OpenBSD pledge(2) Rust FFI bindings

1. // rustc --crate-type=lib pledge.rs
2. // rustc -L . main.rs
3.  
4. //
5. // pledge_ffi.rs
6. use std::os::raw::c_char;
7. use std::os::raw::c_int;
8.  
9. #[link(name = "c")]
10. extern {
11.     pub fn pledge(promises: *const c_char, paths: *const *const c_char) -> c_int;
12. }
13.  
14. //
15. // pledge.rs
16. #![crate_type = "lib"]
17.  
18. use std::ffi::CString;
19. mod pledge_ffi;
20.  
21. pub fn pledge(promises: &str) -> bool {
22.     if let Ok(c_str) = CString::new(promises) {
23.         unsafe {
24.             let result = pledge_ffi::pledge(c_str.as_ptr(), std::ptr::null());
25.             return result == 0;
26.         }
27.     }
28.     return false;
29. }
30.  
31. //
32. // main.rs
33. extern crate pledge;
34.  
35. use pledge::pledge;
36.  
37. use std::process::exit;
38. use std::fs::File;
39. use std::io::Write;
40.  
41. fn main() {
42.     let mut stderr = std::io::stderr();
43.     // example will crash
44.     // change to "stdio rpath"
45.     if !pledge("stdio") {
46.         writeln!(&mut stderr, "pledge").unwrap();
47.         exit(1);
48.     }
49.  
50.     println!("Now pledged.");
51.  
52.     // attempt elevation
53.     if !pledge("stdio rpath") {
54.         writeln!(&mut stderr, "pledge elevation fail").unwrap();
55.         //exit(1);
56.     }
57.     // .. promises were equal or reduced
58.  
59.     println!("Opening a file!");
60.     // kernel should abort here, unless promises changed
61.     let file = match File::open("/tmp/bogus/file") {
62.         Err(_) => exit(1),
63.         Ok(file) => file,
64.     };
65. }