Ruby bindings for libhbsdcontrol(3)
| .bundle | ||
| ext/hbsdctl.rb | ||
| lib | ||
| .gitignore | ||
| .projectile | ||
| Gemfile | ||
| Gemfile.lock | ||
| hbsdctl.rb.gemspec | ||
| LICENSE | ||
| Rakefile.rb | ||
| README.md | ||
About
hbsdctl.rb is a Ruby C extension that binds libhbsdcontrol from the hardenedbsd project. Through this library, you can query what features are available and if root, enable or disable those features for a given executable.
Examples
Available features
As a regular user account, you can obtain a list of available features. But to enable or disable those features a superuser account is required:
#!/usr/bin/env ruby
# As a regular user account
require 'hbsdctl'
BSD::Control
.available_features
.each do
print "The ", _1.name, " feature is available", "\n"
end
Enable feature
As a superuser account, you can enable or disable features for a given executable. The example enables the mprotect feature for the emacs binary:
#!/usr/bin/env ruby
# As a root account
require 'hbsdctl'
BSD::Control
.feature!("mprotect")
.enable!("/usr/local/bin/emacs")
Install
Git
hbsdctl.rb is distributed as a RubyGem through its git repositories.
GitHub,
and
GitLab
are available as sources.
Rubygems.org
lock.rb can also be installed via rubygems.org.
gem install hbsdctl.rb
License
BSD Zero Clause.
See LICENSE.