bsdcapsicum.rb/share/ruby-capsicum/examples/3_set_rights_example.rb

#!/usr/bin/env ruby
require "bsd/capsicum"

path = File.join(Dir.home, "bsdcapsicum.txt")
file = File.open(path, File::CREAT | File::TRUNC | File::RDWR)
file.sync = true
print "[parent] Obtain file descriptor (with all capabilities)", "\n"
fork do
  BSD::Capsicum.set_rights!(file, %i[CAP_READ])
  print "[subprocess] Reduce capabilities to read", "\n"

  file.gets
  print "[subprocess] Read OK", "\n"

  begin
    file.write "foo"
  rescue Errno::ENOTCAPABLE => ex
    print "[subprocess] Error: #{ex.message} (#{ex.class})", "\n"
  end
end
Process.wait
file.write "[parent] Hello from #{Process.pid}", "\n"
print "[parent] Write OK", "\n"

##
# [parent] Obtain file descriptor (with all capabilities)
# [subprocess] Reduce capabilities to read
# [subprocess] Read OK
# [subprocess] Error: Capabilities insufficient @ io_write - /home/user/bsdcapsicum.txt (Errno::ENOTCAPABLE)
# [parent] Write OK
Add documentation (+ tests) for BSD::Capsicum.set_rights! 2024-06-27 05:36:33 +02:00			`#!/usr/bin/env ruby`
			`require "bsd/capsicum"`

			`path = File.join(Dir.home, "bsdcapsicum.txt")`
			`file = File.open(path, File::CREAT \| File::TRUNC \| File::RDWR)`
			`file.sync = true`
Update example 2024-06-27 10:09:13 +02:00			`print "[parent] Obtain file descriptor (with all capabilities)", "\n"`
Add documentation (+ tests) for BSD::Capsicum.set_rights! 2024-06-27 05:36:33 +02:00			`fork do`
			`BSD::Capsicum.set_rights!(file, %i[CAP_READ])`
Update example 2024-06-27 10:09:13 +02:00			`print "[subprocess] Reduce capabilities to read", "\n"`
Add documentation (+ tests) for BSD::Capsicum.set_rights! 2024-06-27 05:36:33 +02:00
			`file.gets`
Update example 2024-06-27 10:09:13 +02:00			`print "[subprocess] Read OK", "\n"`
Add documentation (+ tests) for BSD::Capsicum.set_rights! 2024-06-27 05:36:33 +02:00
			`begin`
			`file.write "foo"`
			`rescue Errno::ENOTCAPABLE => ex`
			`print "[subprocess] Error: #{ex.message} (#{ex.class})", "\n"`
			`end`
			`end`
			`Process.wait`
			`file.write "[parent] Hello from #{Process.pid}", "\n"`
Update example 2024-06-27 10:09:13 +02:00			`print "[parent] Write OK", "\n"`
Add documentation (+ tests) for BSD::Capsicum.set_rights! 2024-06-27 05:36:33 +02:00
			`##`
Update example 2024-06-27 10:11:19 +02:00			`# [parent] Obtain file descriptor (with all capabilities)`
Update example 2024-06-27 10:09:13 +02:00			`# [subprocess] Reduce capabilities to read`
			`# [subprocess] Read OK`
			`# [subprocess] Error: Capabilities insufficient @ io_write - /home/user/bsdcapsicum.txt (Errno::ENOTCAPABLE)`
			`# [parent] Write OK`