#freebsd #sandbox

capsicum

Simple intuitive Rust bindings for the FreeBSD capsicum framework

10 releases

0.4.3 Oct 14, 2024
0.4.2 Jun 4, 2024
0.3.0 Sep 21, 2023
0.2.0 Feb 16, 2023
0.1.1 Jun 12, 2016

#76 in Unix APIs

Download history 17/week @ 2024-07-08 9/week @ 2024-07-15 16/week @ 2024-07-22 15/week @ 2024-07-29 10/week @ 2024-08-05 14/week @ 2024-08-12 18/week @ 2024-08-19 21/week @ 2024-08-26 13/week @ 2024-09-02 31/week @ 2024-09-23 10/week @ 2024-09-30 20/week @ 2024-10-07 225/week @ 2024-10-14 22/week @ 2024-10-21

279 downloads per month
Used in 3 crates

MPL-2.0 license

57KB
825 lines

capsicum

Current Version

Contain the awesome!

Rust bindings for the FreeBSD capsicum framework for OS capability and sandboxing

Prerequisites

Rust, Cargo, and FreeBSD.

Note: This currently only compiles on FreeBSD

Getting Started

Get the code

git clone https://github.com/danlrobertson/capsicum-rs
cd capsicum-rs
cargo build

Writing code using capsicum-rs

Entering capability mode

    use capsicum::{enter, sandboxed};
    use std::fs::File;
    use std::io::Read;

    let mut ok_file = File::open("/tmp/foo").unwrap();
    let mut s = String::new();

    enter().expect("enter failed!");
    assert!(sandboxed(), "application is not sandboxed!");

    match File::create("/tmp/cant_touch_this") {
        Ok(_) => panic!("application is not properly sandboxed!"),
        Err(e) => println!("properly sandboxed: {:?}", e)
    }

    match ok_file.read_to_string(&mut s) {
        Ok(_) => println!("This is okay since we opened the descriptor before sandboxing"),
        Err(_) => panic!("application is not properly sandboxed!")
    }

Limit capability rights to files

    use capsicum::{CapRights, Right, RightsBuilder};
    use std::fs::File;
    use std::io::Read;

    let x = rand::random::<bool>();
    
    let mut ok_file = File::open("/tmp/foo").unwrap();
    let mut s = String::new();
    
    let mut builder = RightsBuilder::new(Right::Seek);
    
    if x {
        builder.add(Right::Read);
    }

    let rights = builder.finalize().unwrap();

    rights.limit(&ok_file).unwrap();
    
    match ok_file.read_to_string(&mut s) {
        Ok(_) if x => println!("Allowed reading: x = {} ", x),
        Err(_) if !x => println!("Did not allow reading: x = {}", x),
        _ => panic!("Not properly sandboxed"),
    }

Dependencies

~0.2–0.9MB
~20K SLoC