{"id":13440024,"url":"https://github.com/dlrobertson/capsicum-rs","last_synced_at":"2025-04-04T22:04:21.836Z","repository":{"id":57530848,"uuid":"60891334","full_name":"dlrobertson/capsicum-rs","owner":"dlrobertson","description":"Rust bindings for the FreeBSD capsicum framework","archived":false,"fork":false,"pushed_at":"2024-09-29T22:37:33.000Z","size":172,"stargazers_count":61,"open_issues_count":3,"forks_count":4,"subscribers_count":8,"default_branch":"main","last_synced_at":"2024-10-14T12:49:20.230Z","etag":null,"topics":["capsicum","freebsd","rust"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dlrobertson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-06-11T04:46:36.000Z","updated_at":"2024-09-29T22:37:37.000Z","dependencies_parsed_at":"2024-01-07T05:58:55.440Z","dependency_job_id":"99e51567-0e33-41c0-9d91-cc5f4c00980f","html_url":"https://github.com/dlrobertson/capsicum-rs","commit_stats":{"total_commits":52,"total_committers":4,"mean_commits":13.0,"dds":"0.32692307692307687","last_synced_commit":"65c49640df1c031d6c0fc80e7fd96882fb6d4e2d"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlrobertson%2Fcapsicum-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlrobertson%2Fcapsicum-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlrobertson%2Fcapsicum-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlrobertson%2Fcapsicum-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dlrobertson","download_url":"https://codeload.github.com/dlrobertson/capsicum-rs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247256107,"owners_count":20909240,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capsicum","freebsd","rust"],"created_at":"2024-07-31T03:01:19.087Z","updated_at":"2025-04-04T22:04:21.811Z","avatar_url":"https://github.com/dlrobertson.png","language":"Rust","funding_links":[],"categories":["Libraries","库","库 Libraries"],"sub_categories":["Platform specific","平台特定","平台标准 Platform specific"],"readme":"# capsicum\n\n[![Current Version](https://img.shields.io/crates/v/capsicum.svg)](https://crates.io/crates/capsicum)\n\n## Contain the awesome!\n\nRust bindings for the FreeBSD [capsicum](https://www.freebsd.org/cgi/man.cgi?query=capsicum)\nframework for OS capability and sandboxing\n\n## Prerequisites\n\n[Rust](https://www.rust-lang.org/), [Cargo](https://crates.io/), and [FreeBSD](https://www.freebsd.org/).\n\n**Note:** This currently only compiles on FreeBSD\n\n## Getting Started\n\n### Get the code\n\n```\ngit clone https://github.com/danlrobertson/capsicum-rs\ncd capsicum-rs\ncargo build\n```\n\n### Writing code using `capsicum-rs`\n\n#### Entering capability mode\n\n```rust\n    use capsicum::{enter, sandboxed};\n    use std::fs::File;\n    use std::io::Read;\n\n    let mut ok_file = File::open(\"/tmp/foo\").unwrap();\n    let mut s = String::new();\n\n    enter().expect(\"enter failed!\");\n    assert!(sandboxed(), \"application is not sandboxed!\");\n\n    match File::create(\"/tmp/cant_touch_this\") {\n        Ok(_) =\u003e panic!(\"application is not properly sandboxed!\"),\n        Err(e) =\u003e println!(\"properly sandboxed: {:?}\", e)\n    }\n\n    match ok_file.read_to_string(\u0026mut s) {\n        Ok(_) =\u003e println!(\"This is okay since we opened the descriptor before sandboxing\"),\n        Err(_) =\u003e panic!(\"application is not properly sandboxed!\")\n    }\n```\n\n#### Limit capability rights to files\n\n```rust\n    use capsicum::{CapRights, Right, RightsBuilder};\n    use std::fs::File;\n    use std::io::Read;\n\n    let x = rand::random::\u003cbool\u003e();\n    \n    let mut ok_file = File::open(\"/tmp/foo\").unwrap();\n    let mut s = String::new();\n    \n    let mut builder = RightsBuilder::new(Right::Seek);\n    \n    if x {\n        builder.add(Right::Read);\n    }\n\n    let rights = builder.finalize().unwrap();\n\n    rights.limit(\u0026ok_file).unwrap();\n    \n    match ok_file.read_to_string(\u0026mut s) {\n        Ok(_) if x =\u003e println!(\"Allowed reading: x = {} \", x),\n        Err(_) if !x =\u003e println!(\"Did not allow reading: x = {}\", x),\n        _ =\u003e panic!(\"Not properly sandboxed\"),\n    }\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlrobertson%2Fcapsicum-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdlrobertson%2Fcapsicum-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlrobertson%2Fcapsicum-rs/lists"}