Module rustix::thread::prctl

Linux prctl wrappers.

Rustix wraps variadic/dynamic-dispatch functions like prctl in type-safe wrappers.

Safety

The inner prctl calls are dynamically typed and must be called correctly.

Structs

• CapabilitiesSecureBits
  SECBIT_*.
• SVEVectorLengthConfig
  Scalable Vector Extension vector length configuration.
• TaggedAddressMode
  Zero means addresses that are passed for the purpose of being dereferenced by the kernel must be untagged.

Enums

• Capability
  Linux per-thread capability.
• CoreSchedulingScope
  PR_SCHED_CORE_SCOPE_*.
• SecureComputingMode
  SECCOMP_MODE_*.
• SysCallUserDispatchFastSwitch
  Value of the fast switch flag controlling system calls user dispatch mechanism without the need to issue a syscall.

Constants

• PR_CAPBSET_DROP 🔒
• PR_CAPBSET_READ 🔒
• PR_CAP_AMBIENT 🔒
• PR_CAP_AMBIENT_CLEAR_ALL 🔒
• PR_CAP_AMBIENT_IS_SET 🔒
• PR_CAP_AMBIENT_LOWER 🔒
• PR_CAP_AMBIENT_RAISE 🔒
• PR_GET_KEEPCAPS 🔒
• PR_GET_NAME 🔒
• PR_GET_NO_NEW_PRIVS 🔒
• PR_GET_SECUREBITS 🔒
• PR_GET_TAGGED_ADDR_CTRL 🔒
• PR_GET_THP_DISABLE 🔒
• PR_GET_TID_ADDRESS 🔒
• PR_GET_TIMERSLACK 🔒
• PR_MTE_TAG_MASK 🔒
• PR_MTE_TAG_SHIFT 🔒
• PR_PAC_RESET_KEYS 🔒
• PR_SCHED_CORE 🔒
• PR_SCHED_CORE_CREATE 🔒
• PR_SCHED_CORE_GET 🔒
• PR_SCHED_CORE_SCOPE_PROCESS_GROUP 🔒
• PR_SCHED_CORE_SCOPE_THREAD 🔒
• PR_SCHED_CORE_SCOPE_THREAD_GROUP 🔒
• PR_SCHED_CORE_SHARE_FROM 🔒
• PR_SCHED_CORE_SHARE_TO 🔒
• PR_SET_KEEPCAPS 🔒
• PR_SET_NAME 🔒
• PR_SET_NO_NEW_PRIVS 🔒
• PR_SET_SECCOMP 🔒
• PR_SET_SECUREBITS 🔒
• PR_SET_SYSCALL_USER_DISPATCH 🔒
• PR_SET_TAGGED_ADDR_CTRL 🔒
• PR_SET_THP_DISABLE 🔒
• PR_SET_TIMERSLACK 🔒
• PR_SVE_GET_VL 🔒
• PR_SVE_SET_VL 🔒
• PR_SVE_SET_VL_ONEXEC 🔒
• PR_SVE_VL_INHERIT 🔒
• PR_SVE_VL_LEN_MASK 🔒
• PR_SYS_DISPATCH_OFF 🔒
• PR_SYS_DISPATCH_ON 🔒
• SECCOMP_MODE_DISABLED 🔒
• SECCOMP_MODE_FILTER 🔒
• SECCOMP_MODE_STRICT 🔒
• SYSCALL_DISPATCH_FILTER_ALLOW 🔒
  Allow system calls to be executed.
• SYSCALL_DISPATCH_FILTER_BLOCK 🔒
  Block system calls from executing.

Functions

• capabilities_secure_bits
  Get the securebits flags of the calling thread.
• capability_is_in_ambient_set
  Check if the specified capability is in the ambient set.
• capability_is_in_bounding_set
  Check if the specified capability is in the calling thread’s capability bounding set.
• clear_ambient_capability_set
  Remove all capabilities from the ambient set.
• configure_capability_in_ambient_set
  Add or remove the specified capability to the ambient set.
• core_scheduling_cookie
  Get core scheduling cookie of a process.
• create_core_scheduling_cookie
  Create unique core scheduling cookie.
• current_tagged_address_mode
  Get the current tagged address mode for the calling thread.
• current_timer_slack
  Get the current timer slack value of the calling thread.
• disable_syscall_user_dispatch^⚠
  Disable Syscall User Dispatch mechanism.
• disable_transparent_huge_pages
  Set the state of the THP disable flag for the calling thread.
• enable_syscall_user_dispatch^⚠
  Enable Syscall User Dispatch mechanism.
• get_clear_child_tid_address
  Get the clear_child_tid address set by set_tid_address and clone’s CLONE_CHILD_CLEARTID flag.
• get_keep_capabilities
  Get the current state of the calling thread’s keep capabilities flag.
• name
  Get the name of the calling thread.
• no_new_privs
  Get the value of the no_new_privs attribute for the calling thread.
• pull_core_scheduling_cookie
  Pull core scheduling cookie from a process.
• push_core_scheduling_cookie
  Push core scheduling cookie to a process.
• remove_capability_from_bounding_set
  If the calling thread has the Capability::SetPermittedCapabilities capability within its user namespace, then drop the specified capability from the thread’s capability bounding set.
• reset_pointer_authentication_keys^⚠
  Securely reset the thread’s pointer authentication keys to fresh random values generated by the kernel.
• set_capabilities_secure_bits
  Set the securebits flags of the calling thread.
• set_current_tagged_address_mode^⚠
  Controls support for passing tagged user-space addresses to the kernel.
• set_current_timer_slack
  Sets the current timer slack value for the calling thread.
• set_keep_capabilities
  Set the state of the calling thread’s keep capabilities flag.
• set_name
  Set the name of the calling thread.
• set_no_new_privs
  Set the calling thread’s no_new_privs attribute.
• set_secure_computing_mode
  Set the secure computing mode for the calling thread, to limit the available system calls.
• set_sve_vector_length_configuration^⚠
  Configure the thread’s vector length of Scalable Vector Extension.
• sve_vector_length_configuration
  Get the thread’s current SVE vector length configuration.
• transparent_huge_pages_are_disabled
  Get the current setting of the THP disable flag for the calling thread.