Module: BSD::Capsicum

Extended by:: Capsicum

Included in:: Capsicum

Defined in:: lib/bsd/capsicum.rb,
lib/bsd/capsicum/ffi.rb,
lib/bsd/capsicum/version.rb,
lib/bsd/capsicum/constants.rb

Defined Under Namespace

Constant Summary collapse

VERSION =

"0.3.0"

Instance Method Summary collapse

#in_capability_mode? ⇒ Boolean (also: #capability_mode?)
Check if we’re in capability mode.
#enter! ⇒ Boolean (also: #enter_capability_mode!)
Enter a process into capability mode.
#limit!(io, allow:) ⇒ Boolean
Limit the capabilities of a file descriptor.

Instance Method Details

#in_capability_mode? ⇒ `Boolean` Also known as: capability_mode?

Check if we’re in capability mode

Returns:

(Boolean) —
Returns true when the current process is in capability mode

Raises:

(SystemCallError) —
Might raise a subclass of SystemCallError

#enter! ⇒ `Boolean` Also known as: enter_capability_mode!

Enter a process into capability mode

Returns:

(Boolean) —
Returns true when successful

Raises:

(SystemCallError) —
Might raise a subclass of SystemCallError

#limit!(io, allow:) ⇒ `Boolean`

Limit the capabilities of a file descriptor

Examples:

# Limit standard output operations to read and write
BSD::Capsicum.limit!(STDOUT, allow: %i[CAP_READ CAP_WRITE])
# Ditto
BSD::Capsicum.limit!(STDOUT, allow: %i[read write])

Parameters:

io (#to_i) —
An IO object
allow (Array<Symbol, Integer>) —
An allowed set of capabilities

Returns:

(Boolean) —
Returns true when successful

Raises:

(SystemCallError) —
Might raise a subclass of SystemCallError

Module: BSD::Capsicum

Defined Under Namespace

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#in_capability_mode? ⇒ Boolean Also known as: capability_mode?

#enter! ⇒ Boolean Also known as: enter_capability_mode!

#limit!(io, allow:) ⇒ Boolean

Examples:

#in_capability_mode? ⇒ `Boolean` Also known as: capability_mode?

#enter! ⇒ `Boolean` Also known as: enter_capability_mode!

#limit!(io, allow:) ⇒ `Boolean`