Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

spyce

What it is

spyce provides Python bindings for FreeBSD's Capsicum sandboxing framework.

It uses cffi, so it works with CPython 2 & 3 as well as PyPy.

NB: This has only been tested against against FreeBSD 10.1-RELEASE

What it does

spyce currently provides the following:

        from spyce import Rights, getFileRights, CAP_READ, CAP_SEEK
        with open('somefile', 'rb') as f:
            originalRights = getFileRights(f)
            assert originalRights & {CAP_READ, CAP_SEEK}
            Rights([CAP_READ, CAP_SEEK]).limitFile(f)
            # do some stuff!
        from spyce import FcntlRights, getFileFcntlRights, CAP_FCNTL_GETFL
        with open('somefile', 'rb') as f:
            originalFcntlRights = getFileFcntlRights(f)
            assert CAP_FCNTL_GETFL in originalFcntlRights
            FcntlRights([CAP_FCNTL_GETFL]).limitFile(f)
            # do some stuff!
        from spyce import IoctlRights, getFileIoctlRights, CAP_IOCTLS_ALL
        from termios import FIOCLEX
        with open('somefile', 'rb') as f:
            originalIoctlRights = getFileIoctlRights(f)
            assert originalIoctlRights.allIoctls
            IoctlRights([FIOCLEX]).limitFile(f)
            # do some stuff!

All limitFile methods work on objects with .fileno() methods or integers.

Docs are coming soon!

About

python bindings to freebsd's capsicum API

Resources

License

Languages

You can’t perform that action at this time.