#sandbox #free-bsd

capsicum

Simple intuitive Rust bindings for the FreeBSD capsicum framework

6 releases

new 0.3.0 Sep 21, 2023
0.2.0 Feb 16, 2023
0.1.3 Dec 2, 2022
0.1.2 Jun 28, 2017
0.1.1 Jun 12, 2016

#103 in Unix APIs

Download history 16/week @ 2023-06-05 21/week @ 2023-06-12 26/week @ 2023-06-19 25/week @ 2023-06-26 21/week @ 2023-07-03 8/week @ 2023-07-10 12/week @ 2023-07-17 9/week @ 2023-07-24 5/week @ 2023-07-31 7/week @ 2023-08-07 11/week @ 2023-08-14 11/week @ 2023-08-21 18/week @ 2023-08-28 16/week @ 2023-09-04 8/week @ 2023-09-11 66/week @ 2023-09-18

108 downloads per month
Used in freebsd-nfs-exporter

MPL-2.0 license

49KB
731 lines

capsicum

Current Version

Contain the awesome!

Rust bindings for the FreeBSD capsicum framework for OS capability and sandboxing

Prerequisites

Rust, Cargo, and FreeBSD.

Note: This currently only compiles on FreeBSD

Getting Started

Get the code

git clone https://github.com/danlrobertson/capsicum-rs
cd capsicum-rs
cargo build

Writing code using capsicum-rs

Entering capability mode

    use capsicum::{enter, sandboxed};
    use std::fs::File;
    use std::io::Read;

    let mut ok_file = File::open("/tmp/foo").unwrap();
    let mut s = String::new();

    enter().expect("enter failed!");
    assert!(sandboxed(), "application is not sandboxed!");

    match File::create("/tmp/cant_touch_this") {
        Ok(_) => panic!("application is not properly sandboxed!"),
        Err(e) => println!("properly sandboxed: {:?}", e)
    }

    match ok_file.read_to_string(&mut s) {
        Ok(_) => println!("This is okay since we opened the descriptor before sandboxing"),
        Err(_) => panic!("application is not properly sandboxed!")
    }

Limit capability rights to files

    use capsicum::{CapRights, Right, RightsBuilder};
    use std::fs::File;
    use std::io::Read;

    let x = rand::random::<bool>();
    
    let mut ok_file = File::open("/tmp/foo").unwrap();
    let mut s = String::new();
    
    let mut builder = RightsBuilder::new(Right::Seek);
    
    if x {
        builder.add(Right::Read);
    }

    let rights = builder.finalize().unwrap();

    rights.limit(&ok_file).unwrap();
    
    match ok_file.read_to_string(&mut s) {
        Ok(_) if x => println!("Allowed reading: x = {} ", x),
        Err(_) if !x => println!("Did not allow reading: x = {}", x),
        _ => panic!("Not properly sandboxed"),
    }

Dependencies

~0.4–1MB
~22K SLoC