0x1eef/bsdcapsicum.rb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Ruby bindings for capsicum(4)
49 commits 1 branch 3 tags 119 KiB
Ruby 99.5%
Shell 0.5%
Find a file
0x1eef 14764bc00f gemspec: add fiddle as a runtime dep
2024-06-27 00:40:32 -03:00
bin Add test/readme_test.rb 2024-06-24 23:36:09 -03:00
lib/bsd Group more capabilities under 'File capabilities' 2024-06-27 00:40:32 -03:00
share/ruby-capsicum/examples bsdcapsicum.rb is born :) 2024-06-25 03:32:04 -03:00
test Add BSD::Capsicum.set_rights! 2024-06-25 10:41:56 -03:00
.gitignore Initial commit. 2017-05-24 01:18:05 +01:00
.projectile Add .projectile 2024-06-25 04:38:14 -03:00
.rubocop.yml Add standard 2024-06-23 22:38:24 -03:00
.travis.yml Initial commit. 2017-05-24 01:18:05 +01:00
bsdcapsicum.rb.gemspec gemspec: add fiddle as a runtime dep 2024-06-27 00:40:32 -03:00
Gemfile Initial commit. 2017-05-24 01:18:05 +01:00
LICENSE gemspec: update 2024-06-25 12:26:01 -03:00
Rakefile Add test/readme_test.rb 2024-06-24 23:36:09 -03:00
README.md gemspec: update 2024-06-25 12:26:01 -03:00

README.md

About

bsdcapsicum.rb provides Ruby bindings for FreeBSD's capsicum(4).

Examples

Capability mode

A process can enter into capability mode by calling BSD::Capsicum.enter!. After entering capability mode, the process has limited abilities. File descriptors acquired before entering into capability mode remain accessible and unrestricted, but their capabilites can be reduced. See the cap_enter(2) manual page for more details:

#!/usr/bin/env ruby
require "bsd/capsicum"

print "In capability mode: ", BSD::Capsicum.in_capability_mode? ? "yes" : "no", "\n"
print "Enter capability mode: ", BSD::Capsicum.enter! ? "ok" : "error", "\n"
print "In capability mode: ", BSD::Capsicum.in_capability_mode? ? "yes" : "no", "\n"

begin
  File.new(File::NULL)
rescue Errno::ECAPMODE => ex
  print "Error: #{ex.message} (#{ex.class})", "\n"
end

##
# In capability mode: no
# Enter capability mode: ok
# In capability mode: yes
# Error: Not permitted in capability mode @ rb_sysopen - /dev/null (Errno::ECAPMODE)

IPC

By spawning a child process and then entering capability mode, restrictions can be limited to a child process (and its child processes, if any). This can be helpful in an architecture where a parent process can spawn one or more child processes to handle certain tasks but with restrictions in place:

#!/usr/bin/env ruby
require "bsd/capsicum"

print "[parent] In capability mode: ", BSD::Capsicum.in_capability_mode? ? "yes" : "no", "\n"
fork do
  print "[subprocess] Enter capability mode: ", BSD::Capsicum.enter! ? "ok" : "error", "\n"
  print "[subprocess] In capability mode: ", BSD::Capsicum.in_capability_mode? ? "yes" : "no", "\n"
  print "[subprocess] Exit", "\n"
  exit 42
end
Process.wait
print "[parent] In capability mode: ", BSD::Capsicum.in_capability_mode? ? "yes" : "no", "\n"

##
# [parent] In capability mode: no
# [subprocess] Enter capability mode: ok
# [subprocess] In capability mode: yes
# [subprocess] Exit
# [parent] In capability mode: no

Documentation

A complete API reference is available at 0x1eef.github.io/x/bsdcapsicum.rb

Install

bsdcapsicum.rb is available via rubygems.org:

gem install bsdcapsicum.rb

Sources

See also

  • Freaky/ruby-capsicum
    bsdcapsicum.rb is a fork of this project. It was a huge help both in terms of code and documentation.

License

The gem is available as open source under the terms of the MIT License.