bsdcapsicum.rb/lib/capsicum.rb

# frozen_string_literal: true

module Capsicum
  require_relative "capsicum/version"
  require_relative "capsicum/libc"
  extend self

  ##
  # Check if we're in capability mode.
  #
  # @see cap_getmode(2)
  # @raise [SystemCallError]
  #  Might raise a subclass of SystemCallError
  # @return [Boolean]
  #  Returns true when the current process is in capability mode
  def in_capability_mode?
    uintp = Fiddle::Pointer.malloc(Fiddle::SIZEOF_UINT)
    ret = LibC.cap_getmode(uintp)

    if ret == 0
      uintp[0, Fiddle::SIZEOF_UINT].unpack("i") == [1]
    else
      raise SystemCallError.new("cap_getmode", Fiddle.last_error)
    end
  ensure
    uintp.call_free
  end
  alias_method :capability_mode?, :in_capability_mode?

  ##
  # Enter capability mode
  #
  # @see cap_enter(2)
  # @raise [SystemCallError]
  #  Might raise a subclass of SystemCallError
  # @return [Boolean]
  #  Returns true when the current process is in capability mode
  def enter!
    if LibC.cap_enter == 0
      true
    else
      raise SystemCallError.new("cap_enter", Fiddle.last_error)
    end
  end
end
Add standard Add the 'standard' linter library Commit fixes generated via 'bundle exec rubocop -A' 2024-06-24 03:38:24 +02:00			`# frozen_string_literal: true`

Initial commit. 2017-05-24 02:18:05 +02:00			`module Capsicum`
Require fiddle in libc.rb 2024-06-25 05:08:23 +02:00			`require_relative "capsicum/version"`
Add lib/capsicum/libc.rb 2024-06-25 05:07:00 +02:00			`require_relative "capsicum/libc"`
Alias in_capability_mode? as capability_mode? 2024-06-25 05:42:37 +02:00			`extend self`
Add small improvements 2024-06-25 03:48:14 +02:00
			`##`
Add some API documentation 2017-05-24 17:33:39 +02:00			`# Check if we're in capability mode.`
			`#`
			`# @see cap_getmode(2)`
Add small improvements 2024-06-25 03:48:14 +02:00			`# @raise [SystemCallError]`
			`# Might raise a subclass of SystemCallError`
			`# @return [Boolean]`
Add lib/capsicum/libc.rb 2024-06-25 05:07:00 +02:00			`# Returns true when the current process is in capability mode`
Replace sandboxed? with in_capability_mode? Update docs, tests 2024-06-25 03:56:42 +02:00			`def in_capability_mode?`
Replace ffi with fiddle The fiddle library is part of Ruby's standard library, and works out of the box for me on HardenedBSD - where as the ffi library raises an error on require 2024-06-23 23:18:33 +02:00			`uintp = Fiddle::Pointer.malloc(Fiddle::SIZEOF_UINT)`
			`ret = LibC.cap_getmode(uintp)`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00
			`if ret == 0`
Add standard Add the 'standard' linter library Commit fixes generated via 'bundle exec rubocop -A' 2024-06-24 03:38:24 +02:00			`uintp[0, Fiddle::SIZEOF_UINT].unpack("i") == [1]`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00			`else`
Replace ffi with fiddle The fiddle library is part of Ruby's standard library, and works out of the box for me on HardenedBSD - where as the ffi library raises an error on require 2024-06-23 23:18:33 +02:00			`raise SystemCallError.new("cap_getmode", Fiddle.last_error)`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00			`end`
Replace ffi with fiddle The fiddle library is part of Ruby's standard library, and works out of the box for me on HardenedBSD - where as the ffi library raises an error on require 2024-06-23 23:18:33 +02:00			`ensure`
			`uintp.call_free`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00			`end`
Alias in_capability_mode? as capability_mode? 2024-06-25 05:42:37 +02:00			`alias_method :capability_mode?, :in_capability_mode?`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00
Add small improvements 2024-06-25 03:48:14 +02:00			`##`
			`# Enter capability mode`
Add some API documentation 2017-05-24 17:33:39 +02:00			`#`
			`# @see cap_enter(2)`
Add small improvements 2024-06-25 03:48:14 +02:00			`# @raise [SystemCallError]`
			`# Might raise a subclass of SystemCallError`
			`# @return [Boolean]`
			`# Returns true when the current process is in capability mode`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00			`def enter!`
Add small improvements 2024-06-25 03:48:14 +02:00			`if LibC.cap_enter == 0`
Add standard Add the 'standard' linter library Commit fixes generated via 'bundle exec rubocop -A' 2024-06-24 03:38:24 +02:00			`true`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00			`else`
Replace ffi with fiddle The fiddle library is part of Ruby's standard library, and works out of the box for me on HardenedBSD - where as the ffi library raises an error on require 2024-06-23 23:18:33 +02:00			`raise SystemCallError.new("cap_enter", Fiddle.last_error)`
First cut of the capsicum gem. 2017-05-24 02:18:47 +02:00			`end`
			`end`
Initial commit. 2017-05-24 02:18:05 +02:00			`end`