1: ; -*- lexical-binding: t -*-
2: ;
3: ; syd.el --- Emacs Lisp implementation of the virtual Syd stat(2) interface
4: ;
5: ; Syd: rock-solid application kernel
6: ; src/syd.el: Emacs Lisp implementation of the virtual Syd stat(2) interface
7: ;
8: ; Copyright (c) 2023, 2024, 2025, 2026 Ali Polatel <alip@chesswob.org>
9: ;
10: ; SPDX-License-Identifier: GPL-3.0
11:
12: ; Define lock states as keywords
13: (defconst syd-lock-off :lock-off
14: "The sandbox lock is off, allowing all sandbox commands.")
15:
16: (defconst syd-lock-exec :lock-exec
17: "The sandbox lock is set to on for all processes except the initial process
18: \(syd exec child). This is the default state.")
19:
20: (defconst syd-lock-drop :lock-drop
21: "The sandbox lock is in drop-only mode, allowing only privilege-dropping
22: sandbox commands.")
23:
24: (defconst syd-lock-read :lock-read
25: "The sandbox lock is in read-only mode, allowing only read-only access
26: to sandbox state.")
27:
28: (defconst syd-lock-on :lock-on
29: "The sandbox lock is on, disallowing all sandbox commands.")
30:
31: ; Define sandbox actions as keywords
32: (defconst syd-action-allow :action-allow
33: "Allow system call.")
34:
35: (defconst syd-action-warn :action-warn
36: "Allow system call and warn.")
37:
38: (defconst syd-action-filter :action-filter
39: "Deny system call silently.")
40:
41: (defconst syd-action-deny :action-deny
42: "Deny system call and warn.")
43:
44: (defconst syd-action-panic :action-panic
45: "Deny system call, warn and panic the current Syd thread.")
46:
47: (defconst syd-action-stop :action-stop
48: "Deny system call, warn and stop offending process.")
49:
50: (defconst syd-action-abort :action-abort
51: "Deny system call, warn and abort offending process.")
52:
53: (defconst syd-action-kill :action-kill
54: "Deny system call, warn and kill offending process.")
55:
56: (defconst syd-action-exit :action-exit
57: "Warn, and exit Syd immediately with deny errno as exit value.")
58:
59: (defun syd-info ()
60: "Reads the state of the syd sandbox from /dev/syd and returns it as an alist.
61: If the `json' module is not available, returns nil."
62: (if (require 'json nil t)
63: (condition-case nil
64: (with-temp-buffer
65: (insert-file-contents "/dev/syd")
66: (with-no-warnings
67: (let ((json-object-type 'alist)
68: (json-array-type 'list)
69: (json-key-type 'symbol)
70: (json-false nil)
71: (json-null nil))
72: (json-read))))
73: (file-error
74: (message "Error reading /dev/syd.")
75: nil)
76: (json-error
77: (message "JSON decoding error.")
78: nil))
79: (progn
80: (message "JSON module not available.")
81: nil)))
82:
83: (defun syd-api ()
84: "Performs a syd API check."
85: (if (syd--stat "/dev/syd/3")
86: 3 ; API number on success
87: nil)) ; On error, return nil
88:
89: (defun syd-check ()
90: "Check if '/dev/syd' is a character device."
91: (syd--stat "/dev/syd"))
92:
93: (defun syd-panic ()
94: "Causes syd to exit immediately with code 127"
95: (syd--stat "/dev/syd/panic"))
96:
97: (defun syd-reset ()
98: "Causes syd to reset sandboxing to the default state."
99: (syd--stat "/dev/syd/reset"))
100:
101: (defun syd-load (fd)
102: "Causes syd to read configuration from the given file descriptor FD."
103: (let ((path (concat "/dev/syd/load/" (number-to-string fd))))
104: (syd--stat path)))
105:
106: (defun syd-lock (state)
107: "Sets the state of the sandbox lock.
108: STATE is one of the keywords :lock-off, :lock-exec, :lock-drop, :lock-read, or :lock-on.
109: Returns t on success, nil on failure."
110: (cond
111: ((eq state syd-lock-off) (syd--stat "/dev/syd/lock:off"))
112: ((eq state syd-lock-exec) (syd--stat "/dev/syd/lock:exec"))
113: ((eq state syd-lock-drop) (syd--stat "/dev/syd/lock:drop"))
114: ((eq state syd-lock-read) (syd--stat "/dev/syd/lock:read"))
115: ((eq state syd-lock-on) (syd--stat "/dev/syd/lock:on"))
116: (t nil))) ; Invalid state
117:
118: (defun syd-enabled-fs ()
119: "Checks if Filesystem sandboxing is enabled."
120: (syd--stat "/dev/syd/sandbox/fs?"))
121:
122: (defun syd-enable-fs ()
123: "Enable Filesystem sandboxing."
124: (syd--stat "/dev/syd/sandbox/fs:on"))
125:
126: (defun syd-disable-fs ()
127: "Disable Filesystem sandboxing."
128: (syd--stat "/dev/syd/sandbox/fs:off"))
129:
130: (defun syd-enabled-walk ()
131: "Checks if Walk sandboxing is enabled."
132: (syd--stat "/dev/syd/sandbox/walk?"))
133:
134: (defun syd-enable-walk ()
135: "Enable Walk sandboxing."
136: (syd--stat "/dev/syd/sandbox/walk:on"))
137:
138: (defun syd-disable-walk ()
139: "Disable Walk sandboxing."
140: (syd--stat "/dev/syd/sandbox/walk:off"))
141:
142: (defun syd-enabled-stat ()
143: "Checks if Stat sandboxing is enabled."
144: (syd--stat "/dev/syd/sandbox/stat?"))
145:
146: (defun syd-enable-stat ()
147: "Enable Stat sandboxing."
148: (syd--stat "/dev/syd/sandbox/stat:on"))
149:
150: (defun syd-disable-stat ()
151: "Disable Stat sandboxing."
152: (syd--stat "/dev/syd/sandbox/stat:off"))
153:
154: (defun syd-enabled-read ()
155: "Checks if Read sandboxing is enabled."
156: (syd--stat "/dev/syd/sandbox/read?"))
157:
158: (defun syd-enable-read ()
159: "Enable Read sandboxing."
160: (syd--stat "/dev/syd/sandbox/read:on"))
161:
162: (defun syd-disable-read ()
163: "Disable Read sandboxing."
164: (syd--stat "/dev/syd/sandbox/read:off"))
165:
166: (defun syd-enabled-write ()
167: "Checks if Write sandboxing is enabled."
168: (syd--stat "/dev/syd/sandbox/write?"))
169:
170: (defun syd-enable-write ()
171: "Enable Write sandboxing."
172: (syd--stat "/dev/syd/sandbox/write:on"))
173:
174: (defun syd-disable-write ()
175: "Disable Write sandboxing."
176: (syd--stat "/dev/syd/sandbox/write:off"))
177:
178: (defun syd-enabled-exec ()
179: "Checks if Exec sandboxing is enabled."
180: (syd--stat "/dev/syd/sandbox/exec?"))
181:
182: (defun syd-enable-exec ()
183: "Enable Exec sandboxing."
184: (syd--stat "/dev/syd/sandbox/exec:on"))
185:
186: (defun syd-disable-exec ()
187: "Disable Exec sandboxing."
188: (syd--stat "/dev/syd/sandbox/exec:off"))
189:
190: (defun syd-enabled-ioctl ()
191: "Checks if Ioctl sandboxing is enabled."
192: (syd--stat "/dev/syd/sandbox/ioctl?"))
193:
194: (defun syd-enable-ioctl ()
195: "Enable Ioctl sandboxing."
196: (syd--stat "/dev/syd/sandbox/ioctl:on"))
197:
198: (defun syd-disable-ioctl ()
199: "Disable Ioctl sandboxing."
200: (syd--stat "/dev/syd/sandbox/ioctl:off"))
201:
202: (defun syd-enabled-create ()
203: "Checks if create sandboxing is enabled."
204: (syd--stat "/dev/syd/sandbox/create?"))
205:
206: (defun syd-enable-create ()
207: "Enable create sandboxing."
208: (syd--stat "/dev/syd/sandbox/create:on"))
209:
210: (defun syd-disable-create ()
211: "Disable create sandboxing."
212: (syd--stat "/dev/syd/sandbox/create:off"))
213:
214: (defun syd-enabled-delete ()
215: "Checks if delete sandboxing is enabled."
216: (syd--stat "/dev/syd/sandbox/delete?"))
217:
218: (defun syd-enable-delete ()
219: "Enable delete sandboxing."
220: (syd--stat "/dev/syd/sandbox/delete:on"))
221:
222: (defun syd-disable-delete ()
223: "Disable delete sandboxing."
224: (syd--stat "/dev/syd/sandbox/delete:off"))
225:
226: (defun syd-enabled-rename ()
227: "Checks if rename sandboxing is enabled."
228: (syd--stat "/dev/syd/sandbox/rename?"))
229:
230: (defun syd-enable-rename ()
231: "Enable rename sandboxing."
232: (syd--stat "/dev/syd/sandbox/rename:on"))
233:
234: (defun syd-disable-rename ()
235: "Disable rename sandboxing."
236: (syd--stat "/dev/syd/sandbox/rename:off"))
237:
238: (defun syd-enabled-symlink ()
239: "Checks if symlink sandboxing is enabled."
240: (syd--stat "/dev/syd/sandbox/symlink?"))
241:
242: (defun syd-enable-symlink ()
243: "Enable symlink sandboxing."
244: (syd--stat "/dev/syd/sandbox/symlink:on"))
245:
246: (defun syd-disable-symlink ()
247: "Disable symlink sandboxing."
248: (syd--stat "/dev/syd/sandbox/symlink:off"))
249:
250: (defun syd-enabled-truncate ()
251: "Checks if Truncate sandboxing is enabled."
252: (syd--stat "/dev/syd/sandbox/truncate?"))
253:
254: (defun syd-enable-truncate ()
255: "Enable Truncate sandboxing."
256: (syd--stat "/dev/syd/sandbox/truncate:on"))
257:
258: (defun syd-disable-truncate ()
259: "Disable Truncate sandboxing."
260: (syd--stat "/dev/syd/sandbox/truncate:off"))
261:
262: (defun syd-enabled-chdir ()
263: "Checks if chdir sandboxing is enabled."
264: (syd--stat "/dev/syd/sandbox/chdir?"))
265:
266: (defun syd-enable-chdir ()
267: "Enable chdir sandboxing."
268: (syd--stat "/dev/syd/sandbox/chdir:on"))
269:
270: (defun syd-disable-chdir ()
271: "Disable chdir sandboxing."
272: (syd--stat "/dev/syd/sandbox/chdir:off"))
273:
274: (defun syd-enabled-readdir ()
275: "Checks if readdir sandboxing is enabled."
276: (syd--stat "/dev/syd/sandbox/readdir?"))
277:
278: (defun syd-enable-readdir ()
279: "Enable readdir sandboxing."
280: (syd--stat "/dev/syd/sandbox/readdir:on"))
281:
282: (defun syd-disable-readdir ()
283: "Disable readdir sandboxing."
284: (syd--stat "/dev/syd/sandbox/readdir:off"))
285:
286: (defun syd-enabled-mkdir ()
287: "Checks if mkdir sandboxing is enabled."
288: (syd--stat "/dev/syd/sandbox/mkdir?"))
289:
290: (defun syd-enable-mkdir ()
291: "Enable mkdir sandboxing."
292: (syd--stat "/dev/syd/sandbox/mkdir:on"))
293:
294: (defun syd-disable-mkdir ()
295: "Disable mkdir sandboxing."
296: (syd--stat "/dev/syd/sandbox/mkdir:off"))
297:
298: (defun syd-enabled-rmdir ()
299: "Checks if rmdir sandboxing is enabled."
300: (syd--stat "/dev/syd/sandbox/rmdir?"))
301:
302: (defun syd-enable-rmdir ()
303: "Enable rmdir sandboxing."
304: (syd--stat "/dev/syd/sandbox/rmdir:on"))
305:
306: (defun syd-disable-rmdir ()
307: "Disable rmdir sandboxing."
308: (syd--stat "/dev/syd/sandbox/rmdir:off"))
309:
310: (defun syd-enabled-chown ()
311: "Checks if chown sandboxing is enabled."
312: (syd--stat "/dev/syd/sandbox/chown?"))
313:
314: (defun syd-enable-chown ()
315: "Enable chown sandboxing."
316: (syd--stat "/dev/syd/sandbox/chown:on"))
317:
318: (defun syd-disable-chown ()
319: "Disable chown sandboxing."
320: (syd--stat "/dev/syd/sandbox/chown:off"))
321:
322: (defun syd-enabled-chgrp ()
323: "Checks if chgrp sandboxing is enabled."
324: (syd--stat "/dev/syd/sandbox/chgrp?"))
325:
326: (defun syd-enable-chgrp ()
327: "Enable chgrp sandboxing."
328: (syd--stat "/dev/syd/sandbox/chgrp:on"))
329:
330: (defun syd-disable-chgrp ()
331: "Disable chgrp sandboxing."
332: (syd--stat "/dev/syd/sandbox/chgrp:off"))
333:
334: (defun syd-enabled-chmod ()
335: "Checks if chmod sandboxing is enabled."
336: (syd--stat "/dev/syd/sandbox/chmod?"))
337:
338: (defun syd-enable-chmod ()
339: "Enable chmod sandboxing."
340: (syd--stat "/dev/syd/sandbox/chmod:on"))
341:
342: (defun syd-disable-chmod ()
343: "Disable chmod sandboxing."
344: (syd--stat "/dev/syd/sandbox/chmod:off"))
345:
346: (defun syd-enabled-chattr ()
347: "Checks if chattr sandboxing is enabled."
348: (syd--stat "/dev/syd/sandbox/chattr?"))
349:
350: (defun syd-enable-chattr ()
351: "Enable chattr sandboxing."
352: (syd--stat "/dev/syd/sandbox/chattr:on"))
353:
354: (defun syd-disable-chattr ()
355: "Disable chattr sandboxing."
356: (syd--stat "/dev/syd/sandbox/chattr:off"))
357:
358: (defun syd-enabled-chroot ()
359: "Checks if chroot sandboxing is enabled."
360: (syd--stat "/dev/syd/sandbox/chroot?"))
361:
362: (defun syd-enable-chroot ()
363: "Enable chroot sandboxing."
364: (syd--stat "/dev/syd/sandbox/chroot:on"))
365:
366: (defun syd-disable-chroot ()
367: "Disable chroot sandboxing."
368: (syd--stat "/dev/syd/sandbox/chroot:off"))
369:
370: (defun syd-enabled-notify ()
371: "Checks if notify sandboxing is enabled."
372: (syd--stat "/dev/syd/sandbox/notify?"))
373:
374: (defun syd-enable-notify ()
375: "Enable notify sandboxing."
376: (syd--stat "/dev/syd/sandbox/notify:on"))
377:
378: (defun syd-disable-notify ()
379: "Disable notify sandboxing."
380: (syd--stat "/dev/syd/sandbox/notify:off"))
381:
382: (defun syd-enabled-utime ()
383: "Checks if utime sandboxing is enabled."
384: (syd--stat "/dev/syd/sandbox/utime?"))
385:
386: (defun syd-enable-utime ()
387: "Enable utime sandboxing."
388: (syd--stat "/dev/syd/sandbox/utime:on"))
389:
390: (defun syd-disable-utime ()
391: "Disable utime sandboxing."
392: (syd--stat "/dev/syd/sandbox/utime:off"))
393:
394: (defun syd-enabled-mkbdev ()
395: "Checks if mkbdev sandboxing is enabled."
396: (syd--stat "/dev/syd/sandbox/mkbdev?"))
397:
398: (defun syd-enable-mkbdev ()
399: "Enable mkbdev sandboxing."
400: (syd--stat "/dev/syd/sandbox/mkbdev:on"))
401:
402: (defun syd-disable-mkbdev ()
403: "Disable mkbdev sandboxing."
404: (syd--stat "/dev/syd/sandbox/mkbdev:off"))
405:
406: (defun syd-enabled-mkcdev ()
407: "Checks if mkcdev sandboxing is enabled."
408: (syd--stat "/dev/syd/sandbox/mkcdev?"))
409:
410: (defun syd-enable-mkcdev ()
411: "Enable mkcdev sandboxing."
412: (syd--stat "/dev/syd/sandbox/mkcdev:on"))
413:
414: (defun syd-disable-mkcdev ()
415: "Disable mkcdev sandboxing."
416: (syd--stat "/dev/syd/sandbox/mkcdev:off"))
417:
418: (defun syd-enabled-mkfifo ()
419: "Checks if mkfifo sandboxing is enabled."
420: (syd--stat "/dev/syd/sandbox/mkfifo?"))
421:
422: (defun syd-enable-mkfifo ()
423: "Enable mkfifo sandboxing."
424: (syd--stat "/dev/syd/sandbox/mkfifo:on"))
425:
426: (defun syd-disable-mkfifo ()
427: "Disable mkfifo sandboxing."
428: (syd--stat "/dev/syd/sandbox/mkfifo:off"))
429:
430: (defun syd-enabled-mktemp ()
431: "Checks if mktemp sandboxing is enabled."
432: (syd--stat "/dev/syd/sandbox/mktemp?"))
433:
434: (defun syd-enable-mktemp ()
435: "Enable mktemp sandboxing."
436: (syd--stat "/dev/syd/sandbox/mktemp:on"))
437:
438: (defun syd-disable-mktemp ()
439: "Disable mktemp sandboxing."
440: (syd--stat "/dev/syd/sandbox/mktemp:off"))
441:
442: (defun syd-enabled-net ()
443: "Checks if Network sandboxing is enabled."
444: (syd--stat "/dev/syd/sandbox/net?"))
445:
446: (defun syd-enable-net ()
447: "Enable Network sandboxing."
448: (syd--stat "/dev/syd/sandbox/net:on"))
449:
450: (defun syd-disable-net ()
451: "Disable Network sandboxing."
452: (syd--stat "/dev/syd/sandbox/net:off"))
453:
454: (defun syd-enabled-lock ()
455: "Checks if lock sandboxing is enabled."
456: (syd--stat "/dev/syd/sandbox/lock?"))
457:
458: (defun syd-enabled-crypt ()
459: "Checks if crypt sandboxing is enabled."
460: (syd--stat "/dev/syd/sandbox/crypt?"))
461:
462: (defun syd-enabled-proxy ()
463: "Checks if proxy sandboxing is enabled."
464: (syd--stat "/dev/syd/sandbox/proxy?"))
465:
466: (defun syd-enabled-mem ()
467: "Checks if memory sandboxing is enabled."
468: (syd--stat "/dev/syd/sandbox/mem?"))
469:
470: (defun syd-enable-mem ()
471: "Enable memory sandboxing."
472: (syd--stat "/dev/syd/sandbox/mem:on"))
473:
474: (defun syd-disable-mem ()
475: "Disable memory sandboxing."
476: (syd--stat "/dev/syd/sandbox/mem:off"))
477:
478: (defun syd-enabled-pid ()
479: "Checks if PID sandboxing is enabled."
480: (syd--stat "/dev/syd/sandbox/pid?"))
481:
482: (defun syd-enable-pid ()
483: "Enable PID sandboxing."
484: (syd--stat "/dev/syd/sandbox/pid:on"))
485:
486: (defun syd-disable-pid ()
487: "Disable PID sandboxing."
488: (syd--stat "/dev/syd/sandbox/pid:off"))
489:
490: (defun syd-enabled-force ()
491: "Checks if force sandboxing is enabled."
492: (syd--stat "/dev/syd/sandbox/force?"))
493:
494: (defun syd-enable-force ()
495: "Enable force sandboxing."
496: (syd--stat "/dev/syd/sandbox/force:on"))
497:
498: (defun syd-disable-force ()
499: "Disable force sandboxing."
500: (syd--stat "/dev/syd/sandbox/force:off"))
501:
502: (defun syd-enabled-tpe ()
503: "Checks if TPE sandboxing is enabled."
504: (syd--stat "/dev/syd/sandbox/tpe?"))
505:
506: (defun syd-enable-tpe ()
507: "Enable TPE sandboxing."
508: (syd--stat "/dev/syd/sandbox/tpe:on"))
509:
510: (defun syd-disable-tpe ()
511: "Disable TPE sandboxing."
512: (syd--stat "/dev/syd/sandbox/tpe:off"))
513:
514: (defun syd-default-fs (action)
515: "Set default action for Filesystem sandboxing.
516: ACTION is a constant representing the sandboxing action."
517: (let ((action (cond
518: ((eq action :action-allow) "allow")
519: ((eq action :action-warn) "warn")
520: ((eq action :action-filter) "filter")
521: ((eq action :action-deny) "deny")
522: ((eq action :action-panic) "panic")
523: ((eq action :action-stop) "stop")
524: ((eq action :action-abort) "abort")
525: ((eq action :action-kill) "kill")
526: ((eq action :action-exit) "exit"))))
527: ; Only proceed if action is not nil
528: (when action
529: (let ((cmd (format "/dev/syd/default/fs:%s" action)))
530: ; Call syd--stat with the command
531: (syd--stat cmd)))))
532:
533: (defun syd-default-walk (action)
534: "Set default action for Walk sandboxing.
535: ACTION is a constant representing the sandboxing action."
536: (let ((action (cond
537: ((eq action :action-allow) "allow")
538: ((eq action :action-warn) "warn")
539: ((eq action :action-filter) "filter")
540: ((eq action :action-deny) "deny")
541: ((eq action :action-panic) "panic")
542: ((eq action :action-stop) "stop")
543: ((eq action :action-abort) "abort")
544: ((eq action :action-kill) "kill")
545: ((eq action :action-exit) "exit"))))
546: ; Only proceed if action is not nil
547: (when action
548: (let ((cmd (format "/dev/syd/default/walk:%s" action)))
549: ; Call syd--stat with the command
550: (syd--stat cmd)))))
551:
552: (defun syd-default-stat (action)
553: "Set default action for Stat sandboxing.
554: ACTION is a constant representing the sandboxing action."
555: (let ((action (cond
556: ((eq action :action-allow) "allow")
557: ((eq action :action-warn) "warn")
558: ((eq action :action-filter) "filter")
559: ((eq action :action-deny) "deny")
560: ((eq action :action-panic) "panic")
561: ((eq action :action-stop) "stop")
562: ((eq action :action-abort) "abort")
563: ((eq action :action-kill) "kill")
564: ((eq action :action-exit) "exit"))))
565: ; Only proceed if action is not nil
566: (when action
567: (let ((cmd (format "/dev/syd/default/stat:%s" action)))
568: ; Call syd--stat with the command
569: (syd--stat cmd)))))
570:
571: (defun syd-default-read (action)
572: "Set default action for Read sandboxing.
573: ACTION is a constant representing the sandboxing action."
574: (let ((action (cond
575: ((eq action :action-allow) "allow")
576: ((eq action :action-warn) "warn")
577: ((eq action :action-filter) "filter")
578: ((eq action :action-deny) "deny")
579: ((eq action :action-panic) "panic")
580: ((eq action :action-stop) "stop")
581: ((eq action :action-abort) "abort")
582: ((eq action :action-kill) "kill")
583: ((eq action :action-exit) "exit"))))
584: ; Only proceed if action is not nil
585: (when action
586: (let ((cmd (format "/dev/syd/default/read:%s" action)))
587: ; Call syd--stat with the command
588: (syd--stat cmd)))))
589:
590: (defun syd-default-write (action)
591: "Set default action for Write sandboxing.
592: ACTION is a constant representing the sandboxing action."
593: (let ((action (cond
594: ((eq action :action-allow) "allow")
595: ((eq action :action-warn) "warn")
596: ((eq action :action-filter) "filter")
597: ((eq action :action-deny) "deny")
598: ((eq action :action-panic) "panic")
599: ((eq action :action-stop) "stop")
600: ((eq action :action-abort) "abort")
601: ((eq action :action-kill) "kill")
602: ((eq action :action-exit) "exit"))))
603: ; Only proceed if action is not nil
604: (when action
605: (let ((cmd (format "/dev/syd/default/write:%s" action)))
606: ; Call syd--write with the command
607: (syd--stat cmd)))))
608:
609: (defun syd-default-exec (action)
610: "Set default action for Exec sandboxing.
611: ACTION is a constant representing the sandboxing action."
612: (let ((action (cond
613: ((eq action :action-allow) "allow")
614: ((eq action :action-warn) "warn")
615: ((eq action :action-filter) "filter")
616: ((eq action :action-deny) "deny")
617: ((eq action :action-panic) "panic")
618: ((eq action :action-stop) "stop")
619: ((eq action :action-abort) "abort")
620: ((eq action :action-kill) "kill")
621: ((eq action :action-exit) "exit"))))
622: ; Only proceed if action is not nil
623: (when action
624: (let ((cmd (format "/dev/syd/default/exec:%s" action)))
625: ; Call syd--exec with the command
626: (syd--stat cmd)))))
627:
628: (defun syd-default-ioctl (action)
629: "Set default action for Ioctl sandboxing.
630: ACTION is a constant representing the sandboxing action."
631: (let ((action (cond
632: ((eq action :action-allow) "allow")
633: ((eq action :action-warn) "warn")
634: ((eq action :action-filter) "filter")
635: ((eq action :action-deny) "deny")
636: ((eq action :action-panic) "panic")
637: ((eq action :action-stop) "stop")
638: ((eq action :action-abort) "abort")
639: ((eq action :action-kill) "kill")
640: ((eq action :action-exit) "exit"))))
641: ; Only proceed if action is not nil
642: (when action
643: (let ((cmd (format "/dev/syd/default/ioctl:%s" action)))
644: ; Call syd--ioctl with the command
645: (syd--stat cmd)))))
646:
647: (defun syd-default-create (action)
648: "Set default action for Create sandboxing.
649: ACTION is a constant representing the sandboxing action."
650: (let ((action (cond
651: ((eq action :action-allow) "allow")
652: ((eq action :action-warn) "warn")
653: ((eq action :action-filter) "filter")
654: ((eq action :action-deny) "deny")
655: ((eq action :action-panic) "panic")
656: ((eq action :action-stop) "stop")
657: ((eq action :action-abort) "abort")
658: ((eq action :action-kill) "kill")
659: ((eq action :action-exit) "exit"))))
660: ; Only proceed if action is not nil
661: (when action
662: (let ((cmd (format "/dev/syd/default/create:%s" action)))
663: ; Call syd--stat with the command
664: (syd--stat cmd)))))
665:
666: (defun syd-default-delete (action)
667: "Set default action for Delete sandboxing.
668: ACTION is a constant representing the sandboxing action."
669: (let ((action (cond
670: ((eq action :action-allow) "allow")
671: ((eq action :action-warn) "warn")
672: ((eq action :action-filter) "filter")
673: ((eq action :action-deny) "deny")
674: ((eq action :action-panic) "panic")
675: ((eq action :action-stop) "stop")
676: ((eq action :action-abort) "abort")
677: ((eq action :action-kill) "kill")
678: ((eq action :action-exit) "exit"))))
679: ; Only proceed if action is not nil
680: (when action
681: (let ((cmd (format "/dev/syd/default/delete:%s" action)))
682: ; Call syd--stat with the command
683: (syd--stat cmd)))))
684:
685: (defun syd-default-rename (action)
686: "Set default action for rename sandboxing.
687: ACTION is a constant representing the sandboxing action."
688: (let ((action (cond
689: ((eq action :action-allow) "allow")
690: ((eq action :action-warn) "warn")
691: ((eq action :action-filter) "filter")
692: ((eq action :action-deny) "deny")
693: ((eq action :action-panic) "panic")
694: ((eq action :action-stop) "stop")
695: ((eq action :action-abort) "abort")
696: ((eq action :action-kill) "kill")
697: ((eq action :action-exit) "exit"))))
698: ; Only proceed if action is not nil
699: (when action
700: (let ((cmd (format "/dev/syd/default/rename:%s" action)))
701: ; Call syd--stat with the command
702: (syd--stat cmd)))))
703:
704: (defun syd-default-symlink (action)
705: "Set default action for symlink sandboxing.
706: ACTION is a constant representing the sandboxing action."
707: (let ((action (cond
708: ((eq action :action-allow) "allow")
709: ((eq action :action-warn) "warn")
710: ((eq action :action-filter) "filter")
711: ((eq action :action-deny) "deny")
712: ((eq action :action-panic) "panic")
713: ((eq action :action-stop) "stop")
714: ((eq action :action-abort) "abort")
715: ((eq action :action-kill) "kill")
716: ((eq action :action-exit) "exit"))))
717: ; Only proceed if action is not nil
718: (when action
719: (let ((cmd (format "/dev/syd/default/symlink:%s" action)))
720: ; Call syd--stat with the command
721: (syd--stat cmd)))))
722:
723: (defun syd-default-truncate (action)
724: "Set default action for Truncate sandboxing.
725: ACTION is a constant representing the sandboxing action."
726: (let ((action (cond
727: ((eq action :action-allow) "allow")
728: ((eq action :action-warn) "warn")
729: ((eq action :action-filter) "filter")
730: ((eq action :action-deny) "deny")
731: ((eq action :action-panic) "panic")
732: ((eq action :action-stop) "stop")
733: ((eq action :action-abort) "abort")
734: ((eq action :action-kill) "kill")
735: ((eq action :action-exit) "exit"))))
736: ; Only proceed if action is not nil
737: (when action
738: (let ((cmd (format "/dev/syd/default/truncate:%s" action)))
739: ; Call syd--truncate with the command
740: (syd--stat cmd)))))
741:
742: (defun syd-default-chdir (action)
743: "Set default action for chdir sandboxing.
744: ACTION is a constant representing the sandboxing action."
745: (let ((action (cond
746: ((eq action :action-allow) "allow")
747: ((eq action :action-warn) "warn")
748: ((eq action :action-filter) "filter")
749: ((eq action :action-deny) "deny")
750: ((eq action :action-panic) "panic")
751: ((eq action :action-stop) "stop")
752: ((eq action :action-abort) "abort")
753: ((eq action :action-kill) "kill")
754: ((eq action :action-exit) "exit"))))
755: ; Only proceed if action is not nil
756: (when action
757: (let ((cmd (format "/dev/syd/default/chdir:%s" action)))
758: ; Call syd--chdir with the command
759: (syd--stat cmd)))))
760:
761: (defun syd-default-readdir (action)
762: "Set default action for readdir sandboxing.
763: ACTION is a constant representing the sandboxing action."
764: (let ((action (cond
765: ((eq action :action-allow) "allow")
766: ((eq action :action-warn) "warn")
767: ((eq action :action-filter) "filter")
768: ((eq action :action-deny) "deny")
769: ((eq action :action-panic) "panic")
770: ((eq action :action-stop) "stop")
771: ((eq action :action-abort) "abort")
772: ((eq action :action-kill) "kill")
773: ((eq action :action-exit) "exit"))))
774: ; Only proceed if action is not nil
775: (when action
776: (let ((cmd (format "/dev/syd/default/readdir:%s" action)))
777: ; Call syd--readdir with the command
778: (syd--stat cmd)))))
779:
780: (defun syd-default-mkdir (action)
781: "Set default action for mkdir sandboxing.
782: ACTION is a constant representing the sandboxing action."
783: (let ((action (cond
784: ((eq action :action-allow) "allow")
785: ((eq action :action-warn) "warn")
786: ((eq action :action-filter) "filter")
787: ((eq action :action-deny) "deny")
788: ((eq action :action-panic) "panic")
789: ((eq action :action-stop) "stop")
790: ((eq action :action-abort) "abort")
791: ((eq action :action-kill) "kill")
792: ((eq action :action-exit) "exit"))))
793: ; Only proceed if action is not nil
794: (when action
795: (let ((cmd (format "/dev/syd/default/mkdir:%s" action)))
796: ; Call syd--mkdir with the command
797: (syd--stat cmd)))))
798:
799: (defun syd-default-rmdir (action)
800: "Set default action for rmdir sandboxing.
801: ACTION is a constant representing the sandboxing action."
802: (let ((action (cond
803: ((eq action :action-allow) "allow")
804: ((eq action :action-warn) "warn")
805: ((eq action :action-filter) "filter")
806: ((eq action :action-deny) "deny")
807: ((eq action :action-panic) "panic")
808: ((eq action :action-stop) "stop")
809: ((eq action :action-abort) "abort")
810: ((eq action :action-kill) "kill")
811: ((eq action :action-exit) "exit"))))
812: ; Only proceed if action is not nil
813: (when action
814: (let ((cmd (format "/dev/syd/default/rmdir:%s" action)))
815: ; Call syd--rmdir with the command
816: (syd--stat cmd)))))
817:
818: (defun syd-default-chown (action)
819: "Set default action for Chown sandboxing.
820: ACTION is a constant representing the sandboxing action."
821: (let ((action (cond
822: ((eq action :action-allow) "allow")
823: ((eq action :action-warn) "warn")
824: ((eq action :action-filter) "filter")
825: ((eq action :action-deny) "deny")
826: ((eq action :action-panic) "panic")
827: ((eq action :action-stop) "stop")
828: ((eq action :action-abort) "abort")
829: ((eq action :action-kill) "kill")
830: ((eq action :action-exit) "exit"))))
831: ; Only proceed if action is not nil
832: (when action
833: (let ((cmd (format "/dev/syd/default/chown:%s" action)))
834: ; Call syd--stat with the command
835: (syd--stat cmd)))))
836:
837: (defun syd-default-chgrp (action)
838: "Set default action for Chgrp sandboxing.
839: ACTION is a constant representing the sandboxing action."
840: (let ((action (cond
841: ((eq action :action-allow) "allow")
842: ((eq action :action-warn) "warn")
843: ((eq action :action-filter) "filter")
844: ((eq action :action-deny) "deny")
845: ((eq action :action-panic) "panic")
846: ((eq action :action-stop) "stop")
847: ((eq action :action-abort) "abort")
848: ((eq action :action-kill) "kill")
849: ((eq action :action-exit) "exit"))))
850: ; Only proceed if action is not nil
851: (when action
852: (let ((cmd (format "/dev/syd/default/chgrp:%s" action)))
853: ; Call syd--stat with the command
854: (syd--stat cmd)))))
855:
856: (defun syd-default-chmod (action)
857: "Set default action for chmod sandboxing.
858: ACTION is a constant representing the sandboxing action."
859: (let ((action (cond
860: ((eq action :action-allow) "allow")
861: ((eq action :action-warn) "warn")
862: ((eq action :action-filter) "filter")
863: ((eq action :action-deny) "deny")
864: ((eq action :action-panic) "panic")
865: ((eq action :action-stop) "stop")
866: ((eq action :action-abort) "abort")
867: ((eq action :action-kill) "kill")
868: ((eq action :action-exit) "exit"))))
869: ; Only proceed if action is not nil
870: (when action
871: (let ((cmd (format "/dev/syd/default/chmod:%s" action)))
872: ; Call syd--stat with the command
873: (syd--stat cmd)))))
874:
875: (defun syd-default-chattr (action)
876: "Set default action for chattr sandboxing.
877: ACTION is a constant representing the sandboxing action."
878: (let ((action (cond
879: ((eq action :action-allow) "allow")
880: ((eq action :action-warn) "warn")
881: ((eq action :action-filter) "filter")
882: ((eq action :action-deny) "deny")
883: ((eq action :action-panic) "panic")
884: ((eq action :action-stop) "stop")
885: ((eq action :action-abort) "abort")
886: ((eq action :action-kill) "kill")
887: ((eq action :action-exit) "exit"))))
888: ; Only proceed if action is not nil
889: (when action
890: (let ((cmd (format "/dev/syd/default/chattr:%s" action)))
891: ; Call syd--stat with the command
892: (syd--stat cmd)))))
893:
894: (defun syd-default-chroot (action)
895: "Set default action for chroot sandboxing.
896: ACTION is a constant representing the sandboxing action."
897: (let ((action (cond
898: ((eq action :action-allow) "allow")
899: ((eq action :action-warn) "warn")
900: ((eq action :action-filter) "filter")
901: ((eq action :action-deny) "deny")
902: ((eq action :action-panic) "panic")
903: ((eq action :action-stop) "stop")
904: ((eq action :action-abort) "abort")
905: ((eq action :action-kill) "kill")
906: ((eq action :action-exit) "exit"))))
907: ; Only proceed if action is not nil
908: (when action
909: (let ((cmd (format "/dev/syd/default/chroot:%s" action)))
910: ; Call syd--stat with the command
911: (syd--stat cmd)))))
912:
913: (defun syd-default-notify (action)
914: "Set default action for notify sandboxing.
915: ACTION is a constant representing the sandboxing action."
916: (let ((action (cond
917: ((eq action :action-allow) "allow")
918: ((eq action :action-warn) "warn")
919: ((eq action :action-filter) "filter")
920: ((eq action :action-deny) "deny")
921: ((eq action :action-panic) "panic")
922: ((eq action :action-stop) "stop")
923: ((eq action :action-abort) "abort")
924: ((eq action :action-kill) "kill")
925: ((eq action :action-exit) "exit"))))
926: ; Only proceed if action is not nil
927: (when action
928: (let ((cmd (format "/dev/syd/default/notify:%s" action)))
929: ; Call syd--stat with the command
930: (syd--stat cmd)))))
931:
932: (defun syd-default-utime (action)
933: "Set default action for utime sandboxing.
934: ACTION is a constant representing the sandboxing action."
935: (let ((action (cond
936: ((eq action :action-allow) "allow")
937: ((eq action :action-warn) "warn")
938: ((eq action :action-filter) "filter")
939: ((eq action :action-deny) "deny")
940: ((eq action :action-panic) "panic")
941: ((eq action :action-stop) "stop")
942: ((eq action :action-abort) "abort")
943: ((eq action :action-kill) "kill")
944: ((eq action :action-exit) "exit"))))
945: ; Only proceed if action is not nil
946: (when action
947: (let ((cmd (format "/dev/syd/default/utime:%s" action)))
948: ; Call syd--stat with the command
949: (syd--stat cmd)))))
950:
951: (defun syd-default-mkbdev (action)
952: "Set default action for mkbdev sandboxing.
953: ACTION is a constant representing the sandboxing action."
954: (let ((action (cond
955: ((eq action :action-allow) "allow")
956: ((eq action :action-warn) "warn")
957: ((eq action :action-filter) "filter")
958: ((eq action :action-deny) "deny")
959: ((eq action :action-panic) "panic")
960: ((eq action :action-stop) "stop")
961: ((eq action :action-abort) "abort")
962: ((eq action :action-kill) "kill")
963: ((eq action :action-exit) "exit"))))
964: ; Only proceed if action is not nil
965: (when action
966: (let ((cmd (format "/dev/syd/default/mkbdev:%s" action)))
967: ; Call syd--stat with the command
968: (syd--stat cmd)))))
969:
970: (defun syd-default-mkcdev (action)
971: "Set default action for mkcdev sandboxing.
972: ACTION is a constant representing the sandboxing action."
973: (let ((action (cond
974: ((eq action :action-allow) "allow")
975: ((eq action :action-warn) "warn")
976: ((eq action :action-filter) "filter")
977: ((eq action :action-deny) "deny")
978: ((eq action :action-panic) "panic")
979: ((eq action :action-stop) "stop")
980: ((eq action :action-abort) "abort")
981: ((eq action :action-kill) "kill")
982: ((eq action :action-exit) "exit"))))
983: ; Only proceed if action is not nil
984: (when action
985: (let ((cmd (format "/dev/syd/default/mkcdev:%s" action)))
986: ; Call syd--stat with the command
987: (syd--stat cmd)))))
988:
989: (defun syd-default-mkfifo (action)
990: "Set default action for mkfifo sandboxing.
991: ACTION is a constant representing the sandboxing action."
992: (let ((action (cond
993: ((eq action :action-allow) "allow")
994: ((eq action :action-warn) "warn")
995: ((eq action :action-filter) "filter")
996: ((eq action :action-deny) "deny")
997: ((eq action :action-panic) "panic")
998: ((eq action :action-stop) "stop")
999: ((eq action :action-abort) "abort")
1000: ((eq action :action-kill) "kill")
1001: ((eq action :action-exit) "exit"))))
1002: ; Only proceed if action is not nil
1003: (when action
1004: (let ((cmd (format "/dev/syd/default/mkfifo:%s" action)))
1005: ; Call syd--stat with the command
1006: (syd--stat cmd)))))
1007:
1008: (defun syd-default-mktemp (action)
1009: "Set default action for mktemp sandboxing.
1010: ACTION is a constant representing the sandboxing action."
1011: (let ((action (cond
1012: ((eq action :action-allow) "allow")
1013: ((eq action :action-warn) "warn")
1014: ((eq action :action-filter) "filter")
1015: ((eq action :action-deny) "deny")
1016: ((eq action :action-panic) "panic")
1017: ((eq action :action-stop) "stop")
1018: ((eq action :action-abort) "abort")
1019: ((eq action :action-kill) "kill")
1020: ((eq action :action-exit) "exit"))))
1021: ; Only proceed if action is not nil
1022: (when action
1023: (let ((cmd (format "/dev/syd/default/mktemp:%s" action)))
1024: ; Call syd--stat with the command
1025: (syd--stat cmd)))))
1026:
1027: (defun syd-default-net (action)
1028: "Set default action for Network sandboxing.
1029: ACTION is a constant representing the sandboxing action."
1030: (let ((action (cond
1031: ((eq action :action-allow) "allow")
1032: ((eq action :action-warn) "warn")
1033: ((eq action :action-filter) "filter")
1034: ((eq action :action-deny) "deny")
1035: ((eq action :action-panic) "panic")
1036: ((eq action :action-stop) "stop")
1037: ((eq action :action-abort) "abort")
1038: ((eq action :action-kill) "kill")
1039: ((eq action :action-exit) "exit"))))
1040: ; Only proceed if action is not nil
1041: (when action
1042: (let ((cmd (format "/dev/syd/default/net:%s" action)))
1043: ; Call syd--net with the command
1044: (syd--stat cmd)))))
1045:
1046: ; TODO: syd-default-block!
1047:
1048: (defun syd-default-mem (action)
1049: "Set default action for Memory sandboxing.
1050: ACTION is a constant representing the sandboxing action."
1051: (let ((action (cond
1052: ((eq action :action-allow) "allow")
1053: ((eq action :action-warn) "warn")
1054: ((eq action :action-filter) "filter")
1055: ((eq action :action-deny) "deny")
1056: ((eq action :action-panic) "panic")
1057: ((eq action :action-stop) "stop")
1058: ((eq action :action-abort) "abort")
1059: ((eq action :action-kill) "kill")
1060: ((eq action :action-exit) "exit"))))
1061: ; Only proceed if action is not nil
1062: (when action
1063: (let ((cmd (format "/dev/syd/default/mem:%s" action)))
1064: ; Call syd--net with the command
1065: (syd--stat cmd)))))
1066:
1067: (defun syd-default-pid (action)
1068: "Set default action for PID sandboxing.
1069: ACTION is a constant representing the sandboxing action."
1070: (let ((action (cond
1071: ((eq action :action-allow) "allow")
1072: ((eq action :action-warn) "warn")
1073: ((eq action :action-filter) "filter")
1074: ((eq action :action-deny) "deny")
1075: ((eq action :action-panic) "panic")
1076: ((eq action :action-stop) "stop")
1077: ((eq action :action-abort) "abort")
1078: ((eq action :action-kill) "kill")
1079: ((eq action :action-exit) "exit"))))
1080: ; Only proceed if action is not nil
1081: (when action
1082: (let ((cmd (format "/dev/syd/default/pid:%s" action)))
1083: ; Call syd--net with the command
1084: (syd--stat cmd)))))
1085:
1086: (defun syd-default-force (action)
1087: "Set default action for Force sandboxing.
1088: ACTION is a constant representing the sandboxing action."
1089: (let ((action (cond
1090: ((eq action :action-allow) "allow")
1091: ((eq action :action-warn) "warn")
1092: ((eq action :action-filter) "filter")
1093: ((eq action :action-deny) "deny")
1094: ((eq action :action-panic) "panic")
1095: ((eq action :action-stop) "stop")
1096: ((eq action :action-abort) "abort")
1097: ((eq action :action-kill) "kill")
1098: ((eq action :action-exit) "exit"))))
1099: ; Only proceed if action is not nil
1100: (when action
1101: (let ((cmd (format "/dev/syd/default/force:%s" action)))
1102: ; Call syd--net with the command
1103: (syd--stat cmd)))))
1104:
1105: (defun syd-default-segvguard (action)
1106: "Set default action for SegvGuard.
1107: ACTION is a constant representing the sandboxing action."
1108: (let ((action (cond
1109: ((eq action :action-allow) "allow")
1110: ((eq action :action-warn) "warn")
1111: ((eq action :action-filter) "filter")
1112: ((eq action :action-deny) "deny")
1113: ((eq action :action-panic) "panic")
1114: ((eq action :action-stop) "stop")
1115: ((eq action :action-abort) "abort")
1116: ((eq action :action-kill) "kill")
1117: ((eq action :action-exit) "exit"))))
1118: ; Only proceed if action is not nil
1119: (when action
1120: (let ((cmd (format "/dev/syd/default/segvguard:%s" action)))
1121: ; Call syd--net with the command
1122: (syd--stat cmd)))))
1123:
1124: (defun syd-default-tpe (action)
1125: "Set default action for TPE sandboxing.
1126: ACTION is a constant representing the sandboxing action."
1127: (let ((action (cond
1128: ((eq action :action-allow) "allow")
1129: ((eq action :action-warn) "warn")
1130: ((eq action :action-filter) "filter")
1131: ((eq action :action-deny) "deny")
1132: ((eq action :action-panic) "panic")
1133: ((eq action :action-stop) "stop")
1134: ((eq action :action-abort) "abort")
1135: ((eq action :action-kill) "kill")
1136: ((eq action :action-exit) "exit"))))
1137: ; Only proceed if action is not nil
1138: (when action
1139: (let ((cmd (format "/dev/syd/default/tpe:%s" action)))
1140: ; Call syd--net with the command
1141: (syd--stat cmd)))))
1142:
1143: (defun syd-ioctl-deny (request)
1144: "Adds a request to the _ioctl_(2) denylist.
1145: REQUEST is the _ioctl_(2) request number to add to the denylist."
1146: (unless (numberp request)
1147: (error "Request must be a number"))
1148: (let ((path (format "/dev/syd/ioctl/deny+%d" request)))
1149: (syd--stat path)))
1150:
1151: (defun syd-fs-add (action glob)
1152: "Adds to the given actionlist of Filesystem sandboxing.
1153: ACTION is a constant representing the sandboxing action.
1154: GLOB is a string representing the glob pattern."
1155: (let ((action (cond
1156: ((eq action :action-allow) "allow")
1157: ((eq action :action-warn) "warn")
1158: ((eq action :action-filter) "filter")
1159: ((eq action :action-deny) "deny")
1160: ((eq action :action-panic) "panic")
1161: ((eq action :action-stop) "stop")
1162: ((eq action :action-abort) "abort")
1163: ((eq action :action-kill) "kill")
1164: ((eq action :action-exit) "exit"))))
1165: ; Only proceed if action is not nil
1166: (when action
1167: ; Create the command string
1168: (let ((cmd (format "%s/fs" action)))
1169: ; Call syd--stat with the command
1170: (syd--stat (syd--rule cmd glob ?+))))))
1171:
1172: (defun syd-fs-del (action glob)
1173: "Removes the first matching entry from the end of the given actionlist
1174: of Filesystem sandboxing.
1175: ACTION is a constant representing the sandboxing action.
1176: GLOB is a string representing the glob pattern."
1177: (let ((action (cond
1178: ((eq action :action-allow) "allow")
1179: ((eq action :action-warn) "warn")
1180: ((eq action :action-filter) "filter")
1181: ((eq action :action-deny) "deny")
1182: ((eq action :action-panic) "panic")
1183: ((eq action :action-stop) "stop")
1184: ((eq action :action-abort) "abort")
1185: ((eq action :action-kill) "kill")
1186: ((eq action :action-exit) "exit"))))
1187: ; Only proceed if action is not nil
1188: (when action
1189: ; Create the command string
1190: (let ((cmd (format "%s/fs" action)))
1191: ; Call syd--stat with the command
1192: (syd--stat (syd--rule cmd glob ?-))))))
1193:
1194: (defun syd-fs-rem (action glob)
1195: "Removes all matching entries from the given actionlist of Filesystem sandboxing.
1196: ACTION is a constant representing the sandboxing action.
1197: GLOB is a string representing the glob pattern."
1198: (let ((action (cond
1199: ((eq action :action-allow) "allow")
1200: ((eq action :action-warn) "warn")
1201: ((eq action :action-filter) "filter")
1202: ((eq action :action-deny) "deny")
1203: ((eq action :action-panic) "panic")
1204: ((eq action :action-stop) "stop")
1205: ((eq action :action-abort) "abort")
1206: ((eq action :action-kill) "kill")
1207: ((eq action :action-exit) "exit"))))
1208: ; Only proceed if action is not nil
1209: (when action
1210: ; Create the command string
1211: (let ((cmd (format "%s/fs" action)))
1212: ; Call syd--stat with the command
1213: (syd--stat (syd--rule cmd glob ?^))))))
1214:
1215: (defun syd-walk-add (action glob)
1216: "Adds to the given actionlist of walk sandboxing.
1217: ACTION is a constant representing the sandboxing action.
1218: GLOB is a string representing the glob pattern."
1219: (let ((action (cond
1220: ((eq action :action-allow) "allow")
1221: ((eq action :action-warn) "warn")
1222: ((eq action :action-filter) "filter")
1223: ((eq action :action-deny) "deny")
1224: ((eq action :action-panic) "panic")
1225: ((eq action :action-stop) "stop")
1226: ((eq action :action-abort) "abort")
1227: ((eq action :action-kill) "kill")
1228: ((eq action :action-exit) "exit"))))
1229: ; Only proceed if action is not nil
1230: (when action
1231: ; Create the command string
1232: (let ((cmd (format "%s/walk" action)))
1233: ; Call syd--stat with the command
1234: (syd--stat (syd--rule cmd glob ?+))))))
1235:
1236: (defun syd-walk-del (action glob)
1237: "Removes the first matching entry from the end of the given actionlist
1238: of walk sandboxing.
1239: ACTION is a constant representing the sandboxing action.
1240: GLOB is a string representing the glob pattern."
1241: (let ((action (cond
1242: ((eq action :action-allow) "allow")
1243: ((eq action :action-warn) "warn")
1244: ((eq action :action-filter) "filter")
1245: ((eq action :action-deny) "deny")
1246: ((eq action :action-panic) "panic")
1247: ((eq action :action-stop) "stop")
1248: ((eq action :action-abort) "abort")
1249: ((eq action :action-kill) "kill")
1250: ((eq action :action-exit) "exit"))))
1251: ; Only proceed if action is not nil
1252: (when action
1253: ; Create the command string
1254: (let ((cmd (format "%s/walk" action)))
1255: ; Call syd--stat with the command
1256: (syd--stat (syd--rule cmd glob ?-))))))
1257:
1258: (defun syd-walk-rem (action glob)
1259: "Removes all matching entries from the given actionlist of walk sandboxing.
1260: ACTION is a constant representing the sandboxing action.
1261: GLOB is a string representing the glob pattern."
1262: (let ((action (cond
1263: ((eq action :action-allow) "allow")
1264: ((eq action :action-warn) "warn")
1265: ((eq action :action-filter) "filter")
1266: ((eq action :action-deny) "deny")
1267: ((eq action :action-panic) "panic")
1268: ((eq action :action-stop) "stop")
1269: ((eq action :action-abort) "abort")
1270: ((eq action :action-kill) "kill")
1271: ((eq action :action-exit) "exit"))))
1272: ; Only proceed if action is not nil
1273: (when action
1274: ; Create the command string
1275: (let ((cmd (format "%s/walk" action)))
1276: ; Call syd--stat with the command
1277: (syd--stat (syd--rule cmd glob ?^))))))
1278:
1279: (defun syd-stat-add (action glob)
1280: "Adds to the given actionlist of stat sandboxing.
1281: ACTION is a constant representing the sandboxing action.
1282: GLOB is a string representing the glob pattern."
1283: (let ((action (cond
1284: ((eq action :action-allow) "allow")
1285: ((eq action :action-warn) "warn")
1286: ((eq action :action-filter) "filter")
1287: ((eq action :action-deny) "deny")
1288: ((eq action :action-panic) "panic")
1289: ((eq action :action-stop) "stop")
1290: ((eq action :action-abort) "abort")
1291: ((eq action :action-kill) "kill")
1292: ((eq action :action-exit) "exit"))))
1293: ; Only proceed if action is not nil
1294: (when action
1295: ; Create the command string
1296: (let ((cmd (format "%s/stat" action)))
1297: ; Call syd--stat with the command
1298: (syd--stat (syd--rule cmd glob ?+))))))
1299:
1300: (defun syd-stat-del (action glob)
1301: "Removes the first matching entry from the end of the given actionlist
1302: of stat sandboxing.
1303: ACTION is a constant representing the sandboxing action.
1304: GLOB is a string representing the glob pattern."
1305: (let ((action (cond
1306: ((eq action :action-allow) "allow")
1307: ((eq action :action-warn) "warn")
1308: ((eq action :action-filter) "filter")
1309: ((eq action :action-deny) "deny")
1310: ((eq action :action-panic) "panic")
1311: ((eq action :action-stop) "stop")
1312: ((eq action :action-abort) "abort")
1313: ((eq action :action-kill) "kill")
1314: ((eq action :action-exit) "exit"))))
1315: ; Only proceed if action is not nil
1316: (when action
1317: ; Create the command string
1318: (let ((cmd (format "%s/stat" action)))
1319: ; Call syd--stat with the command
1320: (syd--stat (syd--rule cmd glob ?-))))))
1321:
1322: (defun syd-stat-rem (action glob)
1323: "Removes all matching entries from the given actionlist of stat sandboxing.
1324: ACTION is a constant representing the sandboxing action.
1325: GLOB is a string representing the glob pattern."
1326: (let ((action (cond
1327: ((eq action :action-allow) "allow")
1328: ((eq action :action-warn) "warn")
1329: ((eq action :action-filter) "filter")
1330: ((eq action :action-deny) "deny")
1331: ((eq action :action-panic) "panic")
1332: ((eq action :action-stop) "stop")
1333: ((eq action :action-abort) "abort")
1334: ((eq action :action-kill) "kill")
1335: ((eq action :action-exit) "exit"))))
1336: ; Only proceed if action is not nil
1337: (when action
1338: ; Create the command string
1339: (let ((cmd (format "%s/stat" action)))
1340: ; Call syd--stat with the command
1341: (syd--stat (syd--rule cmd glob ?^))))))
1342:
1343: (defun syd-read-add (action glob)
1344: "Adds to the given actionlist of read sandboxing.
1345: ACTION is a constant representing the sandboxing action.
1346: GLOB is a string representing the glob pattern."
1347: (let ((action (cond
1348: ((eq action :action-allow) "allow")
1349: ((eq action :action-warn) "warn")
1350: ((eq action :action-filter) "filter")
1351: ((eq action :action-deny) "deny")
1352: ((eq action :action-panic) "panic")
1353: ((eq action :action-stop) "stop")
1354: ((eq action :action-abort) "abort")
1355: ((eq action :action-kill) "kill")
1356: ((eq action :action-exit) "exit"))))
1357: ; Only proceed if action is not nil
1358: (when action
1359: ; Create the command string
1360: (let ((cmd (format "%s/read" action)))
1361: ; Call syd--stat with the command
1362: (syd--stat (syd--rule cmd glob ?+))))))
1363:
1364: (defun syd-read-del (action glob)
1365: "Removes the first matching entry from the end of the given actionlist
1366: of read sandboxing.
1367: ACTION is a constant representing the sandboxing action.
1368: GLOB is a string representing the glob pattern."
1369: (let ((action (cond
1370: ((eq action :action-allow) "allow")
1371: ((eq action :action-warn) "warn")
1372: ((eq action :action-filter) "filter")
1373: ((eq action :action-deny) "deny")
1374: ((eq action :action-panic) "panic")
1375: ((eq action :action-stop) "stop")
1376: ((eq action :action-abort) "abort")
1377: ((eq action :action-kill) "kill")
1378: ((eq action :action-exit) "exit"))))
1379: ; Only proceed if action is not nil
1380: (when action
1381: ; Create the command string
1382: (let ((cmd (format "%s/read" action)))
1383: ; Call syd--stat with the command
1384: (syd--stat (syd--rule cmd glob ?-))))))
1385:
1386: (defun syd-read-rem (action glob)
1387: "Removes all matching entries from the given actionlist of read sandboxing.
1388: ACTION is a constant representing the sandboxing action.
1389: GLOB is a string representing the glob pattern."
1390: (let ((action (cond
1391: ((eq action :action-allow) "allow")
1392: ((eq action :action-warn) "warn")
1393: ((eq action :action-filter) "filter")
1394: ((eq action :action-deny) "deny")
1395: ((eq action :action-panic) "panic")
1396: ((eq action :action-stop) "stop")
1397: ((eq action :action-abort) "abort")
1398: ((eq action :action-kill) "kill")
1399: ((eq action :action-exit) "exit"))))
1400: ; Only proceed if action is not nil
1401: (when action
1402: ; Create the command string
1403: (let ((cmd (format "%s/read" action)))
1404: ; Call syd--stat with the command
1405: (syd--stat (syd--rule cmd glob ?^))))))
1406:
1407: (defun syd-write-add (action glob)
1408: "Adds to the given actionlist of write sandboxing.
1409: ACTION is a constant representing the sandboxing action.
1410: GLOB is a string representing the glob pattern."
1411: (let ((action (cond
1412: ((eq action :action-allow) "allow")
1413: ((eq action :action-warn) "warn")
1414: ((eq action :action-filter) "filter")
1415: ((eq action :action-deny) "deny")
1416: ((eq action :action-panic) "panic")
1417: ((eq action :action-stop) "stop")
1418: ((eq action :action-abort) "abort")
1419: ((eq action :action-kill) "kill")
1420: ((eq action :action-exit) "exit"))))
1421: ; Only proceed if action is not nil
1422: (when action
1423: ; Create the command string
1424: (let ((cmd (format "%s/write" action)))
1425: ; Call syd--stat with the command
1426: (syd--stat (syd--rule cmd glob ?+))))))
1427:
1428: (defun syd-write-del (action glob)
1429: "Removes the first matching entry from the end of the given actionlist
1430: of write sandboxing.
1431: ACTION is a constant representing the sandboxing action.
1432: GLOB is a string representing the glob pattern."
1433: (let ((action (cond
1434: ((eq action :action-allow) "allow")
1435: ((eq action :action-warn) "warn")
1436: ((eq action :action-filter) "filter")
1437: ((eq action :action-deny) "deny")
1438: ((eq action :action-panic) "panic")
1439: ((eq action :action-stop) "stop")
1440: ((eq action :action-abort) "abort")
1441: ((eq action :action-kill) "kill")
1442: ((eq action :action-exit) "exit"))))
1443: ; Only proceed if action is not nil
1444: (when action
1445: ; Create the command string
1446: (let ((cmd (format "%s/write" action)))
1447: ; Call syd--stat with the command
1448: (syd--stat (syd--rule cmd glob ?-))))))
1449:
1450: (defun syd-write-rem (action glob)
1451: "Removes all matching entries from the given actionlist of write sandboxing.
1452: ACTION is a constant representing the sandboxing action.
1453: GLOB is a string representing the glob pattern."
1454: (let ((action (cond
1455: ((eq action :action-allow) "allow")
1456: ((eq action :action-warn) "warn")
1457: ((eq action :action-filter) "filter")
1458: ((eq action :action-deny) "deny")
1459: ((eq action :action-panic) "panic")
1460: ((eq action :action-stop) "stop")
1461: ((eq action :action-abort) "abort")
1462: ((eq action :action-kill) "kill")
1463: ((eq action :action-exit) "exit"))))
1464: ; Only proceed if action is not nil
1465: (when action
1466: ; Create the command string
1467: (let ((cmd (format "%s/write" action)))
1468: ; Call syd--stat with the command
1469: (syd--stat (syd--rule cmd glob ?^))))))
1470:
1471: (defun syd-exec-add (action glob)
1472: "Adds to the given actionlist of exec sandboxing.
1473: ACTION is a constant representing the sandboxing action.
1474: GLOB is a string representing the glob pattern."
1475: (let ((action (cond
1476: ((eq action :action-allow) "allow")
1477: ((eq action :action-warn) "warn")
1478: ((eq action :action-filter) "filter")
1479: ((eq action :action-deny) "deny")
1480: ((eq action :action-panic) "panic")
1481: ((eq action :action-stop) "stop")
1482: ((eq action :action-abort) "abort")
1483: ((eq action :action-kill) "kill")
1484: ((eq action :action-exit) "exit"))))
1485: ; Only proceed if action is not nil
1486: (when action
1487: ; Create the command string
1488: (let ((cmd (format "%s/exec" action)))
1489: ; Call syd--stat with the command
1490: (syd--stat (syd--rule cmd glob ?+))))))
1491:
1492: (defun syd-exec-del (action glob)
1493: "Removes the first matching entry from the end of the given actionlist
1494: of exec sandboxing.
1495: ACTION is a constant representing the sandboxing action.
1496: GLOB is a string representing the glob pattern."
1497: (let ((action (cond
1498: ((eq action :action-allow) "allow")
1499: ((eq action :action-warn) "warn")
1500: ((eq action :action-filter) "filter")
1501: ((eq action :action-deny) "deny")
1502: ((eq action :action-panic) "panic")
1503: ((eq action :action-stop) "stop")
1504: ((eq action :action-abort) "abort")
1505: ((eq action :action-kill) "kill")
1506: ((eq action :action-exit) "exit"))))
1507: ; Only proceed if action is not nil
1508: (when action
1509: ; Create the command string
1510: (let ((cmd (format "%s/exec" action)))
1511: ; Call syd--stat with the command
1512: (syd--stat (syd--rule cmd glob ?-))))))
1513:
1514: (defun syd-exec-rem (action glob)
1515: "Removes all matching entries from the given actionlist of exec sandboxing.
1516: ACTION is a constant representing the sandboxing action.
1517: GLOB is a string representing the glob pattern."
1518: (let ((action (cond
1519: ((eq action :action-allow) "allow")
1520: ((eq action :action-warn) "warn")
1521: ((eq action :action-filter) "filter")
1522: ((eq action :action-deny) "deny")
1523: ((eq action :action-panic) "panic")
1524: ((eq action :action-stop) "stop")
1525: ((eq action :action-abort) "abort")
1526: ((eq action :action-kill) "kill")
1527: ((eq action :action-exit) "exit"))))
1528: ; Only proceed if action is not nil
1529: (when action
1530: ; Create the command string
1531: (let ((cmd (format "%s/exec" action)))
1532: ; Call syd--stat with the command
1533: (syd--stat (syd--rule cmd glob ?^))))))
1534:
1535: (defun syd-ioctl-add (action glob)
1536: "Adds to the given actionlist of ioctl sandboxing.
1537: ACTION is a constant representing the sandboxing action.
1538: GLOB is a string representing the glob pattern."
1539: (let ((action (cond
1540: ((eq action :action-allow) "allow")
1541: ((eq action :action-warn) "warn")
1542: ((eq action :action-filter) "filter")
1543: ((eq action :action-deny) "deny")
1544: ((eq action :action-panic) "panic")
1545: ((eq action :action-stop) "stop")
1546: ((eq action :action-abort) "abort")
1547: ((eq action :action-kill) "kill")
1548: ((eq action :action-exit) "exit"))))
1549: ; Only proceed if action is not nil
1550: (when action
1551: ; Create the command string
1552: (let ((cmd (format "%s/ioctl" action)))
1553: ; Call syd--stat with the command
1554: (syd--stat (syd--rule cmd glob ?+))))))
1555:
1556: (defun syd-ioctl-del (action glob)
1557: "Removes the first matching entry from the end of the given actionlist
1558: of ioctl sandboxing.
1559: ACTION is a constant representing the sandboxing action.
1560: GLOB is a string representing the glob pattern."
1561: (let ((action (cond
1562: ((eq action :action-allow) "allow")
1563: ((eq action :action-warn) "warn")
1564: ((eq action :action-filter) "filter")
1565: ((eq action :action-deny) "deny")
1566: ((eq action :action-panic) "panic")
1567: ((eq action :action-stop) "stop")
1568: ((eq action :action-abort) "abort")
1569: ((eq action :action-kill) "kill")
1570: ((eq action :action-exit) "exit"))))
1571: ; Only proceed if action is not nil
1572: (when action
1573: ; Create the command string
1574: (let ((cmd (format "%s/ioctl" action)))
1575: ; Call syd--stat with the command
1576: (syd--stat (syd--rule cmd glob ?-))))))
1577:
1578: (defun syd-ioctl-rem (action glob)
1579: "Removes all matching entries from the given actionlist of ioctl sandboxing.
1580: ACTION is a constant representing the sandboxing action.
1581: GLOB is a string representing the glob pattern."
1582: (let ((action (cond
1583: ((eq action :action-allow) "allow")
1584: ((eq action :action-warn) "warn")
1585: ((eq action :action-filter) "filter")
1586: ((eq action :action-deny) "deny")
1587: ((eq action :action-panic) "panic")
1588: ((eq action :action-stop) "stop")
1589: ((eq action :action-abort) "abort")
1590: ((eq action :action-kill) "kill")
1591: ((eq action :action-exit) "exit"))))
1592: ; Only proceed if action is not nil
1593: (when action
1594: ; Create the command string
1595: (let ((cmd (format "%s/ioctl" action)))
1596: ; Call syd--stat with the command
1597: (syd--stat (syd--rule cmd glob ?^))))))
1598:
1599: (defun syd-create-add (action glob)
1600: "Adds to the given actionlist of create sandboxing.
1601: ACTION is a constant representing the sandboxing action.
1602: GLOB is a string representing the glob pattern."
1603: (let ((action (cond
1604: ((eq action :action-allow) "allow")
1605: ((eq action :action-warn) "warn")
1606: ((eq action :action-filter) "filter")
1607: ((eq action :action-deny) "deny")
1608: ((eq action :action-panic) "panic")
1609: ((eq action :action-stop) "stop")
1610: ((eq action :action-abort) "abort")
1611: ((eq action :action-kill) "kill")
1612: ((eq action :action-exit) "exit"))))
1613: ; Only proceed if action is not nil
1614: (when action
1615: ; Create the command string
1616: (let ((cmd (format "%s/create" action)))
1617: ; Call syd--stat with the command
1618: (syd--stat (syd--rule cmd glob ?+))))))
1619:
1620: (defun syd-create-del (action glob)
1621: "Removes the first matching entry from the end of the given actionlist
1622: of create sandboxing.
1623: ACTION is a constant representing the sandboxing action.
1624: GLOB is a string representing the glob pattern."
1625: (let ((action (cond
1626: ((eq action :action-allow) "allow")
1627: ((eq action :action-warn) "warn")
1628: ((eq action :action-filter) "filter")
1629: ((eq action :action-deny) "deny")
1630: ((eq action :action-panic) "panic")
1631: ((eq action :action-stop) "stop")
1632: ((eq action :action-abort) "abort")
1633: ((eq action :action-kill) "kill")
1634: ((eq action :action-exit) "exit"))))
1635: ; Only proceed if action is not nil
1636: (when action
1637: ; Create the command string
1638: (let ((cmd (format "%s/create" action)))
1639: ; Call syd--stat with the command
1640: (syd--stat (syd--rule cmd glob ?-))))))
1641:
1642: (defun syd-create-rem (action glob)
1643: "Removes all matching entries from the given actionlist of create sandboxing.
1644: ACTION is a constant representing the sandboxing action.
1645: GLOB is a string representing the glob pattern."
1646: (let ((action (cond
1647: ((eq action :action-allow) "allow")
1648: ((eq action :action-warn) "warn")
1649: ((eq action :action-filter) "filter")
1650: ((eq action :action-deny) "deny")
1651: ((eq action :action-panic) "panic")
1652: ((eq action :action-stop) "stop")
1653: ((eq action :action-abort) "abort")
1654: ((eq action :action-kill) "kill")
1655: ((eq action :action-exit) "exit"))))
1656: ; Only proceed if action is not nil
1657: (when action
1658: ; Create the command string
1659: (let ((cmd (format "%s/create" action)))
1660: ; Call syd--stat with the command
1661: (syd--stat (syd--rule cmd glob ?^))))))
1662:
1663: (defun syd-delete-add (action glob)
1664: "Adds to the given actionlist of delete sandboxing.
1665: ACTION is a constant representing the sandboxing action.
1666: GLOB is a string representing the glob pattern."
1667: (let ((action (cond
1668: ((eq action :action-allow) "allow")
1669: ((eq action :action-warn) "warn")
1670: ((eq action :action-filter) "filter")
1671: ((eq action :action-deny) "deny")
1672: ((eq action :action-panic) "panic")
1673: ((eq action :action-stop) "stop")
1674: ((eq action :action-abort) "abort")
1675: ((eq action :action-kill) "kill")
1676: ((eq action :action-exit) "exit"))))
1677: ; Only proceed if action is not nil
1678: (when action
1679: ; delete the command string
1680: (let ((cmd (format "%s/delete" action)))
1681: ; Call syd--stat with the command
1682: (syd--stat (syd--rule cmd glob ?+))))))
1683:
1684: (defun syd-delete-del (action glob)
1685: "Removes the first matching entry from the end of the given actionlist
1686: of delete sandboxing.
1687: ACTION is a constant representing the sandboxing action.
1688: GLOB is a string representing the glob pattern."
1689: (let ((action (cond
1690: ((eq action :action-allow) "allow")
1691: ((eq action :action-warn) "warn")
1692: ((eq action :action-filter) "filter")
1693: ((eq action :action-deny) "deny")
1694: ((eq action :action-panic) "panic")
1695: ((eq action :action-stop) "stop")
1696: ((eq action :action-abort) "abort")
1697: ((eq action :action-kill) "kill")
1698: ((eq action :action-exit) "exit"))))
1699: ; Only proceed if action is not nil
1700: (when action
1701: ; delete the command string
1702: (let ((cmd (format "%s/delete" action)))
1703: ; Call syd--stat with the command
1704: (syd--stat (syd--rule cmd glob ?-))))))
1705:
1706: (defun syd-delete-rem (action glob)
1707: "Removes all matching entries from the given actionlist of delete sandboxing.
1708: ACTION is a constant representing the sandboxing action.
1709: GLOB is a string representing the glob pattern."
1710: (let ((action (cond
1711: ((eq action :action-allow) "allow")
1712: ((eq action :action-warn) "warn")
1713: ((eq action :action-filter) "filter")
1714: ((eq action :action-deny) "deny")
1715: ((eq action :action-panic) "panic")
1716: ((eq action :action-stop) "stop")
1717: ((eq action :action-abort) "abort")
1718: ((eq action :action-kill) "kill")
1719: ((eq action :action-exit) "exit"))))
1720: ; Only proceed if action is not nil
1721: (when action
1722: ; delete the command string
1723: (let ((cmd (format "%s/delete" action)))
1724: ; Call syd--stat with the command
1725: (syd--stat (syd--rule cmd glob ?^))))))
1726:
1727: (defun syd-rename-add (action glob)
1728: "Adds to the given actionlist of rename sandboxing.
1729: ACTION is a constant representing the sandboxing action.
1730: GLOB is a string representing the glob pattern."
1731: (let ((action (cond
1732: ((eq action :action-allow) "allow")
1733: ((eq action :action-warn) "warn")
1734: ((eq action :action-filter) "filter")
1735: ((eq action :action-deny) "deny")
1736: ((eq action :action-panic) "panic")
1737: ((eq action :action-stop) "stop")
1738: ((eq action :action-abort) "abort")
1739: ((eq action :action-kill) "kill")
1740: ((eq action :action-exit) "exit"))))
1741: ; Only proceed if action is not nil
1742: (when action
1743: ; rename the command string
1744: (let ((cmd (format "%s/rename" action)))
1745: ; Call syd--stat with the command
1746: (syd--stat (syd--rule cmd glob ?+))))))
1747:
1748: (defun syd-rename-del (action glob)
1749: "Removes the first matching entry from the end of the given actionlist
1750: of rename sandboxing.
1751: ACTION is a constant representing the sandboxing action.
1752: GLOB is a string representing the glob pattern."
1753: (let ((action (cond
1754: ((eq action :action-allow) "allow")
1755: ((eq action :action-warn) "warn")
1756: ((eq action :action-filter) "filter")
1757: ((eq action :action-deny) "deny")
1758: ((eq action :action-panic) "panic")
1759: ((eq action :action-stop) "stop")
1760: ((eq action :action-abort) "abort")
1761: ((eq action :action-kill) "kill")
1762: ((eq action :action-exit) "exit"))))
1763: ; Only proceed if action is not nil
1764: (when action
1765: ; rename the command string
1766: (let ((cmd (format "%s/rename" action)))
1767: ; Call syd--stat with the command
1768: (syd--stat (syd--rule cmd glob ?-))))))
1769:
1770: (defun syd-rename-rem (action glob)
1771: "Removes all matching entries from the given actionlist of rename sandboxing.
1772: ACTION is a constant representing the sandboxing action.
1773: GLOB is a string representing the glob pattern."
1774: (let ((action (cond
1775: ((eq action :action-allow) "allow")
1776: ((eq action :action-warn) "warn")
1777: ((eq action :action-filter) "filter")
1778: ((eq action :action-deny) "deny")
1779: ((eq action :action-panic) "panic")
1780: ((eq action :action-stop) "stop")
1781: ((eq action :action-abort) "abort")
1782: ((eq action :action-kill) "kill")
1783: ((eq action :action-exit) "exit"))))
1784: ; Only proceed if action is not nil
1785: (when action
1786: ; rename the command string
1787: (let ((cmd (format "%s/rename" action)))
1788: ; Call syd--stat with the command
1789: (syd--stat (syd--rule cmd glob ?^))))))
1790:
1791: (defun syd-symlink-add (action glob)
1792: "Adds to the given actionlist of symlink sandboxing.
1793: ACTION is a constant representing the sandboxing action.
1794: GLOB is a string representing the glob pattern."
1795: (let ((action (cond
1796: ((eq action :action-allow) "allow")
1797: ((eq action :action-warn) "warn")
1798: ((eq action :action-filter) "filter")
1799: ((eq action :action-deny) "deny")
1800: ((eq action :action-panic) "panic")
1801: ((eq action :action-stop) "stop")
1802: ((eq action :action-abort) "abort")
1803: ((eq action :action-kill) "kill")
1804: ((eq action :action-exit) "exit"))))
1805: ; Only proceed if action is not nil
1806: (when action
1807: ; symlink the command string
1808: (let ((cmd (format "%s/symlink" action)))
1809: ; Call syd--stat with the command
1810: (syd--stat (syd--rule cmd glob ?+))))))
1811:
1812: (defun syd-symlink-del (action glob)
1813: "Removes the first matching entry from the end of the given actionlist
1814: of symlink sandboxing.
1815: ACTION is a constant representing the sandboxing action.
1816: GLOB is a string representing the glob pattern."
1817: (let ((action (cond
1818: ((eq action :action-allow) "allow")
1819: ((eq action :action-warn) "warn")
1820: ((eq action :action-filter) "filter")
1821: ((eq action :action-deny) "deny")
1822: ((eq action :action-panic) "panic")
1823: ((eq action :action-stop) "stop")
1824: ((eq action :action-abort) "abort")
1825: ((eq action :action-kill) "kill")
1826: ((eq action :action-exit) "exit"))))
1827: ; Only proceed if action is not nil
1828: (when action
1829: ; symlink the command string
1830: (let ((cmd (format "%s/symlink" action)))
1831: ; Call syd--stat with the command
1832: (syd--stat (syd--rule cmd glob ?-))))))
1833:
1834: (defun syd-symlink-rem (action glob)
1835: "Removes all matching entries from the given actionlist of symlink sandboxing.
1836: ACTION is a constant representing the sandboxing action.
1837: GLOB is a string representing the glob pattern."
1838: (let ((action (cond
1839: ((eq action :action-allow) "allow")
1840: ((eq action :action-warn) "warn")
1841: ((eq action :action-filter) "filter")
1842: ((eq action :action-deny) "deny")
1843: ((eq action :action-panic) "panic")
1844: ((eq action :action-stop) "stop")
1845: ((eq action :action-abort) "abort")
1846: ((eq action :action-kill) "kill")
1847: ((eq action :action-exit) "exit"))))
1848: ; Only proceed if action is not nil
1849: (when action
1850: ; symlink the command string
1851: (let ((cmd (format "%s/symlink" action)))
1852: ; Call syd--stat with the command
1853: (syd--stat (syd--rule cmd glob ?^))))))
1854:
1855: (defun syd-truncate-add (action glob)
1856: "Adds to the given actionlist of truncate sandboxing.
1857: ACTION is a constant representing the sandboxing action.
1858: GLOB is a string representing the glob pattern."
1859: (let ((action (cond
1860: ((eq action :action-allow) "allow")
1861: ((eq action :action-warn) "warn")
1862: ((eq action :action-filter) "filter")
1863: ((eq action :action-deny) "deny")
1864: ((eq action :action-panic) "panic")
1865: ((eq action :action-stop) "stop")
1866: ((eq action :action-abort) "abort")
1867: ((eq action :action-kill) "kill")
1868: ((eq action :action-exit) "exit"))))
1869: ; Only proceed if action is not nil
1870: (when action
1871: ; truncate the command string
1872: (let ((cmd (format "%s/truncate" action)))
1873: ; Call syd--stat with the command
1874: (syd--stat (syd--rule cmd glob ?+))))))
1875:
1876: (defun syd-truncate-del (action glob)
1877: "Removes the first matching entry from the end of the given actionlist
1878: of truncate sandboxing.
1879: ACTION is a constant representing the sandboxing action.
1880: GLOB is a string representing the glob pattern."
1881: (let ((action (cond
1882: ((eq action :action-allow) "allow")
1883: ((eq action :action-warn) "warn")
1884: ((eq action :action-filter) "filter")
1885: ((eq action :action-deny) "deny")
1886: ((eq action :action-panic) "panic")
1887: ((eq action :action-stop) "stop")
1888: ((eq action :action-abort) "abort")
1889: ((eq action :action-kill) "kill")
1890: ((eq action :action-exit) "exit"))))
1891: ; Only proceed if action is not nil
1892: (when action
1893: ; truncate the command string
1894: (let ((cmd (format "%s/truncate" action)))
1895: ; Call syd--stat with the command
1896: (syd--stat (syd--rule cmd glob ?-))))))
1897:
1898: (defun syd-truncate-rem (action glob)
1899: "Removes all matching entries from the given actionlist of truncate sandboxing.
1900: ACTION is a constant representing the sandboxing action.
1901: GLOB is a string representing the glob pattern."
1902: (let ((action (cond
1903: ((eq action :action-allow) "allow")
1904: ((eq action :action-warn) "warn")
1905: ((eq action :action-filter) "filter")
1906: ((eq action :action-deny) "deny")
1907: ((eq action :action-panic) "panic")
1908: ((eq action :action-stop) "stop")
1909: ((eq action :action-abort) "abort")
1910: ((eq action :action-kill) "kill")
1911: ((eq action :action-exit) "exit"))))
1912: ; Only proceed if action is not nil
1913: (when action
1914: ; truncate the command string
1915: (let ((cmd (format "%s/truncate" action)))
1916: ; Call syd--stat with the command
1917: (syd--stat (syd--rule cmd glob ?^))))))
1918:
1919: (defun syd-chdir-add (action glob)
1920: "Adds to the given actionlist of chdir sandboxing.
1921: ACTION is a constant representing the sandboxing action.
1922: GLOB is a string representing the glob pattern."
1923: (let ((action (cond
1924: ((eq action :action-allow) "allow")
1925: ((eq action :action-warn) "warn")
1926: ((eq action :action-filter) "filter")
1927: ((eq action :action-deny) "deny")
1928: ((eq action :action-panic) "panic")
1929: ((eq action :action-stop) "stop")
1930: ((eq action :action-abort) "abort")
1931: ((eq action :action-kill) "kill")
1932: ((eq action :action-exit) "exit"))))
1933: ; Only proceed if action is not nil
1934: (when action
1935: ; chdir the command string
1936: (let ((cmd (format "%s/chdir" action)))
1937: ; Call syd--stat with the command
1938: (syd--stat (syd--rule cmd glob ?+))))))
1939:
1940: (defun syd-chdir-del (action glob)
1941: "Removes the first matching entry from the end of the given actionlist
1942: of chdir sandboxing.
1943: ACTION is a constant representing the sandboxing action.
1944: GLOB is a string representing the glob pattern."
1945: (let ((action (cond
1946: ((eq action :action-allow) "allow")
1947: ((eq action :action-warn) "warn")
1948: ((eq action :action-filter) "filter")
1949: ((eq action :action-deny) "deny")
1950: ((eq action :action-panic) "panic")
1951: ((eq action :action-stop) "stop")
1952: ((eq action :action-abort) "abort")
1953: ((eq action :action-kill) "kill")
1954: ((eq action :action-exit) "exit"))))
1955: ; Only proceed if action is not nil
1956: (when action
1957: ; chdir the command string
1958: (let ((cmd (format "%s/chdir" action)))
1959: ; Call syd--stat with the command
1960: (syd--stat (syd--rule cmd glob ?-))))))
1961:
1962: (defun syd-chdir-rem (action glob)
1963: "Removes all matching entries from the given actionlist of chdir sandboxing.
1964: ACTION is a constant representing the sandboxing action.
1965: GLOB is a string representing the glob pattern."
1966: (let ((action (cond
1967: ((eq action :action-allow) "allow")
1968: ((eq action :action-warn) "warn")
1969: ((eq action :action-filter) "filter")
1970: ((eq action :action-deny) "deny")
1971: ((eq action :action-panic) "panic")
1972: ((eq action :action-stop) "stop")
1973: ((eq action :action-abort) "abort")
1974: ((eq action :action-kill) "kill")
1975: ((eq action :action-exit) "exit"))))
1976: ; Only proceed if action is not nil
1977: (when action
1978: ; chdir the command string
1979: (let ((cmd (format "%s/chdir" action)))
1980: ; Call syd--stat with the command
1981: (syd--stat (syd--rule cmd glob ?^))))))
1982:
1983: (defun syd-readdir-add (action glob)
1984: "Adds to the given actionlist of readdir sandboxing.
1985: ACTION is a constant representing the sandboxing action.
1986: GLOB is a string representing the glob pattern."
1987: (let ((action (cond
1988: ((eq action :action-allow) "allow")
1989: ((eq action :action-warn) "warn")
1990: ((eq action :action-filter) "filter")
1991: ((eq action :action-deny) "deny")
1992: ((eq action :action-panic) "panic")
1993: ((eq action :action-stop) "stop")
1994: ((eq action :action-abort) "abort")
1995: ((eq action :action-kill) "kill")
1996: ((eq action :action-exit) "exit"))))
1997: ; Only proceed if action is not nil
1998: (when action
1999: ; readdir the command string
2000: (let ((cmd (format "%s/readdir" action)))
2001: ; Call syd--stat with the command
2002: (syd--stat (syd--rule cmd glob ?+))))))
2003:
2004: (defun syd-readdir-del (action glob)
2005: "Removes the first matching entry from the end of the given actionlist
2006: of readdir sandboxing.
2007: ACTION is a constant representing the sandboxing action.
2008: GLOB is a string representing the glob pattern."
2009: (let ((action (cond
2010: ((eq action :action-allow) "allow")
2011: ((eq action :action-warn) "warn")
2012: ((eq action :action-filter) "filter")
2013: ((eq action :action-deny) "deny")
2014: ((eq action :action-panic) "panic")
2015: ((eq action :action-stop) "stop")
2016: ((eq action :action-abort) "abort")
2017: ((eq action :action-kill) "kill")
2018: ((eq action :action-exit) "exit"))))
2019: ; Only proceed if action is not nil
2020: (when action
2021: ; readdir the command string
2022: (let ((cmd (format "%s/readdir" action)))
2023: ; Call syd--stat with the command
2024: (syd--stat (syd--rule cmd glob ?-))))))
2025:
2026: (defun syd-readdir-rem (action glob)
2027: "Removes all matching entries from the given actionlist of readdir sandboxing.
2028: ACTION is a constant representing the sandboxing action.
2029: GLOB is a string representing the glob pattern."
2030: (let ((action (cond
2031: ((eq action :action-allow) "allow")
2032: ((eq action :action-warn) "warn")
2033: ((eq action :action-filter) "filter")
2034: ((eq action :action-deny) "deny")
2035: ((eq action :action-panic) "panic")
2036: ((eq action :action-stop) "stop")
2037: ((eq action :action-abort) "abort")
2038: ((eq action :action-kill) "kill")
2039: ((eq action :action-exit) "exit"))))
2040: ; Only proceed if action is not nil
2041: (when action
2042: ; readdir the command string
2043: (let ((cmd (format "%s/readdir" action)))
2044: ; Call syd--stat with the command
2045: (syd--stat (syd--rule cmd glob ?^))))))
2046:
2047: (defun syd-readdir-add (action glob)
2048: "Adds to the given actionlist of readdir sandboxing.
2049: ACTION is a constant representing the sandboxing action.
2050: GLOB is a string representing the glob pattern."
2051: (let ((action (cond
2052: ((eq action :action-allow) "allow")
2053: ((eq action :action-warn) "warn")
2054: ((eq action :action-filter) "filter")
2055: ((eq action :action-deny) "deny")
2056: ((eq action :action-panic) "panic")
2057: ((eq action :action-stop) "stop")
2058: ((eq action :action-abort) "abort")
2059: ((eq action :action-kill) "kill")
2060: ((eq action :action-exit) "exit"))))
2061: ; Only proceed if action is not nil
2062: (when action
2063: ; readdir the command string
2064: (let ((cmd (format "%s/readdir" action)))
2065: ; Call syd--stat with the command
2066: (syd--stat (syd--rule cmd glob ?+))))))
2067:
2068: (defun syd-readdir-del (action glob)
2069: "Removes the first matching entry from the end of the given actionlist
2070: of readdir sandboxing.
2071: ACTION is a constant representing the sandboxing action.
2072: GLOB is a string representing the glob pattern."
2073: (let ((action (cond
2074: ((eq action :action-allow) "allow")
2075: ((eq action :action-warn) "warn")
2076: ((eq action :action-filter) "filter")
2077: ((eq action :action-deny) "deny")
2078: ((eq action :action-panic) "panic")
2079: ((eq action :action-stop) "stop")
2080: ((eq action :action-abort) "abort")
2081: ((eq action :action-kill) "kill")
2082: ((eq action :action-exit) "exit"))))
2083: ; Only proceed if action is not nil
2084: (when action
2085: ; readdir the command string
2086: (let ((cmd (format "%s/readdir" action)))
2087: ; Call syd--stat with the command
2088: (syd--stat (syd--rule cmd glob ?-))))))
2089:
2090: (defun syd-readdir-rem (action glob)
2091: "Removes all matching entries from the given actionlist of readdir sandboxing.
2092: ACTION is a constant representing the sandboxing action.
2093: GLOB is a string representing the glob pattern."
2094: (let ((action (cond
2095: ((eq action :action-allow) "allow")
2096: ((eq action :action-warn) "warn")
2097: ((eq action :action-filter) "filter")
2098: ((eq action :action-deny) "deny")
2099: ((eq action :action-panic) "panic")
2100: ((eq action :action-stop) "stop")
2101: ((eq action :action-abort) "abort")
2102: ((eq action :action-kill) "kill")
2103: ((eq action :action-exit) "exit"))))
2104: ; Only proceed if action is not nil
2105: (when action
2106: ; readdir the command string
2107: (let ((cmd (format "%s/readdir" action)))
2108: ; Call syd--stat with the command
2109: (syd--stat (syd--rule cmd glob ?^))))))
2110:
2111: (defun syd-mkdir-add (action glob)
2112: "Adds to the given actionlist of mkdir sandboxing.
2113: ACTION is a constant representing the sandboxing action.
2114: GLOB is a string representing the glob pattern."
2115: (let ((action (cond
2116: ((eq action :action-allow) "allow")
2117: ((eq action :action-warn) "warn")
2118: ((eq action :action-filter) "filter")
2119: ((eq action :action-deny) "deny")
2120: ((eq action :action-panic) "panic")
2121: ((eq action :action-stop) "stop")
2122: ((eq action :action-abort) "abort")
2123: ((eq action :action-kill) "kill")
2124: ((eq action :action-exit) "exit"))))
2125: ; Only proceed if action is not nil
2126: (when action
2127: ; mkdir the command string
2128: (let ((cmd (format "%s/mkdir" action)))
2129: ; Call syd--stat with the command
2130: (syd--stat (syd--rule cmd glob ?+))))))
2131:
2132: (defun syd-mkdir-del (action glob)
2133: "Removes the first matching entry from the end of the given actionlist
2134: of mkdir sandboxing.
2135: ACTION is a constant representing the sandboxing action.
2136: GLOB is a string representing the glob pattern."
2137: (let ((action (cond
2138: ((eq action :action-allow) "allow")
2139: ((eq action :action-warn) "warn")
2140: ((eq action :action-filter) "filter")
2141: ((eq action :action-deny) "deny")
2142: ((eq action :action-panic) "panic")
2143: ((eq action :action-stop) "stop")
2144: ((eq action :action-abort) "abort")
2145: ((eq action :action-kill) "kill")
2146: ((eq action :action-exit) "exit"))))
2147: ; Only proceed if action is not nil
2148: (when action
2149: ; mkdir the command string
2150: (let ((cmd (format "%s/mkdir" action)))
2151: ; Call syd--stat with the command
2152: (syd--stat (syd--rule cmd glob ?-))))))
2153:
2154: (defun syd-mkdir-rem (action glob)
2155: "Removes all matching entries from the given actionlist of mkdir sandboxing.
2156: ACTION is a constant representing the sandboxing action.
2157: GLOB is a string representing the glob pattern."
2158: (let ((action (cond
2159: ((eq action :action-allow) "allow")
2160: ((eq action :action-warn) "warn")
2161: ((eq action :action-filter) "filter")
2162: ((eq action :action-deny) "deny")
2163: ((eq action :action-panic) "panic")
2164: ((eq action :action-stop) "stop")
2165: ((eq action :action-abort) "abort")
2166: ((eq action :action-kill) "kill")
2167: ((eq action :action-exit) "exit"))))
2168: ; Only proceed if action is not nil
2169: (when action
2170: ; mkdir the command string
2171: (let ((cmd (format "%s/mkdir" action)))
2172: ; Call syd--stat with the command
2173: (syd--stat (syd--rule cmd glob ?^))))))
2174:
2175: (defun syd-rmdir-add (action glob)
2176: "Adds to the given actionlist of rmdir sandboxing.
2177: ACTION is a constant representing the sandboxing action.
2178: GLOB is a string representing the glob pattern."
2179: (let ((action (cond
2180: ((eq action :action-allow) "allow")
2181: ((eq action :action-warn) "warn")
2182: ((eq action :action-filter) "filter")
2183: ((eq action :action-deny) "deny")
2184: ((eq action :action-panic) "panic")
2185: ((eq action :action-stop) "stop")
2186: ((eq action :action-abort) "abort")
2187: ((eq action :action-kill) "kill")
2188: ((eq action :action-exit) "exit"))))
2189: ; Only proceed if action is not nil
2190: (when action
2191: ; rmdir the command string
2192: (let ((cmd (format "%s/rmdir" action)))
2193: ; Call syd--stat with the command
2194: (syd--stat (syd--rule cmd glob ?+))))))
2195:
2196: (defun syd-rmdir-del (action glob)
2197: "Removes the first matching entry from the end of the given actionlist
2198: of rmdir sandboxing.
2199: ACTION is a constant representing the sandboxing action.
2200: GLOB is a string representing the glob pattern."
2201: (let ((action (cond
2202: ((eq action :action-allow) "allow")
2203: ((eq action :action-warn) "warn")
2204: ((eq action :action-filter) "filter")
2205: ((eq action :action-deny) "deny")
2206: ((eq action :action-panic) "panic")
2207: ((eq action :action-stop) "stop")
2208: ((eq action :action-abort) "abort")
2209: ((eq action :action-kill) "kill")
2210: ((eq action :action-exit) "exit"))))
2211: ; Only proceed if action is not nil
2212: (when action
2213: ; rmdir the command string
2214: (let ((cmd (format "%s/rmdir" action)))
2215: ; Call syd--stat with the command
2216: (syd--stat (syd--rule cmd glob ?-))))))
2217:
2218: (defun syd-rmdir-rem (action glob)
2219: "Removes all matching entries from the given actionlist of rmdir sandboxing.
2220: ACTION is a constant representing the sandboxing action.
2221: GLOB is a string representing the glob pattern."
2222: (let ((action (cond
2223: ((eq action :action-allow) "allow")
2224: ((eq action :action-warn) "warn")
2225: ((eq action :action-filter) "filter")
2226: ((eq action :action-deny) "deny")
2227: ((eq action :action-panic) "panic")
2228: ((eq action :action-stop) "stop")
2229: ((eq action :action-abort) "abort")
2230: ((eq action :action-kill) "kill")
2231: ((eq action :action-exit) "exit"))))
2232: ; Only proceed if action is not nil
2233: (when action
2234: ; rmdir the command string
2235: (let ((cmd (format "%s/rmdir" action)))
2236: ; Call syd--stat with the command
2237: (syd--stat (syd--rule cmd glob ?^))))))
2238:
2239: (defun syd-chown-add (action glob)
2240: "Adds to the given actionlist of chown sandboxing.
2241: ACTION is a constant representing the sandboxing action.
2242: GLOB is a string representing the glob pattern."
2243: (let ((action (cond
2244: ((eq action :action-allow) "allow")
2245: ((eq action :action-warn) "warn")
2246: ((eq action :action-filter) "filter")
2247: ((eq action :action-deny) "deny")
2248: ((eq action :action-panic) "panic")
2249: ((eq action :action-stop) "stop")
2250: ((eq action :action-abort) "abort")
2251: ((eq action :action-kill) "kill")
2252: ((eq action :action-exit) "exit"))))
2253: ; Only proceed if action is not nil
2254: (when action
2255: ; Create the command string
2256: (let ((cmd (format "%s/chown" action)))
2257: ; Call syd--stat with the command
2258: (syd--stat (syd--rule cmd glob ?+))))))
2259:
2260: (defun syd-chown-del (action glob)
2261: "Removes the first matching entry from the end of the given actionlist
2262: of chown sandboxing.
2263: ACTION is a constant representing the sandboxing action.
2264: GLOB is a string representing the glob pattern."
2265: (let ((action (cond
2266: ((eq action :action-allow) "allow")
2267: ((eq action :action-warn) "warn")
2268: ((eq action :action-filter) "filter")
2269: ((eq action :action-deny) "deny")
2270: ((eq action :action-panic) "panic")
2271: ((eq action :action-stop) "stop")
2272: ((eq action :action-abort) "abort")
2273: ((eq action :action-kill) "kill")
2274: ((eq action :action-exit) "exit"))))
2275: ; Only proceed if action is not nil
2276: (when action
2277: ; Create the command string
2278: (let ((cmd (format "%s/chown" action)))
2279: ; Call syd--stat with the command
2280: (syd--stat (syd--rule cmd glob ?-))))))
2281:
2282: (defun syd-chown-rem (action glob)
2283: "Removes all matching entries from the given actionlist of chown sandboxing.
2284: ACTION is a constant representing the sandboxing action.
2285: GLOB is a string representing the glob pattern."
2286: (let ((action (cond
2287: ((eq action :action-allow) "allow")
2288: ((eq action :action-warn) "warn")
2289: ((eq action :action-filter) "filter")
2290: ((eq action :action-deny) "deny")
2291: ((eq action :action-panic) "panic")
2292: ((eq action :action-stop) "stop")
2293: ((eq action :action-abort) "abort")
2294: ((eq action :action-kill) "kill")
2295: ((eq action :action-exit) "exit"))))
2296: ; Only proceed if action is not nil
2297: (when action
2298: ; Create the command string
2299: (let ((cmd (format "%s/chown" action)))
2300: ; Call syd--stat with the command
2301: (syd--stat (syd--rule cmd glob ?^))))))
2302:
2303: (defun syd-chgrp-add (action glob)
2304: "Adds to the given actionlist of chgrp sandboxing.
2305: ACTION is a constant representing the sandboxing action.
2306: GLOB is a string representing the glob pattern."
2307: (let ((action (cond
2308: ((eq action :action-allow) "allow")
2309: ((eq action :action-warn) "warn")
2310: ((eq action :action-filter) "filter")
2311: ((eq action :action-deny) "deny")
2312: ((eq action :action-panic) "panic")
2313: ((eq action :action-stop) "stop")
2314: ((eq action :action-abort) "abort")
2315: ((eq action :action-kill) "kill")
2316: ((eq action :action-exit) "exit"))))
2317: ; Only proceed if action is not nil
2318: (when action
2319: ; Create the command string
2320: (let ((cmd (format "%s/chgrp" action)))
2321: ; Call syd--stat with the command
2322: (syd--stat (syd--rule cmd glob ?+))))))
2323:
2324: (defun syd-chgrp-del (action glob)
2325: "Removes the first matching entry from the end of the given actionlist
2326: of chgrp sandboxing.
2327: ACTION is a constant representing the sandboxing action.
2328: GLOB is a string representing the glob pattern."
2329: (let ((action (cond
2330: ((eq action :action-allow) "allow")
2331: ((eq action :action-warn) "warn")
2332: ((eq action :action-filter) "filter")
2333: ((eq action :action-deny) "deny")
2334: ((eq action :action-panic) "panic")
2335: ((eq action :action-stop) "stop")
2336: ((eq action :action-abort) "abort")
2337: ((eq action :action-kill) "kill")
2338: ((eq action :action-exit) "exit"))))
2339: ; Only proceed if action is not nil
2340: (when action
2341: ; Create the command string
2342: (let ((cmd (format "%s/chgrp" action)))
2343: ; Call syd--stat with the command
2344: (syd--stat (syd--rule cmd glob ?-))))))
2345:
2346: (defun syd-chgrp-rem (action glob)
2347: "Removes all matching entries from the given actionlist of chgrp sandboxing.
2348: ACTION is a constant representing the sandboxing action.
2349: GLOB is a string representing the glob pattern."
2350: (let ((action (cond
2351: ((eq action :action-allow) "allow")
2352: ((eq action :action-warn) "warn")
2353: ((eq action :action-filter) "filter")
2354: ((eq action :action-deny) "deny")
2355: ((eq action :action-panic) "panic")
2356: ((eq action :action-stop) "stop")
2357: ((eq action :action-abort) "abort")
2358: ((eq action :action-kill) "kill")
2359: ((eq action :action-exit) "exit"))))
2360: ; Only proceed if action is not nil
2361: (when action
2362: ; Create the command string
2363: (let ((cmd (format "%s/chgrp" action)))
2364: ; Call syd--stat with the command
2365: (syd--stat (syd--rule cmd glob ?^))))))
2366:
2367: (defun syd-chmod-add (action glob)
2368: "Adds to the given actionlist of chmod sandboxing.
2369: ACTION is a constant representing the sandboxing action.
2370: GLOB is a string representing the glob pattern."
2371: (let ((action (cond
2372: ((eq action :action-allow) "allow")
2373: ((eq action :action-warn) "warn")
2374: ((eq action :action-filter) "filter")
2375: ((eq action :action-deny) "deny")
2376: ((eq action :action-panic) "panic")
2377: ((eq action :action-stop) "stop")
2378: ((eq action :action-abort) "abort")
2379: ((eq action :action-kill) "kill")
2380: ((eq action :action-exit) "exit"))))
2381: ; Only proceed if action is not nil
2382: (when action
2383: ; Create the command string
2384: (let ((cmd (format "%s/chmod" action)))
2385: ; Call syd--stat with the command
2386: (syd--stat (syd--rule cmd glob ?+))))))
2387:
2388: (defun syd-chmod-del (action glob)
2389: "Removes the first matching entry from the end of the given actionlist
2390: of chmod sandboxing.
2391: ACTION is a constant representing the sandboxing action.
2392: GLOB is a string representing the glob pattern."
2393: (let ((action (cond
2394: ((eq action :action-allow) "allow")
2395: ((eq action :action-warn) "warn")
2396: ((eq action :action-filter) "filter")
2397: ((eq action :action-deny) "deny")
2398: ((eq action :action-panic) "panic")
2399: ((eq action :action-stop) "stop")
2400: ((eq action :action-abort) "abort")
2401: ((eq action :action-kill) "kill")
2402: ((eq action :action-exit) "exit"))))
2403: ; Only proceed if action is not nil
2404: (when action
2405: ; Create the command string
2406: (let ((cmd (format "%s/chmod" action)))
2407: ; Call syd--stat with the command
2408: (syd--stat (syd--rule cmd glob ?-))))))
2409:
2410: (defun syd-chmod-rem (action glob)
2411: "Removes all matching entries from the given actionlist of chmod sandboxing.
2412: ACTION is a constant representing the sandboxing action.
2413: GLOB is a string representing the glob pattern."
2414: (let ((action (cond
2415: ((eq action :action-allow) "allow")
2416: ((eq action :action-warn) "warn")
2417: ((eq action :action-filter) "filter")
2418: ((eq action :action-deny) "deny")
2419: ((eq action :action-panic) "panic")
2420: ((eq action :action-stop) "stop")
2421: ((eq action :action-abort) "abort")
2422: ((eq action :action-kill) "kill")
2423: ((eq action :action-exit) "exit"))))
2424: ; Only proceed if action is not nil
2425: (when action
2426: ; Create the command string
2427: (let ((cmd (format "%s/chmod" action)))
2428: ; Call syd--stat with the command
2429: (syd--stat (syd--rule cmd glob ?^))))))
2430:
2431: (defun syd-chattr-add (action glob)
2432: "Adds to the given actionlist of chattr sandboxing.
2433: ACTION is a constant representing the sandboxing action.
2434: GLOB is a string representing the glob pattern."
2435: (let ((action (cond
2436: ((eq action :action-allow) "allow")
2437: ((eq action :action-warn) "warn")
2438: ((eq action :action-filter) "filter")
2439: ((eq action :action-deny) "deny")
2440: ((eq action :action-panic) "panic")
2441: ((eq action :action-stop) "stop")
2442: ((eq action :action-abort) "abort")
2443: ((eq action :action-kill) "kill")
2444: ((eq action :action-exit) "exit"))))
2445: ; Only proceed if action is not nil
2446: (when action
2447: ; Create the command string
2448: (let ((cmd (format "%s/chattr" action)))
2449: ; Call syd--stat with the command
2450: (syd--stat (syd--rule cmd glob ?+))))))
2451:
2452: (defun syd-chattr-del (action glob)
2453: "Removes the first matching entry from the end of the given actionlist
2454: of chattr sandboxing.
2455: ACTION is a constant representing the sandboxing action.
2456: GLOB is a string representing the glob pattern."
2457: (let ((action (cond
2458: ((eq action :action-allow) "allow")
2459: ((eq action :action-warn) "warn")
2460: ((eq action :action-filter) "filter")
2461: ((eq action :action-deny) "deny")
2462: ((eq action :action-panic) "panic")
2463: ((eq action :action-stop) "stop")
2464: ((eq action :action-abort) "abort")
2465: ((eq action :action-kill) "kill")
2466: ((eq action :action-exit) "exit"))))
2467: ; Only proceed if action is not nil
2468: (when action
2469: ; Create the command string
2470: (let ((cmd (format "%s/chattr" action)))
2471: ; Call syd--stat with the command
2472: (syd--stat (syd--rule cmd glob ?-))))))
2473:
2474: (defun syd-chattr-rem (action glob)
2475: "Removes all matching entries from the given actionlist of chattr sandboxing.
2476: ACTION is a constant representing the sandboxing action.
2477: GLOB is a string representing the glob pattern."
2478: (let ((action (cond
2479: ((eq action :action-allow) "allow")
2480: ((eq action :action-warn) "warn")
2481: ((eq action :action-filter) "filter")
2482: ((eq action :action-deny) "deny")
2483: ((eq action :action-panic) "panic")
2484: ((eq action :action-stop) "stop")
2485: ((eq action :action-abort) "abort")
2486: ((eq action :action-kill) "kill")
2487: ((eq action :action-exit) "exit"))))
2488: ; Only proceed if action is not nil
2489: (when action
2490: ; Create the command string
2491: (let ((cmd (format "%s/chattr" action)))
2492: ; Call syd--stat with the command
2493: (syd--stat (syd--rule cmd glob ?^))))))
2494:
2495: (defun syd-chroot-add (action glob)
2496: "Adds to the given actionlist of chroot sandboxing.
2497: ACTION is a constant representing the sandboxing action.
2498: GLOB is a string representing the glob pattern."
2499: (let ((action (cond
2500: ((eq action :action-allow) "allow")
2501: ((eq action :action-warn) "warn")
2502: ((eq action :action-filter) "filter")
2503: ((eq action :action-deny) "deny")
2504: ((eq action :action-panic) "panic")
2505: ((eq action :action-stop) "stop")
2506: ((eq action :action-abort) "abort")
2507: ((eq action :action-kill) "kill")
2508: ((eq action :action-exit) "exit"))))
2509: ; Only proceed if action is not nil
2510: (when action
2511: ; Create the command string
2512: (let ((cmd (format "%s/chroot" action)))
2513: ; Call syd--stat with the command
2514: (syd--stat (syd--rule cmd glob ?+))))))
2515:
2516: (defun syd-chroot-del (action glob)
2517: "Removes the first matching entry from the end of the given actionlist
2518: of chroot sandboxing.
2519: ACTION is a constant representing the sandboxing action.
2520: GLOB is a string representing the glob pattern."
2521: (let ((action (cond
2522: ((eq action :action-allow) "allow")
2523: ((eq action :action-warn) "warn")
2524: ((eq action :action-filter) "filter")
2525: ((eq action :action-deny) "deny")
2526: ((eq action :action-panic) "panic")
2527: ((eq action :action-stop) "stop")
2528: ((eq action :action-abort) "abort")
2529: ((eq action :action-kill) "kill")
2530: ((eq action :action-exit) "exit"))))
2531: ; Only proceed if action is not nil
2532: (when action
2533: ; Create the command string
2534: (let ((cmd (format "%s/chroot" action)))
2535: ; Call syd--stat with the command
2536: (syd--stat (syd--rule cmd glob ?-))))))
2537:
2538: (defun syd-chroot-rem (action glob)
2539: "Removes all matching entries from the given actionlist of chroot sandboxing.
2540: ACTION is a constant representing the sandboxing action.
2541: GLOB is a string representing the glob pattern."
2542: (let ((action (cond
2543: ((eq action :action-allow) "allow")
2544: ((eq action :action-warn) "warn")
2545: ((eq action :action-filter) "filter")
2546: ((eq action :action-deny) "deny")
2547: ((eq action :action-panic) "panic")
2548: ((eq action :action-stop) "stop")
2549: ((eq action :action-abort) "abort")
2550: ((eq action :action-kill) "kill")
2551: ((eq action :action-exit) "exit"))))
2552: ; Only proceed if action is not nil
2553: (when action
2554: ; Create the command string
2555: (let ((cmd (format "%s/chroot" action)))
2556: ; Call syd--stat with the command
2557: (syd--stat (syd--rule cmd glob ?^))))))
2558:
2559: (defun syd-notify-add (action glob)
2560: "Adds to the given actionlist of notify sandboxing.
2561: ACTION is a constant representing the sandboxing action.
2562: GLOB is a string representing the glob pattern."
2563: (let ((action (cond
2564: ((eq action :action-allow) "allow")
2565: ((eq action :action-warn) "warn")
2566: ((eq action :action-filter) "filter")
2567: ((eq action :action-deny) "deny")
2568: ((eq action :action-panic) "panic")
2569: ((eq action :action-stop) "stop")
2570: ((eq action :action-abort) "abort")
2571: ((eq action :action-kill) "kill")
2572: ((eq action :action-exit) "exit"))))
2573: ; Only proceed if action is not nil
2574: (when action
2575: ; Create the command string
2576: (let ((cmd (format "%s/notify" action)))
2577: ; Call syd--stat with the command
2578: (syd--stat (syd--rule cmd glob ?+))))))
2579:
2580: (defun syd-notify-del (action glob)
2581: "Removes the first matching entry from the end of the given actionlist
2582: of notify sandboxing.
2583: ACTION is a constant representing the sandboxing action.
2584: GLOB is a string representing the glob pattern."
2585: (let ((action (cond
2586: ((eq action :action-allow) "allow")
2587: ((eq action :action-warn) "warn")
2588: ((eq action :action-filter) "filter")
2589: ((eq action :action-deny) "deny")
2590: ((eq action :action-panic) "panic")
2591: ((eq action :action-stop) "stop")
2592: ((eq action :action-abort) "abort")
2593: ((eq action :action-kill) "kill")
2594: ((eq action :action-exit) "exit"))))
2595: ; Only proceed if action is not nil
2596: (when action
2597: ; Create the command string
2598: (let ((cmd (format "%s/notify" action)))
2599: ; Call syd--stat with the command
2600: (syd--stat (syd--rule cmd glob ?-))))))
2601:
2602: (defun syd-notify-rem (action glob)
2603: "Removes all matching entries from the given actionlist of notify sandboxing.
2604: ACTION is a constant representing the sandboxing action.
2605: GLOB is a string representing the glob pattern."
2606: (let ((action (cond
2607: ((eq action :action-allow) "allow")
2608: ((eq action :action-warn) "warn")
2609: ((eq action :action-filter) "filter")
2610: ((eq action :action-deny) "deny")
2611: ((eq action :action-panic) "panic")
2612: ((eq action :action-stop) "stop")
2613: ((eq action :action-abort) "abort")
2614: ((eq action :action-kill) "kill")
2615: ((eq action :action-exit) "exit"))))
2616: ; Only proceed if action is not nil
2617: (when action
2618: ; Create the command string
2619: (let ((cmd (format "%s/notify" action)))
2620: ; Call syd--stat with the command
2621: (syd--stat (syd--rule cmd glob ?^))))))
2622:
2623: (defun syd-utime-add (action glob)
2624: "Adds to the given actionlist of utime sandboxing.
2625: ACTION is a constant representing the sandboxing action.
2626: GLOB is a string representing the glob pattern."
2627: (let ((action (cond
2628: ((eq action :action-allow) "allow")
2629: ((eq action :action-warn) "warn")
2630: ((eq action :action-filter) "filter")
2631: ((eq action :action-deny) "deny")
2632: ((eq action :action-panic) "panic")
2633: ((eq action :action-stop) "stop")
2634: ((eq action :action-abort) "abort")
2635: ((eq action :action-kill) "kill")
2636: ((eq action :action-exit) "exit"))))
2637: ; Only proceed if action is not nil
2638: (when action
2639: ; Create the command string
2640: (let ((cmd (format "%s/utime" action)))
2641: ; Call syd--stat with the command
2642: (syd--stat (syd--rule cmd glob ?+))))))
2643:
2644: (defun syd-utime-del (action glob)
2645: "Removes the first matching entry from the end of the given actionlist
2646: of utime sandboxing.
2647: ACTION is a constant representing the sandboxing action.
2648: GLOB is a string representing the glob pattern."
2649: (let ((action (cond
2650: ((eq action :action-allow) "allow")
2651: ((eq action :action-warn) "warn")
2652: ((eq action :action-filter) "filter")
2653: ((eq action :action-deny) "deny")
2654: ((eq action :action-panic) "panic")
2655: ((eq action :action-stop) "stop")
2656: ((eq action :action-abort) "abort")
2657: ((eq action :action-kill) "kill")
2658: ((eq action :action-exit) "exit"))))
2659: ; Only proceed if action is not nil
2660: (when action
2661: ; Create the command string
2662: (let ((cmd (format "%s/utime" action)))
2663: ; Call syd--stat with the command
2664: (syd--stat (syd--rule cmd glob ?-))))))
2665:
2666: (defun syd-utime-rem (action glob)
2667: "Removes all matching entries from the given actionlist of utime sandboxing.
2668: ACTION is a constant representing the sandboxing action.
2669: GLOB is a string representing the glob pattern."
2670: (let ((action (cond
2671: ((eq action :action-allow) "allow")
2672: ((eq action :action-warn) "warn")
2673: ((eq action :action-filter) "filter")
2674: ((eq action :action-deny) "deny")
2675: ((eq action :action-panic) "panic")
2676: ((eq action :action-stop) "stop")
2677: ((eq action :action-abort) "abort")
2678: ((eq action :action-kill) "kill")
2679: ((eq action :action-exit) "exit"))))
2680: ; Only proceed if action is not nil
2681: (when action
2682: ; Create the command string
2683: (let ((cmd (format "%s/utime" action)))
2684: ; Call syd--stat with the command
2685: (syd--stat (syd--rule cmd glob ?^))))))
2686:
2687: (defun syd-mkbdev-add (action glob)
2688: "Adds to the given actionlist of mkbdev sandboxing.
2689: ACTION is a constant representing the sandboxing action.
2690: GLOB is a string representing the glob pattern."
2691: (let ((action (cond
2692: ((eq action :action-allow) "allow")
2693: ((eq action :action-warn) "warn")
2694: ((eq action :action-filter) "filter")
2695: ((eq action :action-deny) "deny")
2696: ((eq action :action-panic) "panic")
2697: ((eq action :action-stop) "stop")
2698: ((eq action :action-abort) "abort")
2699: ((eq action :action-kill) "kill")
2700: ((eq action :action-exit) "exit"))))
2701: ; Only proceed if action is not nil
2702: (when action
2703: ; Create the command string
2704: (let ((cmd (format "%s/mkbdev" action)))
2705: ; Call syd--stat with the command
2706: (syd--stat (syd--rule cmd glob ?+))))))
2707:
2708: (defun syd-mkbdev-del (action glob)
2709: "Removes the first matching entry from the end of the given actionlist
2710: of mkbdev sandboxing.
2711: ACTION is a constant representing the sandboxing action.
2712: GLOB is a string representing the glob pattern."
2713: (let ((action (cond
2714: ((eq action :action-allow) "allow")
2715: ((eq action :action-warn) "warn")
2716: ((eq action :action-filter) "filter")
2717: ((eq action :action-deny) "deny")
2718: ((eq action :action-panic) "panic")
2719: ((eq action :action-stop) "stop")
2720: ((eq action :action-abort) "abort")
2721: ((eq action :action-kill) "kill")
2722: ((eq action :action-exit) "exit"))))
2723: ; Only proceed if action is not nil
2724: (when action
2725: ; Create the command string
2726: (let ((cmd (format "%s/mkbdev" action)))
2727: ; Call syd--stat with the command
2728: (syd--stat (syd--rule cmd glob ?-))))))
2729:
2730: (defun syd-mkbdev-rem (action glob)
2731: "Removes all matching entries from the given actionlist of mkbdev sandboxing.
2732: ACTION is a constant representing the sandboxing action.
2733: GLOB is a string representing the glob pattern."
2734: (let ((action (cond
2735: ((eq action :action-allow) "allow")
2736: ((eq action :action-warn) "warn")
2737: ((eq action :action-filter) "filter")
2738: ((eq action :action-deny) "deny")
2739: ((eq action :action-panic) "panic")
2740: ((eq action :action-stop) "stop")
2741: ((eq action :action-abort) "abort")
2742: ((eq action :action-kill) "kill")
2743: ((eq action :action-exit) "exit"))))
2744: ; Only proceed if action is not nil
2745: (when action
2746: ; Create the command string
2747: (let ((cmd (format "%s/mkbdev" action)))
2748: ; Call syd--stat with the command
2749: (syd--stat (syd--rule cmd glob ?^))))))
2750:
2751: (defun syd-mkcdev-add (action glob)
2752: "Adds to the given actionlist of mkcdev sandboxing.
2753: ACTION is a constant representing the sandboxing action.
2754: GLOB is a string representing the glob pattern."
2755: (let ((action (cond
2756: ((eq action :action-allow) "allow")
2757: ((eq action :action-warn) "warn")
2758: ((eq action :action-filter) "filter")
2759: ((eq action :action-deny) "deny")
2760: ((eq action :action-panic) "panic")
2761: ((eq action :action-stop) "stop")
2762: ((eq action :action-abort) "abort")
2763: ((eq action :action-kill) "kill")
2764: ((eq action :action-exit) "exit"))))
2765: ; Only proceed if action is not nil
2766: (when action
2767: ; Create the command string
2768: (let ((cmd (format "%s/mkcdev" action)))
2769: ; Call syd--stat with the command
2770: (syd--stat (syd--rule cmd glob ?+))))))
2771:
2772: (defun syd-mkcdev-del (action glob)
2773: "Removes the first matching entry from the end of the given actionlist
2774: of mkcdev sandboxing.
2775: ACTION is a constant representing the sandboxing action.
2776: GLOB is a string representing the glob pattern."
2777: (let ((action (cond
2778: ((eq action :action-allow) "allow")
2779: ((eq action :action-warn) "warn")
2780: ((eq action :action-filter) "filter")
2781: ((eq action :action-deny) "deny")
2782: ((eq action :action-panic) "panic")
2783: ((eq action :action-stop) "stop")
2784: ((eq action :action-abort) "abort")
2785: ((eq action :action-kill) "kill")
2786: ((eq action :action-exit) "exit"))))
2787: ; Only proceed if action is not nil
2788: (when action
2789: ; Create the command string
2790: (let ((cmd (format "%s/mkcdev" action)))
2791: ; Call syd--stat with the command
2792: (syd--stat (syd--rule cmd glob ?-))))))
2793:
2794: (defun syd-mkcdev-rem (action glob)
2795: "Removes all matching entries from the given actionlist of mkcdev sandboxing.
2796: ACTION is a constant representing the sandboxing action.
2797: GLOB is a string representing the glob pattern."
2798: (let ((action (cond
2799: ((eq action :action-allow) "allow")
2800: ((eq action :action-warn) "warn")
2801: ((eq action :action-filter) "filter")
2802: ((eq action :action-deny) "deny")
2803: ((eq action :action-panic) "panic")
2804: ((eq action :action-stop) "stop")
2805: ((eq action :action-abort) "abort")
2806: ((eq action :action-kill) "kill")
2807: ((eq action :action-exit) "exit"))))
2808: ; Only proceed if action is not nil
2809: (when action
2810: ; Create the command string
2811: (let ((cmd (format "%s/mkcdev" action)))
2812: ; Call syd--stat with the command
2813: (syd--stat (syd--rule cmd glob ?^))))))
2814:
2815: (defun syd-mkfifo-add (action glob)
2816: "Adds to the given actionlist of mkfifo sandboxing.
2817: ACTION is a constant representing the sandboxing action.
2818: GLOB is a string representing the glob pattern."
2819: (let ((action (cond
2820: ((eq action :action-allow) "allow")
2821: ((eq action :action-warn) "warn")
2822: ((eq action :action-filter) "filter")
2823: ((eq action :action-deny) "deny")
2824: ((eq action :action-panic) "panic")
2825: ((eq action :action-stop) "stop")
2826: ((eq action :action-abort) "abort")
2827: ((eq action :action-kill) "kill")
2828: ((eq action :action-exit) "exit"))))
2829: ; Only proceed if action is not nil
2830: (when action
2831: ; Create the command string
2832: (let ((cmd (format "%s/mkfifo" action)))
2833: ; Call syd--stat with the command
2834: (syd--stat (syd--rule cmd glob ?+))))))
2835:
2836: (defun syd-mkfifo-del (action glob)
2837: "Removes the first matching entry from the end of the given actionlist
2838: of mkfifo sandboxing.
2839: ACTION is a constant representing the sandboxing action.
2840: GLOB is a string representing the glob pattern."
2841: (let ((action (cond
2842: ((eq action :action-allow) "allow")
2843: ((eq action :action-warn) "warn")
2844: ((eq action :action-filter) "filter")
2845: ((eq action :action-deny) "deny")
2846: ((eq action :action-panic) "panic")
2847: ((eq action :action-stop) "stop")
2848: ((eq action :action-abort) "abort")
2849: ((eq action :action-kill) "kill")
2850: ((eq action :action-exit) "exit"))))
2851: ; Only proceed if action is not nil
2852: (when action
2853: ; Create the command string
2854: (let ((cmd (format "%s/mkfifo" action)))
2855: ; Call syd--stat with the command
2856: (syd--stat (syd--rule cmd glob ?-))))))
2857:
2858: (defun syd-mkfifo-rem (action glob)
2859: "Removes all matching entries from the given actionlist of mkfifo sandboxing.
2860: ACTION is a constant representing the sandboxing action.
2861: GLOB is a string representing the glob pattern."
2862: (let ((action (cond
2863: ((eq action :action-allow) "allow")
2864: ((eq action :action-warn) "warn")
2865: ((eq action :action-filter) "filter")
2866: ((eq action :action-deny) "deny")
2867: ((eq action :action-panic) "panic")
2868: ((eq action :action-stop) "stop")
2869: ((eq action :action-abort) "abort")
2870: ((eq action :action-kill) "kill")
2871: ((eq action :action-exit) "exit"))))
2872: ; Only proceed if action is not nil
2873: (when action
2874: ; Create the command string
2875: (let ((cmd (format "%s/mkfifo" action)))
2876: ; Call syd--stat with the command
2877: (syd--stat (syd--rule cmd glob ?^))))))
2878:
2879: (defun syd-mktemp-add (action glob)
2880: "Adds to the given actionlist of mktemp sandboxing.
2881: ACTION is a constant representing the sandboxing action.
2882: GLOB is a string representing the glob pattern."
2883: (let ((action (cond
2884: ((eq action :action-allow) "allow")
2885: ((eq action :action-warn) "warn")
2886: ((eq action :action-filter) "filter")
2887: ((eq action :action-deny) "deny")
2888: ((eq action :action-panic) "panic")
2889: ((eq action :action-stop) "stop")
2890: ((eq action :action-abort) "abort")
2891: ((eq action :action-kill) "kill")
2892: ((eq action :action-exit) "exit"))))
2893: ; Only proceed if action is not nil
2894: (when action
2895: ; Create the command string
2896: (let ((cmd (format "%s/mktemp" action)))
2897: ; Call syd--stat with the command
2898: (syd--stat (syd--rule cmd glob ?+))))))
2899:
2900: (defun syd-mktemp-del (action glob)
2901: "Removes the first matching entry from the end of the given actionlist
2902: of mktemp sandboxing.
2903: ACTION is a constant representing the sandboxing action.
2904: GLOB is a string representing the glob pattern."
2905: (let ((action (cond
2906: ((eq action :action-allow) "allow")
2907: ((eq action :action-warn) "warn")
2908: ((eq action :action-filter) "filter")
2909: ((eq action :action-deny) "deny")
2910: ((eq action :action-panic) "panic")
2911: ((eq action :action-stop) "stop")
2912: ((eq action :action-abort) "abort")
2913: ((eq action :action-kill) "kill")
2914: ((eq action :action-exit) "exit"))))
2915: ; Only proceed if action is not nil
2916: (when action
2917: ; Create the command string
2918: (let ((cmd (format "%s/mktemp" action)))
2919: ; Call syd--stat with the command
2920: (syd--stat (syd--rule cmd glob ?-))))))
2921:
2922: (defun syd-mktemp-rem (action glob)
2923: "Removes all matching entries from the given actionlist of mktemp sandboxing.
2924: ACTION is a constant representing the sandboxing action.
2925: GLOB is a string representing the glob pattern."
2926: (let ((action (cond
2927: ((eq action :action-allow) "allow")
2928: ((eq action :action-warn) "warn")
2929: ((eq action :action-filter) "filter")
2930: ((eq action :action-deny) "deny")
2931: ((eq action :action-panic) "panic")
2932: ((eq action :action-stop) "stop")
2933: ((eq action :action-abort) "abort")
2934: ((eq action :action-kill) "kill")
2935: ((eq action :action-exit) "exit"))))
2936: ; Only proceed if action is not nil
2937: (when action
2938: ; Create the command string
2939: (let ((cmd (format "%s/mktemp" action)))
2940: ; Call syd--stat with the command
2941: (syd--stat (syd--rule cmd glob ?^))))))
2942:
2943: (defun syd-net-bind-add (action addr)
2944: "Adds to the given actionlist of net/bind sandboxing.
2945: ACTION is a constant representing the sandboxing action.
2946: ADDR is a string representing the address pattern."
2947: (let ((action (cond
2948: ((eq action :action-allow) "allow")
2949: ((eq action :action-warn) "warn")
2950: ((eq action :action-filter) "filter")
2951: ((eq action :action-deny) "deny")
2952: ((eq action :action-panic) "panic")
2953: ((eq action :action-stop) "stop")
2954: ((eq action :action-abort) "abort")
2955: ((eq action :action-kill) "kill")
2956: ((eq action :action-exit) "exit"))))
2957: ; Only proceed if action is not nil
2958: (when action
2959: ; Create the command string
2960: (let ((cmd (format "%s/net/bind" action)))
2961: ; Call syd--stat with the command
2962: (syd--stat (syd--rule cmd addr ?+))))))
2963:
2964: (defun syd-net-bind-del (action addr)
2965: "Removes the first matching entry from the end of the given actionlist
2966: of net/bind sandboxing.
2967: ACTION is a constant representing the sandboxing action.
2968: ADDR is a string representing the address pattern."
2969: (let ((action (cond
2970: ((eq action :action-allow) "allow")
2971: ((eq action :action-warn) "warn")
2972: ((eq action :action-filter) "filter")
2973: ((eq action :action-deny) "deny")
2974: ((eq action :action-panic) "panic")
2975: ((eq action :action-stop) "stop")
2976: ((eq action :action-abort) "abort")
2977: ((eq action :action-kill) "kill")
2978: ((eq action :action-exit) "exit"))))
2979: ; Only proceed if action is not nil
2980: (when action
2981: ; Create the command string
2982: (let ((cmd (format "%s/net/bind" action)))
2983: ; Call syd--stat with the command
2984: (syd--stat (syd--rule cmd addr ?-))))))
2985:
2986: (defun syd-net-bind-rem (action addr)
2987: "Removes all matching entries from the given actionlist of net/bind sandboxing.
2988: ACTION is a constant representing the sandboxing action.
2989: ADDR is a string representing the address pattern."
2990: (let ((action (cond
2991: ((eq action :action-allow) "allow")
2992: ((eq action :action-warn) "warn")
2993: ((eq action :action-filter) "filter")
2994: ((eq action :action-deny) "deny")
2995: ((eq action :action-panic) "panic")
2996: ((eq action :action-stop) "stop")
2997: ((eq action :action-abort) "abort")
2998: ((eq action :action-kill) "kill")
2999: ((eq action :action-exit) "exit"))))
3000: ; Only proceed if action is not nil
3001: (when action
3002: ; Create the command string
3003: (let ((cmd (format "%s/net/bind" action)))
3004: ; Call syd--stat with the command
3005: (syd--stat (syd--rule cmd addr ?^))))))
3006:
3007: (defun syd-net-connect-add (action addr)
3008: "Adds to the given actionlist of net/connect sandboxing.
3009: ACTION is a constant representing the sandboxing action.
3010: ADDR is a string representing the address pattern."
3011: (let ((action (cond
3012: ((eq action :action-allow) "allow")
3013: ((eq action :action-warn) "warn")
3014: ((eq action :action-filter) "filter")
3015: ((eq action :action-deny) "deny")
3016: ((eq action :action-panic) "panic")
3017: ((eq action :action-stop) "stop")
3018: ((eq action :action-abort) "abort")
3019: ((eq action :action-kill) "kill")
3020: ((eq action :action-exit) "exit"))))
3021: ; Only proceed if action is not nil
3022: (when action
3023: ; Create the command string
3024: (let ((cmd (format "%s/net/connect" action)))
3025: ; Call syd--stat with the command
3026: (syd--stat (syd--rule cmd addr ?+))))))
3027:
3028: (defun syd-net-connect-del (action addr)
3029: "Removes the first matching entry from the end of the given actionlist
3030: of net/connect sandboxing.
3031: ACTION is a constant representing the sandboxing action.
3032: ADDR is a string representing the address pattern."
3033: (let ((action (cond
3034: ((eq action :action-allow) "allow")
3035: ((eq action :action-warn) "warn")
3036: ((eq action :action-filter) "filter")
3037: ((eq action :action-deny) "deny")
3038: ((eq action :action-panic) "panic")
3039: ((eq action :action-stop) "stop")
3040: ((eq action :action-abort) "abort")
3041: ((eq action :action-kill) "kill")
3042: ((eq action :action-exit) "exit"))))
3043: ; Only proceed if action is not nil
3044: (when action
3045: ; Create the command string
3046: (let ((cmd (format "%s/net/connect" action)))
3047: ; Call syd--stat with the command
3048: (syd--stat (syd--rule cmd addr ?-))))))
3049:
3050: (defun syd-net-connect-rem (action addr)
3051: "Removes all matching entries from the given actionlist of net/connect
3052: sandboxing.
3053: ACTION is a constant representing the sandboxing action.
3054: ADDR is a string representing the address pattern."
3055: (let ((action (cond
3056: ((eq action :action-allow) "allow")
3057: ((eq action :action-warn) "warn")
3058: ((eq action :action-filter) "filter")
3059: ((eq action :action-deny) "deny")
3060: ((eq action :action-panic) "panic")
3061: ((eq action :action-stop) "stop")
3062: ((eq action :action-abort) "abort")
3063: ((eq action :action-kill) "kill")
3064: ((eq action :action-exit) "exit"))))
3065: ; Only proceed if action is not nil
3066: (when action
3067: ; Create the command string
3068: (let ((cmd (format "%s/net/connect" action)))
3069: ; Call syd--stat with the command
3070: (syd--stat (syd--rule cmd addr ?^))))))
3071:
3072: (defun syd-net-sendfd-add (action addr)
3073: "Adds to the given actionlist of net/sendfd sandboxing.
3074: ACTION is a constant representing the sandboxing action.
3075: ADDR is a string representing the address pattern."
3076: (let ((action (cond
3077: ((eq action :action-allow) "allow")
3078: ((eq action :action-warn) "warn")
3079: ((eq action :action-filter) "filter")
3080: ((eq action :action-deny) "deny")
3081: ((eq action :action-panic) "panic")
3082: ((eq action :action-stop) "stop")
3083: ((eq action :action-abort) "abort")
3084: ((eq action :action-kill) "kill")
3085: ((eq action :action-exit) "exit"))))
3086: ; Only proceed if action is not nil
3087: (when action
3088: ; Create the command string
3089: (let ((cmd (format "%s/net/sendfd" action)))
3090: ; Call syd--stat with the command
3091: (syd--stat (syd--rule cmd addr ?+))))))
3092:
3093: (defun syd-net-sendfd-del (action addr)
3094: "Removes the first matching entry from the end of the given actionlist
3095: of net/sendfd sandboxing.
3096: ACTION is a constant representing the sandboxing action.
3097: ADDR is a string representing the address pattern."
3098: (let ((action (cond
3099: ((eq action :action-allow) "allow")
3100: ((eq action :action-warn) "warn")
3101: ((eq action :action-filter) "filter")
3102: ((eq action :action-deny) "deny")
3103: ((eq action :action-panic) "panic")
3104: ((eq action :action-stop) "stop")
3105: ((eq action :action-abort) "abort")
3106: ((eq action :action-kill) "kill")
3107: ((eq action :action-exit) "exit"))))
3108: ; Only proceed if action is not nil
3109: (when action
3110: ; Create the command string
3111: (let ((cmd (format "%s/net/sendfd" action)))
3112: ; Call syd--stat with the command
3113: (syd--stat (syd--rule cmd addr ?-))))))
3114:
3115: (defun syd-net-sendfd-rem (action addr)
3116: "Removes all matching entries from the given actionlist of net/sendfd sandboxing.
3117: ACTION is a constant representing the sandboxing action.
3118: ADDR is a string representing the address pattern."
3119: (let ((action (cond
3120: ((eq action :action-allow) "allow")
3121: ((eq action :action-warn) "warn")
3122: ((eq action :action-filter) "filter")
3123: ((eq action :action-deny) "deny")
3124: ((eq action :action-panic) "panic")
3125: ((eq action :action-stop) "stop")
3126: ((eq action :action-abort) "abort")
3127: ((eq action :action-kill) "kill")
3128: ((eq action :action-exit) "exit"))))
3129: ; Only proceed if action is not nil
3130: (when action
3131: ; Create the command string
3132: (let ((cmd (format "%s/net/sendfd" action)))
3133: ; Call syd--stat with the command
3134: (syd--stat (syd--rule cmd addr ?^))))))
3135:
3136: (defun syd-net-link-add (action addr)
3137: "Adds to the given actionlist of net/link sandboxing.
3138: ACTION is a constant representing the sandboxing action.
3139: ADDR is a string representing the address pattern."
3140: (let ((action (cond
3141: ((eq action :action-allow) "allow")
3142: ((eq action :action-warn) "warn")
3143: ((eq action :action-filter) "filter")
3144: ((eq action :action-deny) "deny")
3145: ((eq action :action-panic) "panic")
3146: ((eq action :action-stop) "stop")
3147: ((eq action :action-abort) "abort")
3148: ((eq action :action-kill) "kill")
3149: ((eq action :action-exit) "exit"))))
3150: ; Only proceed if action is not nil
3151: (when action
3152: ; Create the command string
3153: (let ((cmd (format "%s/net/link" action)))
3154: ; Call syd--stat with the command
3155: (syd--stat (syd--rule cmd addr ?+))))))
3156:
3157: (defun syd-net-link-del (action addr)
3158: "Removes the first matching entry from the end of the given actionlist
3159: of net/link sandboxing.
3160: ACTION is a constant representing the sandboxing action.
3161: ADDR is a string representing the address pattern."
3162: (let ((action (cond
3163: ((eq action :action-allow) "allow")
3164: ((eq action :action-warn) "warn")
3165: ((eq action :action-filter) "filter")
3166: ((eq action :action-deny) "deny")
3167: ((eq action :action-panic) "panic")
3168: ((eq action :action-stop) "stop")
3169: ((eq action :action-abort) "abort")
3170: ((eq action :action-kill) "kill")
3171: ((eq action :action-exit) "exit"))))
3172: ; Only proceed if action is not nil
3173: (when action
3174: ; Create the command string
3175: (let ((cmd (format "%s/net/link" action)))
3176: ; Call syd--stat with the command
3177: (syd--stat (syd--rule cmd addr ?-))))))
3178:
3179: (defun syd-net-link-rem (action addr)
3180: "Removes all matching entries from the given actionlist of net/link sandboxing.
3181: ACTION is a constant representing the sandboxing action.
3182: ADDR is a string representing the address pattern."
3183: (let ((action (cond
3184: ((eq action :action-allow) "allow")
3185: ((eq action :action-warn) "warn")
3186: ((eq action :action-filter) "filter")
3187: ((eq action :action-deny) "deny")
3188: ((eq action :action-panic) "panic")
3189: ((eq action :action-stop) "stop")
3190: ((eq action :action-abort) "abort")
3191: ((eq action :action-kill) "kill")
3192: ((eq action :action-exit) "exit"))))
3193: ; Only proceed if action is not nil
3194: (when action
3195: ; Create the command string
3196: (let ((cmd (format "%s/net/link" action)))
3197: ; Call syd--stat with the command
3198: (syd--stat (syd--rule cmd addr ?^))))))
3199:
3200: (defun syd-force-add (path hash action)
3201: "Adds an entry to the Integrity Force map for Force Sandboxing.
3202: PATH is a fully-qualified file name.
3203: HASH is a hexadecimal encoded checksum.
3204: ACTION is one of :action-warn, :action-filter, :action-deny, :action-panic, :action-stop, :action-abort, :action-kill, or :action-exit."
3205: (let ((action (cond ((eq action :action-warn) "warn")
3206: ((eq action :action-filter) "filter")
3207: ((eq action :action-deny) "deny")
3208: ((eq action :action-deny) "panic")
3209: ((eq action :action-stop) "stop")
3210: ((eq action :action-abort) "abort")
3211: ((eq action :action-kill) "kill")
3212: ((eq action :action-kill) "exit"))))
3213: ; Only proceed if action is not nil
3214: (when action
3215: ; Create the command string
3216: (let ((cmd (format "/dev/syd/force+%s:%s:%s" path hash action)))
3217: ; Call syd--stat with the command
3218: (syd--stat cmd)))))
3219:
3220: (defun syd-force-del (path)
3221: "Removes an entry from the Integrity Force map for Force Sandboxing.
3222: PATH is a fully-qualified file name."
3223: ; Create the command string
3224: (let ((cmd (format "/dev/syd/force-%s" path)))
3225: ; Call syd--stat with the command
3226: (syd--stat cmd)))
3227:
3228: (defun syd-force-clr ()
3229: "Clears the Integrity Force map for Force Sandboxing."
3230: (syd--stat "/dev/syd/force^"))
3231:
3232: (defun syd-mem-max (size)
3233: "Set syd maximum per-process memory usage limit.
3234: SIZE can be an integer or a string representing the memory limit."
3235: (let ((size-str (cond ((integerp size) (number-to-string size))
3236: ((stringp size) size)
3237: (t (error "Size must be an integer or a string")))))
3238: (syd--stat (syd--rule "mem/max" size-str ?:))))
3239:
3240: (defun syd-mem-vm-max (size)
3241: "Set syd maximum per-process virtual memory usage limit.
3242: SIZE can be an integer or a string representing the memory limit."
3243: (let ((size-str (cond ((integerp size) (number-to-string size))
3244: ((stringp size) size)
3245: (t (error "Size must be an integer or a string")))))
3246: (syd--stat (syd--rule "mem/vm_max" size-str ?:))))
3247:
3248: (defun syd-pid-max (size)
3249: "Set syd maximum process ID limit for PID sandboxing.
3250: SIZE is a number representing the PID limit."
3251: (unless (numberp size)
3252: (error "Size must be a number"))
3253: (let ((path (format "/dev/syd/pid/max:%d" size)))
3254: (syd--stat path)))
3255:
3256: (defun syd-segvguard-expiry (timeout)
3257: "Specify SegvGuard entry expiry timeout in seconds.
3258: Setting this timeout to 0 effectively disables SegvGuard.
3259: TIMEOUT is a number representing the timeout in seconds."
3260: (unless (numberp timeout)
3261: (error "Timeout must be a number"))
3262: (let ((path (format "/dev/syd/segvguard/expiry:%d" timeout)))
3263: (syd--stat path)))
3264:
3265: (defun syd-segvguard-suspension (timeout)
3266: "Specify SegvGuard entry suspension timeout in seconds.
3267: TIMEOUT is a number representing the timeout in seconds."
3268: (unless (numberp timeout)
3269: (error "Timeout must be a number"))
3270: (let ((path (format "/dev/syd/segvguard/suspension:%d" timeout)))
3271: (syd--stat path)))
3272:
3273: (defun syd-segvguard-maxcrashes (limit)
3274: "Specify SegvGuard max number of crashes before suspension.
3275: LIMIT is a number representing the crash limit."
3276: (unless (numberp limit)
3277: (error "Limit must be a number"))
3278: (let ((path (format "/dev/syd/segvguard/maxcrashes:%d" limit)))
3279: (syd--stat path)))
3280:
3281: (defun syd-exec (file argv)
3282: "Execute a command outside the sandbox without sandboxing.
3283: FILE is the file path of the command as a string.
3284: ARGV is a list of strings representing the arguments to the command."
3285: (unless (stringp file)
3286: (error "File must be a string"))
3287: (let ((all-strings t))
3288: (dolist (arg argv)
3289: (unless (stringp arg)
3290: (setq all-strings nil)))
3291: (unless all-strings
3292: (error "All elements in ARGV must be strings")))
3293:
3294: (let ((cmd (mapconcat 'identity (cons file argv) "\x1F")))
3295: (syd--stat (concat "/dev/syd/cmd/exec!" cmd))))
3296:
3297: (defun syd--rule (rule elem op)
3298: "Helper function to construct a path for syd operations.
3299: RULE is a string representing the rule.
3300: ELEM is a string representing the element.
3301: OP is a character representing the operation."
3302: (unless (member op '(?+ ?- ?^ ?:))
3303: (error "Invalid operation"))
3304: (when (string-empty-p elem)
3305: (error "Element cannot be empty"))
3306: (concat "/dev/syd/" rule (char-to-string op) elem))
3307:
3308: (defun syd--stat (path)
3309: "Check if the file at PATH exists using `file-modes'."
3310: (condition-case nil
3311: (not (null (file-modes path)))
3312: (error nil))) ; On error, return nil
3313:
3314: (provide 'syd)
3315: ; syd.el ends here
3316:
24/02/2026 16:46:52, src/syd.el, Ali Polatel