169 lines
3.5 KiB
Ruby
169 lines
3.5 KiB
Ruby
module BSD::Control
|
|
class Feature < Struct.new(:name, :enable, :disable)
|
|
##
|
|
# @return [Array<BSD::Control::Feature>]
|
|
# Returns an array of available features.
|
|
def self.available
|
|
BSD::Control::FFI.available_features
|
|
end
|
|
|
|
##
|
|
# @group Actions
|
|
|
|
##
|
|
# Enables a feature for a given file.
|
|
#
|
|
# @param [String] path
|
|
# The path to a file.
|
|
#
|
|
# @raise [BSD::Control::Error]
|
|
# When the operation fails.
|
|
#
|
|
# @return [Boolean]
|
|
# Returns true on success.
|
|
def enable!(path)
|
|
set!(path, BSD::Control::Enable)
|
|
end
|
|
|
|
##
|
|
# Disables a feature for a given file.
|
|
#
|
|
# @param [String] path
|
|
# The path to a file.
|
|
#
|
|
# @raise [BSD::Control::Error]
|
|
# When the operation fails.
|
|
#
|
|
# @return [Boolean]
|
|
# Returns true on success.
|
|
def disable!(path)
|
|
set!(path, BSD::Control::Disable)
|
|
end
|
|
|
|
##
|
|
# Restore system defaults for a given file.
|
|
#
|
|
# @param [String] path
|
|
# The path to a file.
|
|
#
|
|
# @raise [BSD::Control::Error]
|
|
# When the operation fails.
|
|
#
|
|
# @return [Boolean]
|
|
# Returns true on success.
|
|
def sysdef!(path)
|
|
FFI.sysdef!(self, path)
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true when a feature is enabled.
|
|
def enabled?(path)
|
|
status(path) == :enabled
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true when a feature is disabled.
|
|
def disabled?(path)
|
|
status(path) == :disabled
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true when a feature is configured to use the system default.
|
|
def sysdef?(path)
|
|
status(path) == :sysdef
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true when a feature is in conflict
|
|
# (i.e: the feature is both enabled and disabled at the same time).
|
|
def conflict?(path)
|
|
status(path) == :conflict
|
|
end
|
|
|
|
##
|
|
# @param [String] path
|
|
# The path to a file.
|
|
# @return [Symbol]
|
|
# Returns the feature status of a file.
|
|
# Status can be one of: `:conflict`, `:sysdef`, `:enabled`, `:disabled`.
|
|
def status(path)
|
|
FFI.status(self, path)
|
|
rescue Errno::ENOATTR
|
|
:sysdef
|
|
end
|
|
|
|
# @endgroup
|
|
|
|
##
|
|
# @group Predicates
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the pageexec feature.
|
|
def pageexec?
|
|
name == "pageexec"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the mprotect feature.
|
|
def mprotect?
|
|
name == "mprotect"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the segv-guard feature.
|
|
def segvguard?
|
|
name == "segvguard"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the ASLR feature.
|
|
def aslr?
|
|
name == "aslr"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the shlibrandom feature.
|
|
def shlibrandom?
|
|
name == "shlibrandom"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the disallow-map32bit feature.
|
|
def disallow_map32bit?
|
|
name == "disallow_map32bit"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the insecure kmod feature.
|
|
def insecure_kmod?
|
|
name == "insecure_kmod"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the harden SHM feature.
|
|
def harden_shm?
|
|
name == "harden_shm"
|
|
end
|
|
|
|
##
|
|
# @return [Boolean]
|
|
# Returns true for the prohibit ptrace capsicum feature.
|
|
def prohibit_ptrace_capsicum?
|
|
name == "prohibit_ptrace_capsicum"
|
|
end
|
|
|
|
# @endgroup
|
|
end
|
|
end
|