capsicum-rs

Contain the awesome!

Rust bindings for the FreeBSD capsicum framework for OS capability and sandboxing

Prerequisites

Rust, Cargo, and FreeBSD.

Note: This currently only compiles on FreeBSD

Getting Started

Get the code

git clone https://github.com/danlrobertson/capsicum-rs cd capsicum-rs cargo build

Writing code using capsicum-rs

Entering capability mode

``` use capsicum::{enter, sandboxed}; use std::fs::File; use std::io::Read;

let mut ok_file = File::open("/tmp/foo").unwrap(); let mut s = String::new();

enter().expect("enter failed!"); assert!(sandboxed(), "application is not sandboxed!");

match File::create("/tmp/canttouchthis") { Ok(_) => panic!("application is not properly sandboxed!"), Err(e) => println!("properly sandboxed: {:?}", e) }

match okfile.readtostring(&mut s) { Ok() => println!("This is okay since we opened the descriptor before sandboxing"), Err(_) => panic!("application is not properly sandboxed!") } ```

Limit capability rights to files

``` use capsicum::{Right, RightsBuilder}; use std::fs::{self, File};

let x = rand::random::();

let mut ok_file = File::open("/tmp/foo").unwrap(); let mut s = String::new();

let mut builder = RightsBuilder::new(Right::Seek);

if if x < 42 { builder.add(Right::Read); }

match okfile.readtostring(&mut s) { Ok() if othervalue => println!("Since other value is true we allowed reading"), Err() if !other_value => panic!("Since other value is false we did not allow reading"), _ => panic!("Application is not properly sandboxed!") } ```