Module: BSD::Capsicum

Extended by:

Capsicum

Included in:

Capsicum

Defined in:

lib/bsd/capsicum.rb,
lib/bsd/capsicum/ffi.rb,
lib/bsd/capsicum/version.rb,
lib/bsd/capsicum/constants.rb

Defined Under Namespace

Modules: Constants, IO

Constant Summary

VERSION =

"0.4.1"

Instance Method Summary

• #in_capability_mode? ⇒ Boolean (also: #capability_mode?)

  Check if we’re in capability mode.

• #enter! ⇒ Boolean (also: #enter_capability_mode!, #enter_cap_mode!)

  Enter a process into capability mode.

• #permit!(io, *caps, scope: :rights) ⇒ Boolean

  Limit the capabilities of a file descriptor.

Instance Method Details

#in_capability_mode? ⇒ Boolean Also known as: capability_mode?

Check if we’re in capability mode

Returns:

• (Boolean) —

  Returns true when the current process is in capability mode

Raises:

• (SystemCallError) —

  Might raise a subclass of SystemCallError

See Also:

• cap_getmode(2)

# File 'lib/bsd/capsicum.rb', line 20

def in_capability_mode?
  uintp = Fiddle::Pointer.malloc(Fiddle::SIZEOF_UINT)
  if FFI.cap_getmode(uintp).zero?
    uintp[0, Fiddle::SIZEOF_UINT].unpack("i") == [1]
  else
    raise SystemCallError.new("cap_getmode", Fiddle.last_error)
  end
ensure
  uintp.call_free
end

#enter! ⇒ Boolean Also known as: enter_capability_mode!, enter_cap_mode!

Enter a process into capability mode

Returns:

• (Boolean) —

  Returns true when successful

Raises:

• (SystemCallError) —

  Might raise a subclass of SystemCallError

See Also:

• cap_enter(2)

# File 'lib/bsd/capsicum.rb', line 39

def enter!
  FFI.cap_enter.zero? ||
  raise(SystemCallError.new("cap_enter", Fiddle.last_error))
end

#permit!(io, *caps, scope: :rights) ⇒ Boolean

Limit the capabilities of a file descriptor

Examples:

# Permit standard output operations to read and write
BSD::Capsicum.permit!(STDOUT, :CAP_READ, :CAP_WRITE)
# Ditto
BSD::Capsicum.permit!(STDOUT, :read, :write)

Parameters:

• io (#fileno, #to_i) —

  An IO object

• caps (Array<Symbol, Integer>) —

  An allowed set of capabilities

• scope (Symbol) (defaults to: :rights) —

  The scope of the permit, either nil or :fcntl

Returns:

• (Boolean) —

  Returns true when successful

Raises:

• (SystemCallError) —

  Might raise a subclass of SystemCallError

See Also:

• cap_rights_limit(2)
• See Constants for a full list of capabilities

# File 'lib/bsd/capsicum.rb', line 65

def permit!(io, *caps, scope: :rights)
  if scope == :fcntl
    FFI.cap_fcntls_limit(io.to_i, caps).zero? ||
      raise(SystemCallError.new("cap_fcntls_limit", Fiddle.last_error))
  elsif scope == :rights
    rightsp = Fiddle::Pointer.malloc(Constants::SIZEOF_CAP_RIGHTS_T)
    FFI.cap_rights_init(rightsp, *caps)
    FFI.cap_rights_limit(io.to_i, rightsp).zero? ||
      raise(SystemCallError.new("cap_rights_limit", Fiddle.last_error))
  else
    raise ArgumentError, "invalid scope: #{scope}"
  end
ensure
  rightsp&.call_free
end