+))))))
1611:
1612: (defun syd-create-del (action glob)
1613: "Removes the first matching entry from the end of the given actionlist
1614: of create sandboxing.
1615: ACTION is a constant representing the sandboxing action.
1616: GLOB is a string representing the glob pattern."
1617: (let ((action (cond
1618: ((eq action :action-allow) "allow")
1619: ((eq action :action-warn) "warn")
1620: ((eq action :action-filter) "filter")
1621: ((eq action :action-deny) "deny")
1622: ((eq action :action-panic) "panic")
1623: ((eq action :action-stop) "stop")
1624: ((eq action :action-abort) "abort")
1625: ((eq action :action-kill) "kill")
1626: ((eq action :action-exit) "exit"))))
1627: ; Only proceed if action is not nil
1628: (when action
1629: ; Create the command string
1630: (let ((cmd (format "%s/create" action)))
1631: ; Call syd--stat with the command
1632: (syd--stat (syd--rule cmd glob ?-))))))
1633:
1634: (defun syd-create-rem (action glob)
1635: "Removes all matching entries from the given actionlist of create sandboxing.
1636: ACTION is a constant representing the sandboxing action.
1637: GLOB is a string representing the glob pattern."
1638: (let ((action (cond
1639: ((eq action :action-allow) "allow")
1640: ((eq action :action-warn) "warn")
1641: ((eq action :action-filter) "filter")
1642: ((eq action :action-deny) "deny")
1643: ((eq action :action-panic) "panic")
1644: ((eq action :action-stop) "stop")
1645: ((eq action :action-abort) "abort")
1646: ((eq action :action-kill) "kill")
1647: ((eq action :action-exit) "exit"))))
1648: ; Only proceed if action is not nil
1649: (when action
1650: ; Create the command string
1651: (let ((cmd (format "%s/create" action)))
1652: ; Call syd--stat with the command
1653: (syd--stat (syd--rule cmd glob ?^))))))
1654:
1655: (defun syd-delete-add (action glob)
1656: "Adds to the given actionlist of delete sandboxing.
1657: ACTION is a constant representing the sandboxing action.
1658: GLOB is a string representing the glob pattern."
1659: (let ((action (cond
1660: ((eq action :action-allow) "allow")
1661: ((eq action :action-warn) "warn")
1662: ((eq action :action-filter) "filter")
1663: ((eq action :action-deny) "deny")
1664: ((eq action :action-panic) "panic")
1665: ((eq action :action-stop) "stop")
1666: ((eq action :action-abort) "abort")
1667: ((eq action :action-kill) "kill")
1668: ((eq action :action-exit) "exit"))))
1669: ; Only proceed if action is not nil
1670: (when action
1671: ; delete the command string
1672: (let ((cmd (format "%s/delete" action)))
1673: ; Call syd--stat with the command
1674: (syd--stat (syd--rule cmd glob ?+))))))
1675:
1676: (defun syd-delete-del (action glob)
1677: "Removes the first matching entry from the end of the given actionlist
1678: of delete sandboxing.
1679: ACTION is a constant representing the sandboxing action.
1680: GLOB is a string representing the glob pattern."
1681: (let ((action (cond
1682: ((eq action :action-allow) "allow")
1683: ((eq action :action-warn) "warn")
1684: ((eq action :action-filter) "filter")
1685: ((eq action :action-deny) "deny")
1686: ((eq action :action-panic) "panic")
1687: ((eq action :action-stop) "stop")
1688: ((eq action :action-abort) "abort")
1689: ((eq action :action-kill) "kill")
1690: ((eq action :action-exit) "exit"))))
1691: ; Only proceed if action is not nil
1692: (when action
1693: ; delete the command string
1694: (let ((cmd (format "%s/delete" action)))
1695: ; Call syd--stat with the command
1696: (syd--stat (syd--rule cmd glob ?-))))))
1697:
1698: (defun syd-delete-rem (action glob)
1699: "Removes all matching entries from the given actionlist of delete sandboxing.
1700: ACTION is a constant representing the sandboxing action.
1701: GLOB is a string representing the glob pattern."
1702: (let ((action (cond
1703: ((eq action :action-allow) "allow")
1704: ((eq action :action-warn) "warn")
1705: ((eq action :action-filter) "filter")
1706: ((eq action :action-deny) "deny")
1707: ((eq action :action-panic) "panic")
1708: ((eq action :action-stop) "stop")
1709: ((eq action :action-abort) "abort")
1710: ((eq action :action-kill) "kill")
1711: ((eq action :action-exit) "exit"))))
1712: ; Only proceed if action is not nil
1713: (when action
1714: ; delete the command string
1715: (let ((cmd (format "%s/delete" action)))
1716: ; Call syd--stat with the command
1717: (syd--stat (syd--rule cmd glob ?^))))))
1718:
1719: (defun syd-rename-add (action glob)
1720: "Adds to the given actionlist of rename sandboxing.
1721: ACTION is a constant representing the sandboxing action.
1722: GLOB is a string representing the glob pattern."
1723: (let ((action (cond
1724: ((eq action :action-allow) "allow")
1725: ((eq action :action-warn) "warn")
1726: ((eq action :action-filter) "filter")
1727: ((eq action :action-deny) "deny")
1728: ((eq action :action-panic) "panic")
1729: ((eq action :action-stop) "stop")
1730: ((eq action :action-abort) "abort")
1731: ((eq action :action-kill) "kill")
1732: ((eq action :action-exit) "exit"))))
1733: ; Only proceed if action is not nil
1734: (when action
1735: ; rename the command string
1736: (let ((cmd (format "%s/rename" action)))
1737: ; Call syd--stat with the command
1738: (syd--stat (syd--rule cmd glob ?+))))))
1739:
1740: (defun syd-rename-del (action glob)
1741: "Removes the first matching entry from the end of the given actionlist
1742: of rename sandboxing.
1743: ACTION is a constant representing the sandboxing action.
1744: GLOB is a string representing the glob pattern."
1745: (let ((action (cond
1746: ((eq action :action-allow) "allow")
1747: ((eq action :action-warn) "warn")
1748: ((eq action :action-filter) "filter")
1749: ((eq action :action-deny) "deny")
1750: ((eq action :action-panic) "panic")
1751: ((eq action :action-stop) "stop")
1752: ((eq action :action-abort) "abort")
1753: ((eq action :action-kill) "kill")
1754: ((eq action :action-exit) "exit"))))
1755: ; Only proceed if action is not nil
1756: (when action
1757: ; rename the command string
1758: (let ((cmd (format "%s/rename" action)))
1759: ; Call syd--stat with the command
1760: (syd--stat (syd--rule cmd glob ?-))))))
1761:
1762: (defun syd-rename-rem (action glob)
1763: "Removes all matching entries from the given actionlist of rename sandboxing.
1764: ACTION is a constant representing the sandboxing action.
1765: GLOB is a string representing the glob pattern."
1766: (let ((action (cond
1767: ((eq action :action-allow) "allow")
1768: ((eq action :action-warn) "warn")
1769: ((eq action :action-filter) "filter")
1770: ((eq action :action-deny) "deny")
1771: ((eq action :action-panic) "panic")
1772: ((eq action :action-stop) "stop")
1773: ((eq action :action-abort) "abort")
1774: ((eq action :action-kill) "kill")
1775: ((eq action :action-exit) "exit"))))
1776: ; Only proceed if action is not nil
1777: (when action
1778: ; rename the command string
1779: (let ((cmd (format "%s/rename" action)))
1780: ; Call syd--stat with the command
1781: (syd--stat (syd--rule cmd glob ?^))))))
1782:
1783: (defun syd-symlink-add (action glob)
1784: "Adds to the given actionlist of symlink sandboxing.
1785: ACTION is a constant representing the sandboxing action.
1786: GLOB is a string representing the glob pattern."
1787: (let ((action (cond
1788: ((eq action :action-allow) "allow")
1789: ((eq action :action-warn) "warn")
1790: ((eq action :action-filter) "filter")
1791: ((eq action :action-deny) "deny")
1792: ((eq action :action-panic) "panic")
1793: ((eq action :action-stop) "stop")
1794: ((eq action :action-abort) "abort")
1795: ((eq action :action-kill) "kill")
1796: ((eq action :action-exit) "exit"))))
1797: ; Only proceed if action is not nil
1798: (when action
1799: ; symlink the command string
1800: (let ((cmd (format "%s/symlink" action)))
1801: ; Call syd--stat with the command
1802: (syd--stat (syd--rule cmd glob ?+))))))
1803:
1804: (defun syd-symlink-del (action glob)
1805: "Removes the first matching entry from the end of the given actionlist
1806: of symlink sandboxing.
1807: ACTION is a constant representing the sandboxing action.
1808: GLOB is a string representing the glob pattern."
1809: (let ((action (cond
1810: ((eq action :action-allow) "allow")
1811: ((eq action :action-warn) "warn")
1812: ((eq action :action-filter) "filter")
1813: ((eq action :action-deny) "deny")
1814: ((eq action :action-panic) "panic")
1815: ((eq action :action-stop) "stop")
1816: ((eq action :action-abort) "abort")
1817: ((eq action :action-kill) "kill")
1818: ((eq action :action-exit) "exit"))))
1819: ; Only proceed if action is not nil
1820: (when action
1821: ; symlink the command string
1822: (let ((cmd (format "%s/symlink" action)))
1823: ; Call syd--stat with the command
1824: (syd--stat (syd--rule cmd glob ?-))))))
1825:
1826: (defun syd-symlink-rem (action glob)
1827: "Removes all matching entries from the given actionlist of symlink sandboxing.
1828: ACTION is a constant representing the sandboxing action.
1829: GLOB is a string representing the glob pattern."
1830: (let ((action (cond
1831: ((eq action :action-allow) "allow")
1832: ((eq action :action-warn) "warn")
1833: ((eq action :action-filter) "filter")
1834: ((eq action :action-deny) "deny")
1835: ((eq action :action-panic) "panic")
1836: ((eq action :action-stop) "stop")
1837: ((eq action :action-abort) "abort")
1838: ((eq action :action-kill) "kill")
1839: ((eq action :action-exit) "exit"))))
1840: ; Only proceed if action is not nil
1841: (when action
1842: ; symlink the command string
1843: (let ((cmd (format "%s/symlink" action)))
1844: ; Call syd--stat with the command
1845: (syd--stat (syd--rule cmd glob ?^))))))
1846:
1847: (defun syd-truncate-add (action glob)
1848: "Adds to the given actionlist of truncate sandboxing.
1849: ACTION is a constant representing the sandboxing action.
1850: GLOB is a string representing the glob pattern."
1851: (let ((action (cond
1852: ((eq action :action-allow) "allow")
1853: ((eq action :action-warn) "warn")
1854: ((eq action :action-filter) "filter")
1855: ((eq action :action-deny) "deny")
1856: ((eq action :action-panic) "panic")
1857: ((eq action :action-stop) "stop")
1858: ((eq action :action-abort) "abort")
1859: ((eq action :action-kill) "kill")
1860: ((eq action :action-exit) "exit"))))
1861: ; Only proceed if action is not nil
1862: (when action
1863: ; truncate the command string
1864: (let ((cmd (format "%s/truncate" action)))
1865: ; Call syd--stat with the command
1866: (syd--stat (syd--rule cmd glob ?+))))))
1867:
1868: (defun syd-truncate-del (action glob)
1869: "Removes the first matching entry from the end of the given actionlist
1870: of truncate sandboxing.
1871: ACTION is a constant representing the sandboxing action.
1872: GLOB is a string representing the glob pattern."
1873: (let ((action (cond
1874: ((eq action :action-allow) "allow")
1875: ((eq action :action-warn) "warn")
1876: ((eq action :action-filter) "filter")
1877: ((eq action :action-deny) "deny")
1878: ((eq action :action-panic) "panic")
1879: ((eq action :action-stop) "stop")
1880: ((eq action :action-abort) "abort")
1881: ((eq action :action-kill) "kill")
1882: ((eq action :action-exit) "exit"))))
1883: ; Only proceed if action is not nil
1884: (when action
1885: ; truncate the command string
1886: (let ((cmd (format "%s/truncate" action)))
1887: ; Call syd--stat with the command
1888: (syd--stat (syd--rule cmd glob ?-))))))
1889:
1890: (defun syd-truncate-rem (action glob)
1891: "Removes all matching entries from the given actionlist of truncate sandboxing.
1892: ACTION is a constant representing the sandboxing action.
1893: GLOB is a string representing the glob pattern."
1894: (let ((action (cond
1895: ((eq action :action-allow) "allow")
1896: ((eq action :action-warn) "warn")
1897: ((eq action :action-filter) "filter")
1898: ((eq action :action-deny) "deny")
1899: ((eq action :action-panic) "panic")
1900: ((eq action :action-stop) "stop")
1901: ((eq action :action-abort) "abort")
1902: ((eq action :action-kill) "kill")
1903: ((eq action :action-exit) "exit"))))
1904: ; Only proceed if action is not nil
1905: (when action
1906: ; truncate the command string
1907: (let ((cmd (format "%s/truncate" action)))
1908: ; Call syd--stat with the command
1909: (syd--stat (syd--rule cmd glob ?^))))))
1910:
1911: (defun syd-chdir-add (action glob)
1912: "Adds to the given actionlist of chdir sandboxing.
1913: ACTION is a constant representing the sandboxing action.
1914: GLOB is a string representing the glob pattern."
1915: (let ((action (cond
1916: ((eq action :action-allow) "allow")
1917: ((eq action :action-warn) "warn")
1918: ((eq action :action-filter) "filter")
1919: ((eq action :action-deny) "deny")
1920: ((eq action :action-panic) "panic")
1921: ((eq action :action-stop) "stop")
1922: ((eq action :action-abort) "abort")
1923: ((eq action :action-kill) "kill")
1924: ((eq action :action-exit) "exit"))))
1925: ; Only proceed if action is not nil
1926: (when action
1927: ; chdir the command string
1928: (let ((cmd (format "%s/chdir" action)))
1929: ; Call syd--stat with the command
1930: (syd--stat (syd--rule cmd glob ?+))))))
1931:
1932: (defun syd-chdir-del (action glob)
1933: "Removes the first matching entry from the end of the given actionlist
1934: of chdir sandboxing.
1935: ACTION is a constant representing the sandboxing action.
1936: GLOB is a string representing the glob pattern."
1937: (let ((action (cond
1938: ((eq action :action-allow) "allow")
1939: ((eq action :action-warn) "warn")
1940: ((eq action :action-filter) "filter")
1941: ((eq action :action-deny) "deny")
1942: ((eq action :action-panic) "panic")
1943: ((eq action :action-stop) "stop")
1944: ((eq action :action-abort) "abort")
1945: ((eq action :action-kill) "kill")
1946: ((eq action :action-exit) "exit"))))
1947: ; Only proceed if action is not nil
1948: (when action
1949: ; chdir the command string
1950: (let ((cmd (format "%s/chdir" action)))
1951: ; Call syd--stat with the command
1952: (syd--stat (syd--rule cmd glob ?-))))))
1953:
1954: (defun syd-chdir-rem (action glob)
1955: "Removes all matching entries from the given actionlist of chdir sandboxing.
1956: ACTION is a constant representing the sandboxing action.
1957: GLOB is a string representing the glob pattern."
1958: (let ((action (cond
1959: ((eq action :action-allow) "allow")
1960: ((eq action :action-warn) "warn")
1961: ((eq action :action-filter) "filter")
1962: ((eq action :action-deny) "deny")
1963: ((eq action :action-panic) "panic")
1964: ((eq action :action-stop) "stop")
1965: ((eq action :action-abort) "abort")
1966: ((eq action :action-kill) "kill")
1967: ((eq action :action-exit) "exit"))))
1968: ; Only proceed if action is not nil
1969: (when action
1970: ; chdir the command string
1971: (let ((cmd (format "%s/chdir" action)))
1972: ; Call syd--stat with the command
1973: (syd--stat (syd--rule cmd glob ?^))))))
1974:
1975: (defun syd-readdir-add (action glob)
1976: "Adds to the given actionlist of readdir sandboxing.
1977: ACTION is a constant representing the sandboxing action.
1978: GLOB is a string representing the glob pattern."
1979: (let ((action (cond
1980: ((eq action :action-allow) "allow")
1981: ((eq action :action-warn) "warn")
1982: ((eq action :action-filter) "filter")
1983: ((eq action :action-deny) "deny")
1984: ((eq action :action-panic) "panic")
1985: ((eq action :action-stop) "stop")
1986: ((eq action :action-abort) "abort")
1987: ((eq action :action-kill) "kill")
1988: ((eq action :action-exit) "exit"))))
1989: ; Only proceed if action is not nil
1990: (when action
1991: ; readdir the command string
1992: (let ((cmd (format "%s/readdir" action)))
1993: ; Call syd--stat with the command
1994: (syd--stat (syd--rule cmd glob ?+))))))
1995:
1996: (defun syd-readdir-del (action glob)
1997: "Removes the first matching entry from the end of the given actionlist
1998: of readdir sandboxing.
1999: ACTION is a constant representing the sandboxing action.
2000: GLOB is a string representing the glob pattern."
2001: (let ((action (cond
2002: ((eq action :action-allow) "allow")
2003: ((eq action :action-warn) "warn")
2004: ((eq action :action-filter) "filter")
2005: ((eq action :action-deny) "deny")
2006: ((eq action :action-panic) "panic")
2007: ((eq action :action-stop) "stop")
2008: ((eq action :action-abort) "abort")
2009: ((eq action :action-kill) "kill")
2010: ((eq action :action-exit) "exit"))))
2011: ; Only proceed if action is not nil
2012: (when action
2013: ; readdir the command string
2014: (let ((cmd (format "%s/readdir" action)))
2015: ; Call syd--stat with the command
2016: (syd--stat (syd--rule cmd glob ?-))))))
2017:
2018: (defun syd-readdir-rem (action glob)
2019: "Removes all matching entries from the given actionlist of readdir sandboxing.
2020: ACTION is a constant representing the sandboxing action.
2021: GLOB is a string representing the glob pattern."
2022: (let ((action (cond
2023: ((eq action :action-allow) "allow")
2024: ((eq action :action-warn) "warn")
2025: ((eq action :action-filter) "filter")
2026: ((eq action :action-deny) "deny")
2027: ((eq action :action-panic) "panic")
2028: ((eq action :action-stop) "stop")
2029: ((eq action :action-abort) "abort")
2030: ((eq action :action-kill) "kill")
2031: ((eq action :action-exit) "exit"))))
2032: ; Only proceed if action is not nil
2033: (when action
2034: ; readdir the command string
2035: (let ((cmd (format "%s/readdir" action)))
2036: ; Call syd--stat with the command
2037: (syd--stat (syd--rule cmd glob ?^))))))
2038:
2039: (defun syd-readdir-add (action glob)
2040: "Adds to the given actionlist of readdir sandboxing.
2041: ACTION is a constant representing the sandboxing action.
2042: GLOB is a string representing the glob pattern."
2043: (let ((action (cond
2044: ((eq action :action-allow) "allow")
2045: ((eq action :action-warn) "warn")
2046: ((eq action :action-filter) "filter")
2047: ((eq action :action-deny) "deny")
2048: ((eq action :action-panic) "panic")
2049: ((eq action :action-stop) "stop")
2050: ((eq action :action-abort) "abort")
2051: ((eq action :action-kill) "kill")
2052: ((eq action :action-exit) "exit"))))
2053: ; Only proceed if action is not nil
2054: (when action
2055: ; readdir the command string
2056: (let ((cmd (format "%s/readdir" action)))
2057: ; Call syd--stat with the command
2058: (syd--stat (syd--rule cmd glob ?+))))))
2059:
2060: (defun syd-readdir-del (action glob)
2061: "Removes the first matching entry from the end of the given actionlist
2062: of readdir sandboxing.
2063: ACTION is a constant representing the sandboxing action.
2064: GLOB is a string representing the glob pattern."
2065: (let ((action (cond
2066: ((eq action :action-allow) "allow")
2067: ((eq action :action-warn) "warn")
2068: ((eq action :action-filter) "filter")
2069: ((eq action :action-deny) "deny")
2070: ((eq action :action-panic) "panic")
2071: ((eq action :action-stop) "stop")
2072: ((eq action :action-abort) "abort")
2073: ((eq action :action-kill) "kill")
2074: ((eq action :action-exit) "exit"))))
2075: ; Only proceed if action is not nil
2076: (when action
2077: ; readdir the command string
2078: (let ((cmd (format "%s/readdir" action)))
2079: ; Call syd--stat with the command
2080: (syd--stat (syd--rule cmd glob ?-))))))
2081:
2082: (defun syd-readdir-rem (action glob)
2083: "Removes all matching entries from the given actionlist of readdir sandboxing.
2084: ACTION is a constant representing the sandboxing action.
2085: GLOB is a string representing the glob pattern."
2086: (let ((action (cond
2087: ((eq action :action-allow) "allow")
2088: ((eq action :action-warn) "warn")
2089: ((eq action :action-filter) "filter")
2090: ((eq action :action-deny) "deny")
2091: ((eq action :action-panic) "panic")
2092: ((eq action :action-stop) "stop")
2093: ((eq action :action-abort) "abort")
2094: ((eq action :action-kill) "kill")
2095: ((eq action :action-exit) "exit"))))
2096: ; Only proceed if action is not nil
2097: (when action
2098: ; readdir the command string
2099: (let ((cmd (format "%s/readdir" action)))
2100: ; Call syd--stat with the command
2101: (syd--stat (syd--rule cmd glob ?^))))))
2102:
2103: (defun syd-mkdir-add (action glob)
2104: "Adds to the given actionlist of mkdir sandboxing.
2105: ACTION is a constant representing the sandboxing action.
2106: GLOB is a string representing the glob pattern."
2107: (let ((action (cond
2108: ((eq action :action-allow) "allow")
2109: ((eq action :action-warn) "warn")
2110: ((eq action :action-filter) "filter")
2111: ((eq action :action-deny) "deny")
2112: ((eq action :action-panic) "panic")
2113: ((eq action :action-stop) "stop")
2114: ((eq action :action-abort) "abort")
2115: ((eq action :action-kill) "kill")
2116: ((eq action :action-exit) "exit"))))
2117: ; Only proceed if action is not nil
2118: (when action
2119: ; mkdir the command string
2120: (let ((cmd (format "%s/mkdir" action)))
2121: ; Call syd--stat with the command
2122: (syd--stat (syd--rule cmd glob ?+))))))
2123:
2124: (defun syd-mkdir-del (action glob)
2125: "Removes the first matching entry from the end of the given actionlist
2126: of mkdir sandboxing.
2127: ACTION is a constant representing the sandboxing action.
2128: GLOB is a string representing the glob pattern."
2129: (let ((action (cond
2130: ((eq action :action-allow) "allow")
2131: ((eq action :action-warn) "warn")
2132: ((eq action :action-filter) "filter")
2133: ((eq action :action-deny) "deny")
2134: ((eq action :action-panic) "panic")
2135: ((eq action :action-stop) "stop")
2136: ((eq action :action-abort) "abort")
2137: ((eq action :action-kill) "kill")
2138: ((eq action :action-exit) "exit"))))
2139: ; Only proceed if action is not nil
2140: (when action
2141: ; mkdir the command string
2142: (let ((cmd (format "%s/mkdir" action)))
2143: ; Call syd--stat with the command
2144: (syd--stat (syd--rule cmd glob ?-))))))
2145:
2146: (defun syd-mkdir-rem (action glob)
2147: "Removes all matching entries from the given actionlist of mkdir sandboxing.
2148: ACTION is a constant representing the sandboxing action.
2149: GLOB is a string representing the glob pattern."
2150: (let ((action (cond
2151: ((eq action :action-allow) "allow")
2152: ((eq action :action-warn) "warn")
2153: ((eq action :action-filter) "filter")
2154: ((eq action :action-deny) "deny")
2155: ((eq action :action-panic) "panic")
2156: ((eq action :action-stop) "stop")
2157: ((eq action :action-abort) "abort")
2158: ((eq action :action-kill) "kill")
2159: ((eq action :action-exit) "exit"))))
2160: ; Only proceed if action is not nil
2161: (when action
2162: ; mkdir the command string
2163: (let ((cmd (format "%s/mkdir" action)))
2164: ; Call syd--stat with the command
2165: (syd--stat (syd--rule cmd glob ?^))))))
2166:
2167: (defun syd-rmdir-add (action glob)
2168: "Adds to the given actionlist of rmdir sandboxing.
2169: ACTION is a constant representing the sandboxing action.
2170: GLOB is a string representing the glob pattern."
2171: (let ((action (cond
2172: ((eq action :action-allow) "allow")
2173: ((eq action :action-warn) "warn")
2174: ((eq action :action-filter) "filter")
2175: ((eq action :action-deny) "deny")
2176: ((eq action :action-panic) "panic")
2177: ((eq action :action-stop) "stop")
2178: ((eq action :action-abort) "abort")
2179: ((eq action :action-kill) "kill")
2180: ((eq action :action-exit) "exit"))))
2181: ; Only proceed if action is not nil
2182: (when action
2183: ; rmdir the command string
2184: (let ((cmd (format "%s/rmdir" action)))
2185: ; Call syd--stat with the command
2186: (syd--stat (syd--rule cmd glob ?+))))))
2187:
2188: (defun syd-rmdir-del (action glob)
2189: "Removes the first matching entry from the end of the given actionlist
2190: of rmdir sandboxing.
2191: ACTION is a constant representing the sandboxing action.
2192: GLOB is a string representing the glob pattern."
2193: (let ((action (cond
2194: ((eq action :action-allow) "allow")
2195: ((eq action :action-warn) "warn")
2196: ((eq action :action-filter) "filter")
2197: ((eq action :action-deny) "deny")
2198: ((eq action :action-panic) "panic")
2199: ((eq action :action-stop) "stop")
2200: ((eq action :action-abort) "abort")
2201: ((eq action :action-kill) "kill")
2202: ((eq action :action-exit) "exit"))))
2203: ; Only proceed if action is not nil
2204: (when action
2205: ; rmdir the command string
2206: (let ((cmd (format "%s/rmdir" action)))
2207: ; Call syd--stat with the command
2208: (syd--stat (syd--rule cmd glob ?-))))))
2209:
2210: (defun syd-rmdir-rem (action glob)
2211: "Removes all matching entries from the given actionlist of rmdir sandboxing.
2212: ACTION is a constant representing the sandboxing action.
2213: GLOB is a string representing the glob pattern."
2214: (let ((action (cond
2215: ((eq action :action-allow) "allow")
2216: ((eq action :action-warn) "warn")
2217: ((eq action :action-filter) "filter")
2218: ((eq action :action-deny) "deny")
2219: ((eq action :action-panic) "panic")
2220: ((eq action :action-stop) "stop")
2221: ((eq action :action-abort) "abort")
2222: ((eq action :action-kill) "kill")
2223: ((eq action :action-exit) "exit"))))
2224: ; Only proceed if action is not nil
2225: (when action
2226: ; rmdir the command string
2227: (let ((cmd (format "%s/rmdir" action)))
2228: ; Call syd--stat with the command
2229: (syd--stat (syd--rule cmd glob ?^))))))
2230:
2231: (defun syd-chown-add (action glob)
2232: "Adds to the given actionlist of chown sandboxing.
2233: ACTION is a constant representing the sandboxing action.
2234: GLOB is a string representing the glob pattern."
2235: (let ((action (cond
2236: ((eq action :action-allow) "allow")
2237: ((eq action :action-warn) "warn")
2238: ((eq action :action-filter) "filter")
2239: ((eq action :action-deny) "deny")
2240: ((eq action :action-panic) "panic")
2241: ((eq action :action-stop) "stop")
2242: ((eq action :action-abort) "abort")
2243: ((eq action :action-kill) "kill")
2244: ((eq action :action-exit) "exit"))))
2245: ; Only proceed if action is not nil
2246: (when action
2247: ; Create the command string
2248: (let ((cmd (format "%s/chown" action)))
2249: ; Call syd--stat with the command
2250: (syd--stat (syd--rule cmd glob ?+))))))
2251:
2252: (defun syd-chown-del (action glob)
2253: "Removes the first matching entry from the end of the given actionlist
2254: of chown sandboxing.
2255: ACTION is a constant representing the sandboxing action.
2256: GLOB is a string representing the glob pattern."
2257: (let ((action (cond
2258: ((eq action :action-allow) "allow")
2259: ((eq action :action-warn) "warn")
2260: ((eq action :action-filter) "filter")
2261: ((eq action :action-deny) "deny")
2262: ((eq action :action-panic) "panic")
2263: ((eq action :action-stop) "stop")
2264: ((eq action :action-abort) "abort")
2265: ((eq action :action-kill) "kill")
2266: ((eq action :action-exit) "exit"))))
2267: ; Only proceed if action is not nil
2268: (when action
2269: ; Create the command string
2270: (let ((cmd (format "%s/chown" action)))
2271: ; Call syd--stat with the command
2272: (syd--stat (syd--rule cmd glob ?-))))))
2273:
2274: (defun syd-chown-rem (action glob)
2275: "Removes all matching entries from the given actionlist of chown sandboxing.
2276: ACTION is a constant representing the sandboxing action.
2277: GLOB is a string representing the glob pattern."
2278: (let ((action (cond
2279: ((eq action :action-allow) "allow")
2280: ((eq action :action-warn) "warn")
2281: ((eq action :action-filter) "filter")
2282: ((eq action :action-deny) "deny")
2283: ((eq action :action-panic) "panic")
2284: ((eq action :action-stop) "stop")
2285: ((eq action :action-abort) "abort")
2286: ((eq action :action-kill) "kill")
2287: ((eq action :action-exit) "exit"))))
2288: ; Only proceed if action is not nil
2289: (when action
2290: ; Create the command string
2291: (let ((cmd (format "%s/chown" action)))
2292: ; Call syd--stat with the command
2293: (syd--stat (syd--rule cmd glob ?^))))))
2294:
2295: (defun syd-chgrp-add (action glob)
2296: "Adds to the given actionlist of chgrp sandboxing.
2297: ACTION is a constant representing the sandboxing action.
2298: GLOB is a string representing the glob pattern."
2299: (let ((action (cond
2300: ((eq action :action-allow) "allow")
2301: ((eq action :action-warn) "warn")
2302: ((eq action :action-filter) "filter")
2303: ((eq action :action-deny) "deny")
2304: ((eq action :action-panic) "panic")
2305: ((eq action :action-stop) "stop")
2306: ((eq action :action-abort) "abort")
2307: ((eq action :action-kill) "kill")
2308: ((eq action :action-exit) "exit"))))
2309: ; Only proceed if action is not nil
2310: (when action
2311: ; Create the command string
2312: (let ((cmd (format "%s/chgrp" action)))
2313: ; Call syd--stat with the command
2314: (syd--stat (syd--rule cmd glob ?+))))))
2315:
2316: (defun syd-chgrp-del (action glob)
2317: "Removes the first matching entry from the end of the given actionlist
2318: of chgrp sandboxing.
2319: ACTION is a constant representing the sandboxing action.
2320: GLOB is a string representing the glob pattern."
2321: (let ((action (cond
2322: ((eq action :action-allow) "allow")
2323: ((eq action :action-warn) "warn")
2324: ((eq action :action-filter) "filter")
2325: ((eq action :action-deny) "deny")
2326: ((eq action :action-panic) "panic")
2327: ((eq action :action-stop) "stop")
2328: ((eq action :action-abort) "abort")
2329: ((eq action :action-kill) "kill")
2330: ((eq action :action-exit) "exit"))))
2331: ; Only proceed if action is not nil
2332: (when action
2333: ; Create the command string
2334: (let ((cmd (format "%s/chgrp" action)))
2335: ; Call syd--stat with the command
2336: (syd--stat (syd--rule cmd glob ?-))))))
2337:
2338: (defun syd-chgrp-rem (action glob)
2339: "Removes all matching entries from the given actionlist of chgrp sandboxing.
2340: ACTION is a constant representing the sandboxing action.
2341: GLOB is a string representing the glob pattern."
2342: (let ((action (cond
2343: ((eq action :action-allow) "allow")
2344: ((eq action :action-warn) "warn")
2345: ((eq action :action-filter) "filter")
2346: ((eq action :action-deny) "deny")
2347: ((eq action :action-panic) "panic")
2348: ((eq action :action-stop) "stop")
2349: ((eq action :action-abort) "abort")
2350: ((eq action :action-kill) "kill")
2351: ((eq action :action-exit) "exit"))))
2352: ; Only proceed if action is not nil
2353: (when action
2354: ; Create the command string
2355: (let ((cmd (format "%s/chgrp" action)))
2356: ; Call syd--stat with the command
2357: (syd--stat (syd--rule cmd glob ?^))))))
2358:
2359: (defun syd-chmod-add (action glob)
2360: "Adds to the given actionlist of chmod sandboxing.
2361: ACTION is a constant representing the sandboxing action.
2362: GLOB is a string representing the glob pattern."
2363: (let ((action (cond
2364: ((eq action :action-allow) "allow")
2365: ((eq action :action-warn) "warn")
2366: ((eq action :action-filter) "filter")
2367: ((eq action :action-deny) "deny")
2368: ((eq action :action-panic) "panic")
2369: ((eq action :action-stop) "stop")
2370: ((eq action :action-abort) "abort")
2371: ((eq action :action-kill) "kill")
2372: ((eq action :action-exit) "exit"))))
2373: ; Only proceed if action is not nil
2374: (when action
2375: ; Create the command string
2376: (let ((cmd (format "%s/chmod" action)))
2377: ; Call syd--stat with the command
2378: (syd--stat (syd--rule cmd glob ?+))))))
2379:
2380: (defun syd-chmod-del (action glob)
2381: "Removes the first matching entry from the end of the given actionlist
2382: of chmod sandboxing.
2383: ACTION is a constant representing the sandboxing action.
2384: GLOB is a string representing the glob pattern."
2385: (let ((action (cond
2386: ((eq action :action-allow) "allow")
2387: ((eq action :action-warn) "warn")
2388: ((eq action :action-filter) "filter")
2389: ((eq action :action-deny) "deny")
2390: ((eq action :action-panic) "panic")
2391: ((eq action :action-stop) "stop")
2392: ((eq action :action-abort) "abort")
2393: ((eq action :action-kill) "kill")
2394: ((eq action :action-exit) "exit"))))
2395: ; Only proceed if action is not nil
2396: (when action
2397: ; Create the command string
2398: (let ((cmd (format "%s/chmod" action)))
2399: ; Call syd--stat with the command
2400: (syd--stat (syd--rule cmd glob ?-))))))
2401:
2402: (defun syd-chmod-rem (action glob)
2403: "Removes all matching entries from the given actionlist of chmod sandboxing.
2404: ACTION is a constant representing the sandboxing action.
2405: GLOB is a string representing the glob pattern."
2406: (let ((action (cond
2407: ((eq action :action-allow) "allow")
2408: ((eq action :action-warn) "warn")
2409: ((eq action :action-filter) "filter")
2410: ((eq action :action-deny) "deny")
2411: ((eq action :action-panic) "panic")
2412: ((eq action :action-stop) "stop")
2413: ((eq action :action-abort) "abort")
2414: ((eq action :action-kill) "kill")
2415: ((eq action :action-exit) "exit"))))
2416: ; Only proceed if action is not nil
2417: (when action
2418: ; Create the command string
2419: (let ((cmd (format "%s/chmod" action)))
2420: ; Call syd--stat with the command
2421: (syd--stat (syd--rule cmd glob ?^))))))
2422:
2423: (defun syd-chattr-add (action glob)
2424: "Adds to the given actionlist of chattr sandboxing.
2425: ACTION is a constant representing the sandboxing action.
2426: GLOB is a string representing the glob pattern."
2427: (let ((action (cond
2428: ((eq action :action-allow) "allow")
2429: ((eq action :action-warn) "warn")
2430: ((eq action :action-filter) "filter")
2431: ((eq action :action-deny) "deny")
2432: ((eq action :action-panic) "panic")
2433: ((eq action :action-stop) "stop")
2434: ((eq action :action-abort) "abort")
2435: ((eq action :action-kill) "kill")
2436: ((eq action :action-exit) "exit"))))
2437: ; Only proceed if action is not nil
2438: (when action
2439: ; Create the command string
2440: (let ((cmd (format "%s/chattr" action)))
2441: ; Call syd--stat with the command
2442: (syd--stat (syd--rule cmd glob ?+))))))
2443:
2444: (defun syd-chattr-del (action glob)
2445: "Removes the first matching entry from the end of the given actionlist
2446: of chattr sandboxing.
2447: ACTION is a constant representing the sandboxing action.
2448: GLOB is a string representing the glob pattern."
2449: (let ((action (cond
2450: ((eq action :action-allow) "allow")
2451: ((eq action :action-warn) "warn")
2452: ((eq action :action-filter) "filter")
2453: ((eq action :action-deny) "deny")
2454: ((eq action :action-panic) "panic")
2455: ((eq action :action-stop) "stop")
2456: ((eq action :action-abort) "abort")
2457: ((eq action :action-kill) "kill")
2458: ((eq action :action-exit) "exit"))))
2459: ; Only proceed if action is not nil
2460: (when action
2461: ; Create the command string
2462: (let ((cmd (format "%s/chattr" action)))
2463: ; Call syd--stat with the command
2464: (syd--stat (syd--rule cmd glob ?-))))))
2465:
2466: (defun syd-chattr-rem (action glob)
2467: "Removes all matching entries from the given actionlist of chattr sandboxing.
2468: ACTION is a constant representing the sandboxing action.
2469: GLOB is a string representing the glob pattern."
2470: (let ((action (cond
2471: ((eq action :action-allow) "allow")
2472: ((eq action :action-warn) "warn")
2473: ((eq action :action-filter) "filter")
2474: ((eq action :action-deny) "deny")
2475: ((eq action :action-panic) "panic")
2476: ((eq action :action-stop) "stop")
2477: ((eq action :action-abort) "abort")
2478: ((eq action :action-kill) "kill")
2479: ((eq action :action-exit) "exit"))))
2480: ; Only proceed if action is not nil
2481: (when action
2482: ; Create the command string
2483: (let ((cmd (format "%s/chattr" action)))
2484: ; Call syd--stat with the command
2485: (syd--stat (syd--rule cmd glob ?^))))))
2486:
2487: (defun syd-chroot-add (action glob)
2488: "Adds to the given actionlist of chroot sandboxing.
2489: ACTION is a constant representing the sandboxing action.
2490: GLOB is a string representing the glob pattern."
2491: (let ((action (cond
2492: ((eq action :action-allow) "allow")
2493: ((eq action :action-warn) "warn")
2494: ((eq action :action-filter) "filter")
2495: ((eq action :action-deny) "deny")
2496: ((eq action :action-panic) "panic")
2497: ((eq action :action-stop) "stop")
2498: ((eq action :action-abort) "abort")
2499: ((eq action :action-kill) "kill")
2500: ((eq action :action-exit) "exit"))))
2501: ; Only proceed if action is not nil
2502: (when action
2503: ; Create the command string
2504: (let ((cmd (format "%s/chroot" action)))
2505: ; Call syd--stat with the command
2506: (syd--stat (syd--rule cmd glob ?+))))))
2507:
2508: (defun syd-chroot-del (action glob)
2509: "Removes the first matching entry from the end of the given actionlist
2510: of chroot sandboxing.
2511: ACTION is a constant representing the sandboxing action.
2512: GLOB is a string representing the glob pattern."
2513: (let ((action (cond
2514: ((eq action :action-allow) "allow")
2515: ((eq action :action-warn) "warn")
2516: ((eq action :action-filter) "filter")
2517: ((eq action :action-deny) "deny")
2518: ((eq action :action-panic) "panic")
2519: ((eq action :action-stop) "stop")
2520: ((eq action :action-abort) "abort")
2521: ((eq action :action-kill) "kill")
2522: ((eq action :action-exit) "exit"))))
2523: ; Only proceed if action is not nil
2524: (when action
2525: ; Create the command string
2526: (let ((cmd (format "%s/chroot" action)))
2527: ; Call syd--stat with the command
2528: (syd--stat (syd--rule cmd glob ?-))))))
2529:
2530: (defun syd-chroot-rem (action glob)
2531: "Removes all matching entries from the given actionlist of chroot sandboxing.
2532: ACTION is a constant representing the sandboxing action.
2533: GLOB is a string representing the glob pattern."
2534: (let ((action (cond
2535: ((eq action :action-allow) "allow")
2536: ((eq action :action-warn) "warn")
2537: ((eq action :action-filter) "filter")
2538: ((eq action :action-deny) "deny")
2539: ((eq action :action-panic) "panic")
2540: ((eq action :action-stop) "stop")
2541: ((eq action :action-abort) "abort")
2542: ((eq action :action-kill) "kill")
2543: ((eq action :action-exit) "exit"))))
2544: ; Only proceed if action is not nil
2545: (when action
2546: ; Create the command string
2547: (let ((cmd (format "%s/chroot" action)))
2548: ; Call syd--stat with the command
2549: (syd--stat (syd--rule cmd glob ?^))))))
2550:
2551: (defun syd-notify-add (action glob)
2552: "Adds to the given actionlist of notify sandboxing.
2553: ACTION is a constant representing the sandboxing action.
2554: GLOB is a string representing the glob pattern."
2555: (let ((action (cond
2556: ((eq action :action-allow) "allow")
2557: ((eq action :action-warn) "warn")
2558: ((eq action :action-filter) "filter")
2559: ((eq action :action-deny) "deny")
2560: ((eq action :action-panic) "panic")
2561: ((eq action :action-stop) "stop")
2562: ((eq action :action-abort) "abort")
2563: ((eq action :action-kill) "kill")
2564: ((eq action :action-exit) "exit"))))
2565: ; Only proceed if action is not nil
2566: (when action
2567: ; Create the command string
2568: (let ((cmd (format "%s/notify" action)))
2569: ; Call syd--stat with the command
2570: (syd--stat (syd--rule cmd glob ?+))))))
2571:
2572: (defun syd-notify-del (action glob)
2573: "Removes the first matching entry from the end of the given actionlist
2574: of notify sandboxing.
2575: ACTION is a constant representing the sandboxing action.
2576: GLOB is a string representing the glob pattern."
2577: (let ((action (cond
2578: ((eq action :action-allow) "allow")
2579: ((eq action :action-warn) "warn")
2580: ((eq action :action-filter) "filter")
2581: ((eq action :action-deny) "deny")
2582: ((eq action :action-panic) "panic")
2583: ((eq action :action-stop) "stop")
2584: ((eq action :action-abort) "abort")
2585: ((eq action :action-kill) "kill")
2586: ((eq action :action-exit) "exit"))))
2587: ; Only proceed if action is not nil
2588: (when action
2589: ; Create the command string
2590: (let ((cmd (format "%s/notify" action)))
2591: ; Call syd--stat with the command
2592: (syd--stat (syd--rule cmd glob ?-))))))
2593:
2594: (defun syd-notify-rem (action glob)
2595: "Removes all matching entries from the given actionlist of notify sandboxing.
2596: ACTION is a constant representing the sandboxing action.
2597: GLOB is a string representing the glob pattern."
2598: (let ((action (cond
2599: ((eq action :action-allow) "allow")
2600: ((eq action :action-warn) "warn")
2601: ((eq action :action-filter) "filter")
2602: ((eq action :action-deny) "deny")
2603: ((eq action :action-panic) "panic")
2604: ((eq action :action-stop) "stop")
2605: ((eq action :action-abort) "abort")
2606: ((eq action :action-kill) "kill")
2607: ((eq action :action-exit) "exit"))))
2608: ; Only proceed if action is not nil
2609: (when action
2610: ; Create the command string
2611: (let ((cmd (format "%s/notify" action)))
2612: ; Call syd--stat with the command
2613: (syd--stat (syd--rule cmd glob ?^))))))
2614:
2615: (defun syd-utime-add (action glob)
2616: "Adds to the given actionlist of utime sandboxing.
2617: ACTION is a constant representing the sandboxing action.
2618: GLOB is a string representing the glob pattern."
2619: (let ((action (cond
2620: ((eq action :action-allow) "allow")
2621: ((eq action :action-warn) "warn")
2622: ((eq action :action-filter) "filter")
2623: ((eq action :action-deny) "deny")
2624: ((eq action :action-panic) "panic")
2625: ((eq action :action-stop) "stop")
2626: ((eq action :action-abort) "abort")
2627: ((eq action :action-kill) "kill")
2628: ((eq action :action-exit) "exit"))))
2629: ; Only proceed if action is not nil
2630: (when action
2631: ; Create the command string
2632: (let ((cmd (format "%s/utime" action)))
2633: ; Call syd--stat with the command
2634: (syd--stat (syd--rule cmd glob ?+))))))
2635:
2636: (defun syd-utime-del (action glob)
2637: "Removes the first matching entry from the end of the given actionlist
2638: of utime sandboxing.
2639: ACTION is a constant representing the sandboxing action.
2640: GLOB is a string representing the glob pattern."
2641: (let ((action (cond
2642: ((eq action :action-allow) "allow")
2643: ((eq action :action-warn) "warn")
2644: ((eq action :action-filter) "filter")
2645: ((eq action :action-deny) "deny")
2646: ((eq action :action-panic) "panic")
2647: ((eq action :action-stop) "stop")
2648: ((eq action :action-abort) "abort")
2649: ((eq action :action-kill) "kill")
2650: ((eq action :action-exit) "exit"))))
2651: ; Only proceed if action is not nil
2652: (when action
2653: ; Create the command string
2654: (let ((cmd (format "%s/utime" action)))
2655: ; Call syd--stat with the command
2656: (syd--stat (syd--rule cmd glob ?-))))))
2657:
2658: (defun syd-utime-rem (action glob)
2659: "Removes all matching entries from the given actionlist of utime sandboxing.
2660: ACTION is a constant representing the sandboxing action.
2661: GLOB is a string representing the glob pattern."
2662: (let ((action (cond
2663: ((eq action :action-allow) "allow")
2664: ((eq action :action-warn) "warn")
2665: ((eq action :action-filter) "filter")
2666: ((eq action :action-deny) "deny")
2667: ((eq action :action-panic) "panic")
2668: ((eq action :action-stop) "stop")
2669: ((eq action :action-abort) "abort")
2670: ((eq action :action-kill) "kill")
2671: ((eq action :action-exit) "exit"))))
2672: ; Only proceed if action is not nil
2673: (when action
2674: ; Create the command string
2675: (let ((cmd (format "%s/utime" action)))
2676: ; Call syd--stat with the command
2677: (syd--stat (syd--rule cmd glob ?^))))))
2678:
2679: (defun syd-mkbdev-add (action glob)
2680: "Adds to the given actionlist of mkbdev sandboxing.
2681: ACTION is a constant representing the sandboxing action.
2682: GLOB is a string representing the glob pattern."
2683: (let ((action (cond
2684: ((eq action :action-allow) "allow")
2685: ((eq action :action-warn) "warn")
2686: ((eq action :action-filter) "filter")
2687: ((eq action :action-deny) "deny")
2688: ((eq action :action-panic) "panic")
2689: ((eq action :action-stop) "stop")
2690: ((eq action :action-abort) "abort")
2691: ((eq action :action-kill) "kill")
2692: ((eq action :action-exit) "exit"))))
2693: ; Only proceed if action is not nil
2694: (when action
2695: ; Create the command string
2696: (let ((cmd (format "%s/mkbdev" action)))
2697: ; Call syd--stat with the command
2698: (syd--stat (syd--rule cmd glob ?+))))))
2699:
2700: (defun syd-mkbdev-del (action glob)
2701: "Removes the first matching entry from the end of the given actionlist
2702: of mkbdev sandboxing.
2703: ACTION is a constant representing the sandboxing action.
2704: GLOB is a string representing the glob pattern."
2705: (let ((action (cond
2706: ((eq action :action-allow) "allow")
2707: ((eq action :action-warn) "warn")
2708: ((eq action :action-filter) "filter")
2709: ((eq action :action-deny) "deny")
2710: ((eq action :action-panic) "panic")
2711: ((eq action :action-stop) "stop")
2712: ((eq action :action-abort) "abort")
2713: ((eq action :action-kill) "kill")
2714: ((eq action :action-exit) "exit"))))
2715: ; Only proceed if action is not nil
2716: (when action
2717: ; Create the command string
2718: (let ((cmd (format "%s/mkbdev" action)))
2719: ; Call syd--stat with the command
2720: (syd--stat (syd--rule cmd glob ?-))))))
2721:
2722: (defun syd-mkbdev-rem (action glob)
2723: "Removes all matching entries from the given actionlist of mkbdev sandboxing.
2724: ACTION is a constant representing the sandboxing action.
2725: GLOB is a string representing the glob pattern."
2726: (let ((action (cond
2727: ((eq action :action-allow) "allow")
2728: ((eq action :action-warn) "warn")
2729: ((eq action :action-filter) "filter")
2730: ((eq action :action-deny) "deny")
2731: ((eq action :action-panic) "panic")
2732: ((eq action :action-stop) "stop")
2733: ((eq action :action-abort) "abort")
2734: ((eq action :action-kill) "kill")
2735: ((eq action :action-exit) "exit"))))
2736: ; Only proceed if action is not nil
2737: (when action
2738: ; Create the command string
2739: (let ((cmd (format "%s/mkbdev" action)))
2740: ; Call syd--stat with the command
2741: (syd--stat (syd--rule cmd glob ?^))))))
2742:
2743: (defun syd-mkcdev-add (action glob)
2744: "Adds to the given actionlist of mkcdev sandboxing.
2745: ACTION is a constant representing the sandboxing action.
2746: GLOB is a string representing the glob pattern."
2747: (let ((action (cond
2748: ((eq action :action-allow) "allow")
2749: ((eq action :action-warn) "warn")
2750: ((eq action :action-filter) "filter")
2751: ((eq action :action-deny) "deny")
2752: ((eq action :action-panic) "panic")
2753: ((eq action :action-stop) "stop")
2754: ((eq action :action-abort) "abort")
2755: ((eq action :action-kill) "kill")
2756: ((eq action :action-exit) "exit"))))
2757: ; Only proceed if action is not nil
2758: (when action
2759: ; Create the command string
2760: (let ((cmd (format "%s/mkcdev" action)))
2761: ; Call syd--stat with the command
2762: (syd--stat (syd--rule cmd glob ?+))))))
2763:
2764: (defun syd-mkcdev-del (action glob)
2765: "Removes the first matching entry from the end of the given actionlist
2766: of mkcdev sandboxing.
2767: ACTION is a constant representing the sandboxing action.
2768: GLOB is a string representing the glob pattern."
2769: (let ((action (cond
2770: ((eq action :action-allow) "allow")
2771: ((eq action :action-warn) "warn")
2772: ((eq action :action-filter) "filter")
2773: ((eq action :action-deny) "deny")
2774: ((eq action :action-panic) "panic")
2775: ((eq action :action-stop) "stop")
2776: ((eq action :action-abort) "abort")
2777: ((eq action :action-kill) "kill")
2778: ((eq action :action-exit) "exit"))))
2779: ; Only proceed if action is not nil
2780: (when action
2781: ; Create the command string
2782: (let ((cmd (format "%s/mkcdev" action)))
2783: ; Call syd--stat with the command
2784: (syd--stat (syd--rule cmd glob ?-))))))
2785:
2786: (defun syd-mkcdev-rem (action glob)
2787: "Removes all matching entries from the given actionlist of mkcdev sandboxing.
2788: ACTION is a constant representing the sandboxing action.
2789: GLOB is a string representing the glob pattern."
2790: (let ((action (cond
2791: ((eq action :action-allow) "allow")
2792: ((eq action :action-warn) "warn")
2793: ((eq action :action-filter) "filter")
2794: ((eq action :action-deny) "deny")
2795: ((eq action :action-panic) "panic")
2796: ((eq action :action-stop) "stop")
2797: ((eq action :action-abort) "abort")
2798: ((eq action :action-kill) "kill")
2799: ((eq action :action-exit) "exit"))))
2800: ; Only proceed if action is not nil
2801: (when action
2802: ; Create the command string
2803: (let ((cmd (format "%s/mkcdev" action)))
2804: ; Call syd--stat with the command
2805: (syd--stat (syd--rule cmd glob ?^))))))
2806:
2807: (defun syd-mkfifo-add (action glob)
2808: "Adds to the given actionlist of mkfifo sandboxing.
2809: ACTION is a constant representing the sandboxing action.
2810: GLOB is a string representing the glob pattern."
2811: (let ((action (cond
2812: ((eq action :action-allow) "allow")
2813: ((eq action :action-warn) "warn")
2814: ((eq action :action-filter) "filter")
2815: ((eq action :action-deny) "deny")
2816: ((eq action :action-panic) "panic")
2817: ((eq action :action-stop) "stop")
2818: ((eq action :action-abort) "abort")
2819: ((eq action :action-kill) "kill")
2820: ((eq action :action-exit) "exit"))))
2821: ; Only proceed if action is not nil
2822: (when action
2823: ; Create the command string
2824: (let ((cmd (format "%s/mkfifo" action)))
2825: ; Call syd--stat with the command
2826: (syd--stat (syd--rule cmd glob ?+))))))
2827:
2828: (defun syd-mkfifo-del (action glob)
2829: "Removes the first matching entry from the end of the given actionlist
2830: of mkfifo sandboxing.
2831: ACTION is a constant representing the sandboxing action.
2832: GLOB is a string representing the glob pattern."
2833: (let ((action (cond
2834: ((eq action :action-allow) "allow")
2835: ((eq action :action-warn) "warn")
2836: ((eq action :action-filter) "filter")
2837: ((eq action :action-deny) "deny")
2838: ((eq action :action-panic) "panic")
2839: ((eq action :action-stop) "stop")
2840: ((eq action :action-abort) "abort")
2841: ((eq action :action-kill) "kill")
2842: ((eq action :action-exit) "exit"))))
2843: ; Only proceed if action is not nil
2844: (when action
2845: ; Create the command string
2846: (let ((cmd (format "%s/mkfifo" action)))
2847: ; Call syd--stat with the command
2848: (syd--stat (syd--rule cmd glob ?-))))))
2849:
2850: (defun syd-mkfifo-rem (action glob)
2851: "Removes all matching entries from the given actionlist of mkfifo sandboxing.
2852: ACTION is a constant representing the sandboxing action.
2853: GLOB is a string representing the glob pattern."
2854: (let ((action (cond
2855: ((eq action :action-allow) "allow")
2856: ((eq action :action-warn) "warn")
2857: ((eq action :action-filter) "filter")
2858: ((eq action :action-deny) "deny")
2859: ((eq action :action-panic) "panic")
2860: ((eq action :action-stop) "stop")
2861: ((eq action :action-abort) "abort")
2862: ((eq action :action-kill) "kill")
2863: ((eq action :action-exit) "exit"))))
2864: ; Only proceed if action is not nil
2865: (when action
2866: ; Create the command string
2867: (let ((cmd (format "%s/mkfifo" action)))
2868: ; Call syd--stat with the command
2869: (syd--stat (syd--rule cmd glob ?^))))))
2870:
2871: (defun syd-mktemp-add (action glob)
2872: "Adds to the given actionlist of mktemp sandboxing.
2873: ACTION is a constant representing the sandboxing action.
2874: GLOB is a string representing the glob pattern."
2875: (let ((action (cond
2876: ((eq action :action-allow) "allow")
2877: ((eq action :action-warn) "warn")
2878: ((eq action :action-filter) "filter")
2879: ((eq action :action-deny) "deny")
2880: ((eq action :action-panic) "panic")
2881: ((eq action :action-stop) "stop")
2882: ((eq action :action-abort) "abort")
2883: ((eq action :action-kill) "kill")
2884: ((eq action :action-exit) "exit"))))
2885: ; Only proceed if action is not nil
2886: (when action
2887: ; Create the command string
2888: (let ((cmd (format "%s/mktemp" action)))
2889: ; Call syd--stat with the command
2890: (syd--stat (syd--rule cmd glob ?+))))))
2891:
2892: (defun syd-mktemp-del (action glob)
2893: "Removes the first matching entry from the end of the given actionlist
2894: of mktemp sandboxing.
2895: ACTION is a constant representing the sandboxing action.
2896: GLOB is a string representing the glob pattern."
2897: (let ((action (cond
2898: ((eq action :action-allow) "allow")
2899: ((eq action :action-warn) "warn")
2900: ((eq action :action-filter) "filter")
2901: ((eq action :action-deny) "deny")
2902: ((eq action :action-panic) "panic")
2903: ((eq action :action-stop) "stop")
2904: ((eq action :action-abort) "abort")
2905: ((eq action :action-kill) "kill")
2906: ((eq action :action-exit) "exit"))))
2907: ; Only proceed if action is not nil
2908: (when action
2909: ; Create the command string
2910: (let ((cmd (format "%s/mktemp" action)))
2911: ; Call syd--stat with the command
2912: (syd--stat (syd--rule cmd glob ?-))))))
2913:
2914: (defun syd-mktemp-rem (action glob)
2915: "Removes all matching entries from the given actionlist of mktemp sandboxing.
2916: ACTION is a constant representing the sandboxing action.
2917: GLOB is a string representing the glob pattern."
2918: (let ((action (cond
2919: ((eq action :action-allow) "allow")
2920: ((eq action :action-warn) "warn")
2921: ((eq action :action-filter) "filter")
2922: ((eq action :action-deny) "deny")
2923: ((eq action :action-panic) "panic")
2924: ((eq action :action-stop) "stop")
2925: ((eq action :action-abort) "abort")
2926: ((eq action :action-kill) "kill")
2927: ((eq action :action-exit) "exit"))))
2928: ; Only proceed if action is not nil
2929: (when action
2930: ; Create the command string
2931: (let ((cmd (format "%s/mktemp" action)))
2932: ; Call syd--stat with the command
2933: (syd--stat (syd--rule cmd glob ?^))))))
2934:
2935: (defun syd-net-bind-add (action addr)
2936: "Adds to the given actionlist of net/bind sandboxing.
2937: ACTION is a constant representing the sandboxing action.
2938: ADDR is a string representing the address pattern."
2939: (let ((action (cond
2940: ((eq action :action-allow) "allow")
2941: ((eq action :action-warn) "warn")
2942: ((eq action :action-filter) "filter")
2943: ((eq action :action-deny) "deny")
2944: ((eq action :action-panic) "panic")
2945: ((eq action :action-stop) "stop")
2946: ((eq action :action-abort) "abort")
2947: ((eq action :action-kill) "kill")
2948: ((eq action :action-exit) "exit"))))
2949: ; Only proceed if action is not nil
2950: (when action
2951: ; Create the command string
2952: (let ((cmd (format "%s/net/bind" action)))
2953: ; Call syd--stat with the command
2954: (syd--stat (syd--rule cmd addr ?+))))))
2955:
2956: (defun syd-net-bind-del (action addr)
2957: "Removes the first matching entry from the end of the given actionlist
2958: of net/bind sandboxing.
2959: ACTION is a constant representing the sandboxing action.
2960: ADDR is a string representing the address pattern."
2961: (let ((action (cond
2962: ((eq action :action-allow) "allow")
2963: ((eq action :action-warn) "warn")
2964: ((eq action :action-filter) "filter")
2965: ((eq action :action-deny) "deny")
2966: ((eq action :action-panic) "panic")
2967: ((eq action :action-stop) "stop")
2968: ((eq action :action-abort) "abort")
2969: ((eq action :action-kill) "kill")
2970: ((eq action :action-exit) "exit"))))
2971: ; Only proceed if action is not nil
2972: (when action
2973: ; Create the command string
2974: (let ((cmd (format "%s/net/bind" action)))
2975: ; Call syd--stat with the command
2976: (syd--stat (syd--rule cmd addr ?-))))))
2977:
2978: (defun syd-net-bind-rem (action addr)
2979: "Removes all matching entries from the given actionlist of net/bind sandboxing.
2980: ACTION is a constant representing the sandboxing action.
2981: ADDR is a string representing the address pattern."
2982: (let ((action (cond
2983: ((eq action :action-allow) "allow")
2984: ((eq action :action-warn) "warn")
2985: ((eq action :action-filter) "filter")
2986: ((eq action :action-deny) "deny")
2987: ((eq action :action-panic) "panic")
2988: ((eq action :action-stop) "stop")
2989: ((eq action :action-abort) "abort")
2990: ((eq action :action-kill) "kill")
2991: ((eq action :action-exit) "exit"))))
2992: ; Only proceed if action is not nil
2993: (when action
2994: ; Create the command string
2995: (let ((cmd (format "%s/net/bind" action)))
2996: ; Call syd--stat with the command
2997: (syd--stat (syd--rule cmd addr ?^))))))
2998:
2999: (defun syd-net-connect-add (action addr)
3000: "Adds to the given actionlist of net/connect sandboxing.
3001: ACTION is a constant representing the sandboxing action.
3002: ADDR is a string representing the address pattern."
3003: (let ((action (cond
3004: ((eq action :action-allow) "allow")
3005: ((eq action :action-warn) "warn")
3006: ((eq action :action-filter) "filter")
3007: ((eq action :action-deny) "deny")
3008: ((eq action :action-panic) "panic")
3009: ((eq action :action-stop) "stop")
3010: ((eq action :action-abort) "abort")
3011: ((eq action :action-kill) "kill")
3012: ((eq action :action-exit) "exit"))))
3013: ; Only proceed if action is not nil
3014: (when action
3015: ; Create the command string
3016: (let ((cmd (format "%s/net/connect" action)))
3017: ; Call syd--stat with the command
3018: (syd--stat (syd--rule cmd addr ?+))))))
3019:
3020: (defun syd-net-connect-del (action addr)
3021: "Removes the first matching entry from the end of the given actionlist
3022: of net/connect sandboxing.
3023: ACTION is a constant representing the sandboxing action.
3024: ADDR is a string representing the address pattern."
3025: (let ((action (cond
3026: ((eq action :action-allow) "allow")
3027: ((eq action :action-warn) "warn")
3028: ((eq action :action-filter) "filter")
3029: ((eq action :action-deny) "deny")
3030: ((eq action :action-panic) "panic")
3031: ((eq action :action-stop) "stop")
3032: ((eq action :action-abort) "abort")
3033: ((eq action :action-kill) "kill")
3034: ((eq action :action-exit) "exit"))))
3035: ; Only proceed if action is not nil
3036: (when action
3037: ; Create the command string
3038: (let ((cmd (format "%s/net/connect" action)))
3039: ; Call syd--stat with the command
3040: (syd--stat (syd--rule cmd addr ?-))))))
3041:
3042: (defun syd-net-connect-rem (action addr)
3043: "Removes all matching entries from the given actionlist of net/connect
3044: sandboxing.
3045: ACTION is a constant representing the sandboxing action.
3046: ADDR is a string representing the address pattern."
3047: (let ((action (cond
3048: ((eq action :action-allow) "allow")
3049: ((eq action :action-warn) "warn")
3050: ((eq action :action-filter) "filter")
3051: ((eq action :action-deny) "deny")
3052: ((eq action :action-panic) "panic")
3053: ((eq action :action-stop) "stop")
3054: ((eq action :action-abort) "abort")
3055: ((eq action :action-kill) "kill")
3056: ((eq action :action-exit) "exit"))))
3057: ; Only proceed if action is not nil
3058: (when action
3059: ; Create the command string
3060: (let ((cmd (format "%s/net/connect" action)))
3061: ; Call syd--stat with the command
3062: (syd--stat (syd--rule cmd addr ?^))))))
3063:
3064: (defun syd-net-sendfd-add (action addr)
3065: "Adds to the given actionlist of net/sendfd sandboxing.
3066: ACTION is a constant representing the sandboxing action.
3067: ADDR is a string representing the address pattern."
3068: (let ((action (cond
3069: ((eq action :action-allow) "allow")
3070: ((eq action :action-warn) "warn")
3071: ((eq action :action-filter) "filter")
3072: ((eq action :action-deny) "deny")
3073: ((eq action :action-panic) "panic")
3074: ((eq action :action-stop) "stop")
3075: ((eq action :action-abort) "abort")
3076: ((eq action :action-kill) "kill")
3077: ((eq action :action-exit) "exit"))))
3078: ; Only proceed if action is not nil
3079: (when action
3080: ; Create the command string
3081: (let ((cmd (format "%s/net/sendfd" action)))
3082: ; Call syd--stat with the command
3083: (syd--stat (syd--rule cmd addr ?+))))))
3084:
3085: (defun syd-net-sendfd-del (action addr)
3086: "Removes the first matching entry from the end of the given actionlist
3087: of net/sendfd sandboxing.
3088: ACTION is a constant representing the sandboxing action.
3089: ADDR is a string representing the address pattern."
3090: (let ((action (cond
3091: ((eq action :action-allow) "allow")
3092: ((eq action :action-warn) "warn")
3093: ((eq action :action-filter) "filter")
3094: ((eq action :action-deny) "deny")
3095: ((eq action :action-panic) "panic")
3096: ((eq action :action-stop) "stop")
3097: ((eq action :action-abort) "abort")
3098: ((eq action :action-kill) "kill")
3099: ((eq action :action-exit) "exit"))))
3100: ; Only proceed if action is not nil
3101: (when action
3102: ; Create the command string
3103: (let ((cmd (format "%s/net/sendfd" action)))
3104: ; Call syd--stat with the command
3105: (syd--stat (syd--rule cmd addr ?-))))))
3106:
3107: (defun syd-net-sendfd-rem (action addr)
3108: "Removes all matching entries from the given actionlist of net/sendfd sandboxing.
3109: ACTION is a constant representing the sandboxing action.
3110: ADDR is a string representing the address pattern."
3111: (let ((action (cond
3112: ((eq action :action-allow) "allow")
3113: ((eq action :action-warn) "warn")
3114: ((eq action :action-filter) "filter")
3115: ((eq action :action-deny) "deny")
3116: ((eq action :action-panic) "panic")
3117: ((eq action :action-stop) "stop")
3118: ((eq action :action-abort) "abort")
3119: ((eq action :action-kill) "kill")
3120: ((eq action :action-exit) "exit"))))
3121: ; Only proceed if action is not nil
3122: (when action
3123: ; Create the command string
3124: (let ((cmd (format "%s/net/sendfd" action)))
3125: ; Call syd--stat with the command
3126: (syd--stat (syd--rule cmd addr ?^))))))
3127:
3128: (defun syd-net-link-add (action addr)
3129: "Adds to the given actionlist of net/link sandboxing.
3130: ACTION is a constant representing the sandboxing action.
3131: ADDR is a string representing the address pattern."
3132: (let ((action (cond
3133: ((eq action :action-allow) "allow")
3134: ((eq action :action-warn) "warn")
3135: ((eq action :action-filter) "filter")
3136: ((eq action :action-deny) "deny")
3137: ((eq action :action-panic) "panic")
3138: ((eq action :action-stop) "stop")
3139: ((eq action :action-abort) "abort")
3140: ((eq action :action-kill) "kill")
3141: ((eq action :action-exit) "exit"))))
3142: ; Only proceed if action is not nil
3143: (when action
3144: ; Create the command string
3145: (let ((cmd (format "%s/net/link" action)))
3146: ; Call syd--stat with the command
3147: (syd--stat (syd--rule cmd addr ?+))))))
3148:
3149: (defun syd-net-link-del (action addr)
3150: "Removes the first matching entry from the end of the given actionlist
3151: of net/link sandboxing.
3152: ACTION is a constant representing the sandboxing action.
3153: ADDR is a string representing the address pattern."
3154: (let ((action (cond
3155: ((eq action :action-allow) "allow")
3156: ((eq action :action-warn) "warn")
3157: ((eq action :action-filter) "filter")
3158: ((eq action :action-deny) "deny")
3159: ((eq action :action-panic) "panic")
3160: ((eq action :action-stop) "stop")
3161: ((eq action :action-abort) "abort")
3162: ((eq action :action-kill) "kill")
3163: ((eq action :action-exit) "exit"))))
3164: ; Only proceed if action is not nil
3165: (when action
3166: ; Create the command string
3167: (let ((cmd (format "%s/net/link" action)))
3168: ; Call syd--stat with the command
3169: (syd--stat (syd--rule cmd addr ?-))))))
3170:
3171: (defun syd-net-link-rem (action addr)
3172: "Removes all matching entries from the given actionlist of net/link sandboxing.
3173: ACTION is a constant representing the sandboxing action.
3174: ADDR is a string representing the address pattern."
3175: (let ((action (cond
3176: ((eq action :action-allow) "allow")
3177: ((eq action :action-warn) "warn")
3178: ((eq action :action-filter) "filter")
3179: ((eq action :action-deny) "deny")
3180: ((eq action :action-panic) "panic")
3181: ((eq action :action-stop) "stop")
3182: ((eq action :action-abort) "abort")
3183: ((eq action :action-kill) "kill")
3184: ((eq action :action-exit) "exit"))))
3185: ; Only proceed if action is not nil
3186: (when action
3187: ; Create the command string
3188: (let ((cmd (format "%s/net/link" action)))
3189: ; Call syd--stat with the command
3190: (syd--stat (syd--rule cmd addr ?^))))))
3191:
3192: (defun syd-force-add (path alg hash action)
3193: "Adds an entry to the Integrity Force map for Force Sandboxing.
3194: PATH is a fully-qualified file name.
3195: ALG is the hash algorithm (e.g. \"sha256\").
3196: HASH is a hexadecimal encoded checksum.
3197: ACTION is one of :action-warn, :action-filter, :action-deny, :action-panic, :action-stop, :action-abort, :action-kill, or :action-exit."
3198: (let ((action (cond ((eq action :action-warn) "warn")
3199: ((eq action :action-filter) "filter")
3200: ((eq action :action-deny) "deny")
3201: ((eq action :action-panic) "panic")
3202: ((eq action :action-stop) "stop")
3203: ((eq action :action-abort) "abort")
3204: ((eq action :action-kill) "kill")
3205: ((eq action :action-exit) "exit"))))
3206: ; Only proceed if action is not nil
3207: (when action
3208: ; Create the command string
3209: (let ((cmd (format "/dev/syd/force+%s:%s:%s:%s" path alg hash action)))
3210: ; Call syd--stat with the command
3211: (syd--stat cmd)))))
3212:
3213: (defun syd-force-del (path)
3214: "Removes an entry from the Integrity Force map for Force Sandboxing.
3215: PATH is a fully-qualified file name."
3216: ; Create the command string
3217: (let ((cmd (format "/dev/syd/force-%s" path)))
3218: ; Call syd--stat with the command
3219: (syd--stat cmd)))
3220:
3221: (defun syd-force-clr ()
3222: "Clears the Integrity Force map for Force Sandboxing."
3223: (syd--stat "/dev/syd/force^"))
3224:
3225: (defun syd-mem-max (size)
3226: "Set syd maximum per-process memory usage limit.
3227: SIZE can be an integer or a string representing the memory limit."
3228: (let ((size-str (cond ((integerp size) (number-to-string size))
3229: ((stringp size) size)
3230: (t (error "Size must be an integer or a string")))))
3231: (syd--stat (syd--rule "mem/max" size-str ?:))))
3232:
3233: (defun syd-mem-vm-max (size)
3234: "Set syd maximum per-process virtual memory usage limit.
3235: SIZE can be an integer or a string representing the memory limit."
3236: (let ((size-str (cond ((integerp size) (number-to-string size))
3237: ((stringp size) size)
3238: (t (error "Size must be an integer or a string")))))
3239: (syd--stat (syd--rule "mem/vm_max" size-str ?:))))
3240:
3241: (defun syd-pid-max (size)
3242: "Set syd maximum process ID limit for PID sandboxing.
3243: SIZE is a number representing the PID limit."
3244: (unless (numberp size)
3245: (error "Size must be a number"))
3246: (let ((path (format "/dev/syd/pid/max:%d" size)))
3247: (syd--stat path)))
3248:
3249: (defun syd-segvguard-expiry (timeout)
3250: "Specify SegvGuard entry expiry timeout in seconds.
3251: Setting this timeout to 0 effectively disables SegvGuard.
3252: TIMEOUT is a number representing the timeout in seconds."
3253: (unless (numberp timeout)
3254: (error "Timeout must be a number"))
3255: (let ((path (format "/dev/syd/segvguard/expiry:%d" timeout)))
3256: (syd--stat path)))
3257:
3258: (defun syd-segvguard-suspension (timeout)
3259: "Specify SegvGuard entry suspension timeout in seconds.
3260: TIMEOUT is a number representing the timeout in seconds."
3261: (unless (numberp timeout)
3262: (error "Timeout must be a number"))
3263: (let ((path (format "/dev/syd/segvguard/suspension:%d" timeout)))
3264: (syd--stat path)))
3265:
3266: (defun syd-segvguard-maxcrashes (limit)
3267: "Specify SegvGuard max number of crashes before suspension.
3268: LIMIT is a number representing the crash limit."
3269: (unless (numberp limit)
3270: (error "Limit must be a number"))
3271: (let ((path (format "/dev/syd/segvguard/maxcrashes:%d" limit)))
3272: (syd--stat path)))
3273:
3274: (defun syd-exec (file argv)
3275: "Execute a command outside the sandbox without sandboxing.
3276: FILE is the file path of the command as a string.
3277: ARGV is a list of strings representing the arguments to the command."
3278: (unless (stringp file)
3279: (error "File must be a string"))
3280: (let ((all-strings t))
3281: (dolist (arg argv)
3282: (unless (stringp arg)
3283: (setq all-strings nil)))
3284: (unless all-strings
3285: (error "All elements in ARGV must be strings")))
3286:
3287: (let ((cmd (mapconcat 'identity (cons file argv) "\x1F")))
3288: (syd--stat (concat "/dev/syd/cmd/exec!" cmd))))
3289:
3290: (defun syd--rule (rule elem op)
3291: "Helper function to construct a path for syd operations.
3292: RULE is a string representing the rule.
3293: ELEM is a string representing the element.
3294: OP is a character representing the operation."
3295: (unless (member op '(?+ ?- ?^ ?:))
3296: (error "Invalid operation"))
3297: (when (string-empty-p elem)
3298: (error "Element cannot be empty"))
3299: (concat "/dev/syd/" rule (char-to-string op) elem))
3300:
3301: (defun syd--stat (path)
3302: "Check if the file at PATH exists using `file-modes'."
3303: (condition-case nil
3304: (not (null (file-modes path)))
3305: (error nil))) ; On error, return nil
3306:
3307: (provide 'syd)
3308: ; syd.el ends here
3309:
21/03/2026 19:20:25, src/syd.el, Ali Polatel