Module: BSD::Capsicum

Extended by:
Capsicum
Included in:
Capsicum
Defined in:
lib/bsd/capsicum.rb,
lib/bsd/capsicum/ffi.rb,
lib/bsd/capsicum/version.rb,
lib/bsd/capsicum/constants.rb

Defined Under Namespace

Modules: Constants, IO

Constant Summary collapse

VERSION =
"0.4.1"

Instance Method Summary collapse

Instance Method Details

#in_capability_mode?Boolean Also known as: capability_mode?

Check if we’re in capability mode

Returns:

  • (Boolean)

    Returns true when the current process is in capability mode

Raises:

  • (SystemCallError)

    Might raise a subclass of SystemCallError

See Also:



20
21
22
23
24
25
26
27
28
29
# File 'lib/bsd/capsicum.rb', line 20

def in_capability_mode?
  uintp = Fiddle::Pointer.malloc(Fiddle::SIZEOF_UINT)
  if FFI.cap_getmode(uintp).zero?
    uintp[0, Fiddle::SIZEOF_UINT].unpack("i") == [1]
  else
    raise SystemCallError.new("cap_getmode", Fiddle.last_error)
  end
ensure
  uintp.call_free
end

#enter!Boolean Also known as: enter_capability_mode!, enter_cap_mode!

Enter a process into capability mode

Returns:

  • (Boolean)

    Returns true when successful

Raises:

  • (SystemCallError)

    Might raise a subclass of SystemCallError

See Also:



39
40
41
42
# File 'lib/bsd/capsicum.rb', line 39

def enter!
  FFI.cap_enter.zero? ||
  raise(SystemCallError.new("cap_enter", Fiddle.last_error))
end

#permit!(io, *caps, scope: :rights) ⇒ Boolean

Limit the capabilities of a file descriptor

Examples:

# Permit standard output operations to read and write
BSD::Capsicum.permit!(STDOUT, :CAP_READ, :CAP_WRITE)
# Ditto
BSD::Capsicum.permit!(STDOUT, :read, :write)

Parameters:

  • io (#fileno, #to_i)

    An IO object

  • caps (Array<Symbol, Integer>)

    An allowed set of capabilities

  • scope (Symbol) (defaults to: :rights)

    The scope of the permit, either nil or :fcntl

Returns:

  • (Boolean)

    Returns true when successful

Raises:

  • (SystemCallError)

    Might raise a subclass of SystemCallError

See Also:



65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/bsd/capsicum.rb', line 65

def permit!(io, *caps, scope: :rights)
  if scope == :fcntl
    FFI.cap_fcntls_limit(io.to_i, caps).zero? ||
      raise(SystemCallError.new("cap_fcntls_limit", Fiddle.last_error))
  elsif scope == :rights
    rightsp = Fiddle::Pointer.malloc(Constants::SIZEOF_CAP_RIGHTS_T)
    FFI.cap_rights_init(rightsp, *caps)
    FFI.cap_rights_limit(io.to_i, rightsp).zero? ||
      raise(SystemCallError.new("cap_rights_limit", Fiddle.last_error))
  else
    raise ArgumentError, "invalid scope: #{scope}"
  end
ensure
  rightsp&.call_free
end