capsec_std/
process.rs

1//! Capability-gated subprocess execution.
2//!
3//! Drop-in replacements for `std::process` functions that require a capability token.
4
5use capsec_core::cap::Cap;
6use capsec_core::error::CapSecError;
7use capsec_core::has::Has;
8use capsec_core::permission::Spawn;
9use std::process::{Command, Output};
10
11/// Creates a new `Command` for the given program.
12/// Requires [`Spawn`] permission.
13///
14/// Returns a `std::process::Command` that can be further configured before execution.
15pub fn command(program: &str, cap: &impl Has<Spawn>) -> Command {
16    let _proof: Cap<Spawn> = cap.cap_ref();
17    Command::new(program)
18}
19
20/// Runs a program with arguments and returns its output.
21/// Requires [`Spawn`] permission.
22pub fn run(program: &str, args: &[&str], cap: &impl Has<Spawn>) -> Result<Output, CapSecError> {
23    let _proof: Cap<Spawn> = cap.cap_ref();
24    Ok(Command::new(program).args(args).output()?)
25}
capsec_std/process.rs

capsec_std/
process.rs
