module Capsicum

Constants

VERSION

Public Class Methods

enter!() click to toggle source

Enter capability sandbox mode.

@see cap_enter(2)

@return [Boolean] true if we've entered capability mode. @raise [Errno::ENOTCAPABLE] - Capsicum not enabled.

# File lib/capsicum.rb, line 42
def enter!
  ret = LibC.cap_enter

  if ret == 0
    return true
  else
    raise SystemCallError.new("cap_enter", LibC.errno)
  end
end

sandboxed?() click to toggle source

Check if we're in capability mode.

@see cap_getmode(2)

@return [Boolean] true if we've entered capability mode @raise [Errno::ENOTCAPABLE] - Capsicum not enabled.

# File lib/capsicum.rb, line 25
def sandboxed?
  ptr = IntPtr.new
  ret = LibC.cap_getmode(ptr)

  if ret == 0
    ptr[:value] == 1
  else
    raise SystemCallError.new("cap_getmode", LibC.errno)
  end
end

within_sandbox() { || ... } click to toggle source

Run the block within a forked process in capability mode and wait for it to complete.

@yield block to run within the forked child. @return [Process::Status] exit status of the forked child.

# File lib/capsicum.rb, line 57
def within_sandbox
  return enum_for(:within_sandbox) unless block_given?

  pid = fork do
    Capsicum.enter!
    yield
  end

  Process.waitpid2(pid).last
end

Private Instance Methods