0x1eef/bsdcapsicum.rb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add some API documentation

Browse source
This commit is contained in:
Thomas Hurst 2017-05-24 16:33:39 +01:00
parent 4ed2935df2
commit 1bec2c3ea4
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/capsicum.rb
View file

@ -16,6 +16,12 @@ module Capsicum
attach_function :cap_getmode, [IntPtr], :int
end
# Check if we're in capability mode.
#
# @see cap_getmode(2)
#
# @return [Boolean] true if we've entered capability mode
# @raise [Errno::ENOTCAPABLE] - Capsicum not enabled.
def sandboxed?
ptr = IntPtr.new
ret = LibC.cap_getmode(ptr)
@ -27,6 +33,12 @@ module Capsicum
end
end
# Enter capability sandbox mode.
#
# @see cap_enter(2)
#
# @return [Boolean] true if we've entered capability mode.
# @raise [Errno::ENOTCAPABLE] - Capsicum not enabled.
def enter!
ret = LibC.cap_enter
@ -37,6 +49,11 @@ module Capsicum
end
end
# Run the block within a forked process in capability mode and wait for it to
# complete.
#
# @yield block to run within the forked child.
# @return [Process::Status] exit status of the forked child.
def within_sandbox
return enum_for(:within_sandbox) unless block_given?