capsicum
| Crates.io | capsicum |
| lib.rs | capsicum |
| version | |
| source | src |
| created_at | 2016-06-11 18:00:15.376846 |
| updated_at | 2024-10-14 17:27:05.338812 |
| description | Simple intuitive Rust bindings for the FreeBSD capsicum framework |
| homepage | |
| repository | https://github.com/dlrobertson/capsicum-rs |
| max_upload_size | |
| id | 5349 |
| Cargo.toml error: | TOML parse error at line 27, column 1 | 27 | autolib = false | ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include` |
| size | 0 |
Alan Somers (asomers)
documentation
README
capsicum
Contain the awesome!
Rust bindings for the FreeBSD capsicum framework for OS capability and sandboxing
Prerequisites
Note: This currently only compiles on FreeBSD
Getting Started
Get the code
git clone https://github.com/danlrobertson/capsicum-rs
cd capsicum-rs
cargo build
Writing code using capsicum-rs
Entering capability mode
use capsicum::{enter, sandboxed};
use std::fs::File;
use std::io::Read;
let mut ok_file = File::open("/tmp/foo").unwrap();
let mut s = String::new();
enter().expect("enter failed!");
assert!(sandboxed(), "application is not sandboxed!");
match File::create("/tmp/cant_touch_this") {
Ok(_) => panic!("application is not properly sandboxed!"),
Err(e) => println!("properly sandboxed: {:?}", e)
}
match ok_file.read_to_string(&mut s) {
Ok(_) => println!("This is okay since we opened the descriptor before sandboxing"),
Err(_) => panic!("application is not properly sandboxed!")
}
Limit capability rights to files
use capsicum::{CapRights, Right, RightsBuilder};
use std::fs::File;
use std::io::Read;
let x = rand::random::<bool>();
let mut ok_file = File::open("/tmp/foo").unwrap();
let mut s = String::new();
let mut builder = RightsBuilder::new(Right::Seek);
if x {
builder.add(Right::Read);
}
let rights = builder.finalize().unwrap();
rights.limit(&ok_file).unwrap();
match ok_file.read_to_string(&mut s) {
Ok(_) if x => println!("Allowed reading: x = {} ", x),
Err(_) if !x => println!("Did not allow reading: x = {}", x),
_ => panic!("Not properly sandboxed"),
}