python bindings to freebsd's capsicum API
Python
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
docs
spyce
.gitignore
LICENSE
MANIFEST.in
README.md
requirements-docs.txt
setup.py
tox.ini
vcversioner.py

README.md

spyce

What it is

spyce provides Python bindings for FreeBSD's Capsicum sandboxing framework.

It uses cffi, so it works with CPython 2 & 3 as well as PyPy.

NB: This has only been tested against against FreeBSD 10.1-RELEASE

What it does

spyce currently provides the following:

        from spyce import Rights, getFileRights, CAP_READ, CAP_SEEK
        with open('somefile', 'rb') as f:
            originalRights = getFileRights(f)
            assert originalRights & {CAP_READ, CAP_SEEK}
            Rights([CAP_READ, CAP_SEEK]).limitFile(f)
            # do some stuff!
        from spyce import FcntlRights, getFileFcntlRights, CAP_FCNTL_GETFL
        with open('somefile', 'rb') as f:
            originalFcntlRights = getFileFcntlRights(f)
            assert CAP_FCNTL_GETFL in originalFcntlRights
            FcntlRights([CAP_FCNTL_GETFL]).limitFile(f)
            # do some stuff!
        from spyce import IoctlRights, getFileIoctlRights, CAP_IOCTLS_ALL
        from termios import FIOCLEX
        with open('somefile', 'rb') as f:
            originalIoctlRights = getFileIoctlRights(f)
            assert originalIoctlRights.allIoctls
            IoctlRights([FIOCLEX]).limitFile(f)
            # do some stuff!

All limitFile methods work on objects with .fileno() methods or integers.

Docs are coming soon!