0x1eef/bsdcontrol.rb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

README: update

Browse source
This commit is contained in:
0x1eef 2024-03-08 01:36:06 -03:00
parent e0fab16bce
commit 513aef03e7
1 changed files with 28 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
README.md
View file

@ -3,19 +3,21 @@
hbsdctl.rb is a C extension that binds libhbsdcontrol from the hbsdctl.rb is a C extension that binds libhbsdcontrol from the
[hardenedbsd](https://hardenedbsd.org) project to Ruby. Through [hardenedbsd](https://hardenedbsd.org) project to Ruby. Through
this library, you can query what features are available and if this library, you can query what features are available and if
root, enable or disable those features for a given file. root: enable, disable or query the status of a feature for a
given file.
## Examples ## Examples
__Available features__ __Features__
As a regular user account, you can obtain a list of available features. As a regular user account, you can obtain a list of available features.
But to enable or disable those features a superuser account is required: But to enable, disable or query the status of a feature for a given file
a superuser account is required:
``` ruby ``` ruby
#!/usr/bin/env ruby #!/usr/bin/env ruby
# As a regular user account # As a regular user account
require 'hbsdctl' require "hbsdctl"
BSD::Control BSD::Control
.available_features .available_features
.each do .each do
@ -23,20 +25,37 @@ BSD::Control
end end
``` ```
__Enable feature__ __Enable__
As a superuser account, you can enable or disable features for a given file. As a superuser account, you can enable or disable a feature for a given file.
The example enables the mprotect feature for the emacs binary: The example enables the mprotect feature for the emacs binary:
``` ruby ``` ruby
#!/usr/bin/env ruby #!/usr/bin/env ruby
# As a root account # As a superuser account
require 'hbsdctl' require "hbsdctl"
BSD::Control BSD::Control
.feature(:mprotect) .feature(:mprotect)
.enable!("/usr/local/bin/emacs-29.2") .enable!("/usr/local/bin/emacs-29.2")
``` ```
__Status__
As a superuser account, you can query whether or not a feature is enabled or disabled
for a given file. There are four statuses that can be returned: `conflict`, `sysdef`,
`enabled`, and `disabled`. The first status (conflict) is rare and indicates that a
feature is both enabled and disabled. The other three are more common. The `sysdef`
status indicates that a feature takes its settings from the system default (sysctl):
``` ruby
#!/usr/bin/env ruby
# As a superuser account
require "hbsdctl"
BSD::Control
.feature(:mprotect)
.status("/bin/ls") # => :sysdef
```
## Documentation ## Documentation
A complete API reference is available at A complete API reference is available at
@ -47,6 +66,7 @@ A complete API reference is available at
**Git** **Git**
hbsdctl.rb is distributed as a RubyGem through its git repositories. <br> hbsdctl.rb is distributed as a RubyGem through its git repositories. <br>
[git.hardenedbsd.org](https://git.hardenedbsd.org/0x1eef/hbsdctl.rb),
[GitHub](https://github.com/0x1eef/hbsdctl.rb), [GitHub](https://github.com/0x1eef/hbsdctl.rb),
and and
[GitLab](https://gitlab.com/0x1eef/hbsdctl.rb) [GitLab](https://gitlab.com/0x1eef/hbsdctl.rb)