Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dlrobertson/capsicum-rs

Rust bindings for the FreeBSD capsicum framework
https://github.com/dlrobertson/capsicum-rs

capsicum freebsd rust

Last synced: 2 days ago
JSON representation

Rust bindings for the FreeBSD capsicum framework

Host: GitHub
URL: https://github.com/dlrobertson/capsicum-rs
Owner: dlrobertson
License: mpl-2.0
Created: 2016-06-11T04:46:36.000Z (over 8 years ago)
Default Branch: main
Last Pushed: 2024-09-29T22:37:33.000Z (4 months ago)
Last Synced: 2024-10-14T12:49:20.230Z (3 months ago)
Topics: capsicum, freebsd, rust
Language: Rust
Size: 168 KB
Stars: 61
Watchers: 8
Forks: 4
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-rust-cn - dlrobertson/capsicum-rs
awesome-rust - dlrobertson/capsicum-rs
awesome-rust-zh - dlrobertson/capsicum-rs - Freebsd Capsicum 框架的 Rust 绑定 (库 / 平台特定)

README

        # capsicum

[![Current Version](https://img.shields.io/crates/v/capsicum.svg)](https://crates.io/crates/capsicum)

## Contain the awesome!

Rust bindings for the FreeBSD [capsicum](https://www.freebsd.org/cgi/man.cgi?query=capsicum)

framework for OS capability and sandboxing

## Prerequisites

[Rust](https://www.rust-lang.org/), [Cargo](https://crates.io/), and [FreeBSD](https://www.freebsd.org/).

**Note:** This currently only compiles on FreeBSD

## Getting Started

### Get the code

```

git clone https://github.com/danlrobertson/capsicum-rs

cd capsicum-rs

cargo build

```

### Writing code using `capsicum-rs`

#### Entering capability mode

```rust

    use capsicum::{enter, sandboxed};

    use std::fs::File;

    use std::io::Read;

    let mut ok_file = File::open("/tmp/foo").unwrap();

    let mut s = String::new();

    enter().expect("enter failed!");

    assert!(sandboxed(), "application is not sandboxed!");

    match File::create("/tmp/cant_touch_this") {

        Ok(_) => panic!("application is not properly sandboxed!"),

        Err(e) => println!("properly sandboxed: {:?}", e)

    }

    match ok_file.read_to_string(&mut s) {

        Ok(_) => println!("This is okay since we opened the descriptor before sandboxing"),

        Err(_) => panic!("application is not properly sandboxed!")

    }

```

#### Limit capability rights to files

```rust

    use capsicum::{CapRights, Right, RightsBuilder};

    use std::fs::File;

    use std::io::Read;

    let x = rand::random::();

    

    let mut ok_file = File::open("/tmp/foo").unwrap();

    let mut s = String::new();

    

    let mut builder = RightsBuilder::new(Right::Seek);

    

    if x {

        builder.add(Right::Read);

    }

    let rights = builder.finalize().unwrap();

    rights.limit(&ok_file).unwrap();

    

    match ok_file.read_to_string(&mut s) {

        Ok(_) if x => println!("Allowed reading: x = {} ", x),

        Err(_) if !x => println!("Did not allow reading: x = {}", x),

        _ => panic!("Not properly sandboxed"),

    }

```