Ruby bindings for libhbsdcontrol(3)
| .bundle | ||
| ext/hbsdctl.rb | ||
| lib | ||
| .gitignore | ||
| .projectile | ||
| Gemfile | ||
| Gemfile.lock | ||
| hbsdctl.rb.gemspec | ||
| Rakefile.rb | ||
| README.md | ||
About
hbsdctl.rb is a Ruby C extension that binds libhbsdcontrol from the hardenedbsd project. Through this library, you can query what features are available and if root, enable or disable those features for given binaries.
Examples
Available features
As a regular user account, you can obtain a list of available features. But to enable or disable those features a superuser account is required:
#!/usr/bin/env ruby
# As a regular user account
require 'hbsdctl'
BSD::Control
.available_features
.each do
print "The ", _1.name, " feature is available", "\n"
end
Enable feature
As a superuser account, you can enable or disable features for a given executable. The example enables the mprotect feature for the emacs binary:
#!/usr/bin/env ruby
# As a root account
require 'hbsdctl'
BSD::Control
.feature!("mprotect")
.enable!("/usr/local/bin/emacs")
License
BSD Zero Clause.
See LICENSE.