0x1eef/bsdcontrol.rb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Ruby bindings for libhbsdcontrol(3)
57 commits 1 branch 0 tags 140 KiB
Ruby 62.2%
C 31.5%
Shell 6.3%
Find a file
0x1eef 000568a82e Feature#conflict? -> Feature#invalid?
2024-03-20 19:10:35 -03:00
.bundle First commit 2024-02-29 22:29:43 -03:00
bin Add more testcases 2024-03-07 22:57:24 -03:00
ext/bsdcontrol.rb Add BSD::Control::Feature#sysdef! 2024-03-20 18:34:15 -03:00
lib Feature#conflict? -> Feature#invalid? 2024-03-20 19:10:35 -03:00
test Add BSD::Control::Feature#sysdef! 2024-03-20 18:34:15 -03:00
.clang-format Reimplement on top of libhbsdcontrol v2 2024-03-20 16:26:58 -03:00
.gitignore First commit 2024-02-29 22:29:43 -03:00
.projectile First commit 2024-02-29 22:29:43 -03:00
.styleguide.cfg Add .styleguide.cfg 2024-03-07 01:34:34 -03:00
bsdcontrol.rb.gemspec New project name: bsdcontrol.rb 2024-03-20 17:34:28 -03:00
Gemfile First commit 2024-02-29 22:29:43 -03:00
Gemfile.lock New project name: bsdcontrol.rb 2024-03-20 17:34:28 -03:00
LICENSE Add LICENSE 2024-02-29 22:35:05 -03:00
Rakefile.rb New project name: bsdcontrol.rb 2024-03-20 17:34:28 -03:00
README.md README: update outdated docs 2024-03-20 17:58:44 -03:00

README.md

About

bsdcontrol.rb provides Ruby bindings for libhbsdcontrol from the hardenedbsd project. Through this library, you can query what features are available and if root: enable or disable a feature for a given file, or restore the system default for a given file.

Examples

Features

As an unprivileged user or as a superuser, you can obtain a list of available features:

#!/usr/bin/env ruby
# Required privileges: unprivileged user or superuser.
require "hbsdctl"
BSD::Control
  .available_features
  .each do
  print "The ", _1.name, " feature is available", "\n"
end

Enable

As a superuser, you can enable or disable a feature for a given file. The example enables the mprotect feature for the emacs binary. When a feature is enabled for a given file, that setting takes precendence over the system default (sysctl):

#!/usr/bin/env ruby
# Required privileges: superuser.
require "hbsdctl"
BSD::Control
  .feature(:mprotect)
  .enable!("/usr/local/bin/emacs-29.2")

Status

As a superuser, you can query the status of a feature for a given file. There are five recognized statuses: unknown, enabled, disabled, sysdef, and invalid. The sysdef status indicates that a feature takes its settings from the system default (sysctl), and is the most common status:

#!/usr/bin/env ruby
# Required privileges: superuser.
require "hbsdctl"
BSD::Control
  .feature(:mprotect)
  .status("/bin/ls") # => :sysdef

Documentation

A complete API reference is available at 0x1eef.github.io/x/bsdcontrol.rb.

Install

Rubygems.org

bsdcontrol.rb can be installed via rubygems.org.

gem install bsdcontrol.rb

Sources

License

BSD Zero Clause.
See LICENSE.