#freebsd #sandbox

capsicum

Simple intuitive Rust bindings for the FreeBSD capsicum framework

11 releases

new 0.4.4 Dec 8, 2024
0.4.3 Oct 14, 2024
0.4.2 Jun 4, 2024
0.3.0 Sep 21, 2023
0.1.1 Jun 12, 2016

#104 in Unix APIs

Download history 17/week @ 2024-08-21 20/week @ 2024-08-28 10/week @ 2024-09-04 8/week @ 2024-09-18 25/week @ 2024-09-25 13/week @ 2024-10-02 167/week @ 2024-10-09 80/week @ 2024-10-16 19/week @ 2024-10-23 29/week @ 2024-10-30 36/week @ 2024-11-06 21/week @ 2024-11-13 22/week @ 2024-11-20 11/week @ 2024-11-27 101/week @ 2024-12-04

157 downloads per month
Used in 3 crates

MPL-2.0 license

58KB
837 lines

capsicum

Current Version

Contain the awesome!

Rust bindings for the FreeBSD capsicum framework for OS capability and sandboxing

Prerequisites

Rust, Cargo, and FreeBSD.

Note: This currently only compiles on FreeBSD

Getting Started

Get the code

git clone https://github.com/danlrobertson/capsicum-rs
cd capsicum-rs
cargo build

Writing code using capsicum-rs

Entering capability mode

    use capsicum::{enter, sandboxed};
    use std::fs::File;
    use std::io::Read;

    let mut ok_file = File::open("/tmp/foo").unwrap();
    let mut s = String::new();

    enter().expect("enter failed!");
    assert!(sandboxed(), "application is not sandboxed!");

    match File::create("/tmp/cant_touch_this") {
        Ok(_) => panic!("application is not properly sandboxed!"),
        Err(e) => println!("properly sandboxed: {:?}", e)
    }

    match ok_file.read_to_string(&mut s) {
        Ok(_) => println!("This is okay since we opened the descriptor before sandboxing"),
        Err(_) => panic!("application is not properly sandboxed!")
    }

Limit capability rights to files

    use capsicum::{CapRights, Right, RightsBuilder};
    use std::fs::File;
    use std::io::Read;

    let x = rand::random::<bool>();
    
    let mut ok_file = File::open("/tmp/foo").unwrap();
    let mut s = String::new();
    
    let mut builder = RightsBuilder::new(Right::Seek);
    
    if x {
        builder.add(Right::Read);
    }

    let rights = builder.finalize().unwrap();

    rights.limit(&ok_file).unwrap();
    
    match ok_file.read_to_string(&mut s) {
        Ok(_) if x => println!("Allowed reading: x = {} ", x),
        Err(_) if !x => println!("Did not allow reading: x = {}", x),
        _ => panic!("Not properly sandboxed"),
    }

Dependencies

~0.2–0.8MB
~19K SLoC