§Entering capability mode
use capsicum::{enter, sandboxed};
use std::fs::File;
use std::io::Read;
let mut ok_file = File::open("/etc/passwd").unwrap();
let mut s = String::new();
enter().expect("enter failed!");
assert!(sandboxed(), "application is not sandboxed!");
match File::create("/tmp/cant_touch_this") {
Ok(_) => panic!("application is not properly sandboxed!"),
Err(e) => println!("properly sandboxed: {:?}", e)
}
match ok_file.read_to_string(&mut s) {
Ok(_) => println!("This is okay since we opened the descriptor before sandboxing"),
Err(_) => panic!("application is not properly sandboxed!")
}
§Limit capability rights to files
use capsicum::{CapRights, Right, FileRights};
use std::fs::File;
use std::io::Read;
let mut ok_file = File::open("/etc/passwd").unwrap();
let mut s = String::new();
FileRights::new()
.allow(Right::Seek)
.allow(Right::Read)
.limit(&ok_file).unwrap();
assert!(ok_file.read_to_string(&mut s).is_ok());
§Opening new files in a subdirectory after entering capability mode
use std::fs::File;
use std::io::Read;
let aa = cap_std::ambient_authority();
let etc = cap_std::fs::Dir::open_ambient_dir("/etc", aa).unwrap();
capsicum::enter().expect("enter failed!");
let aa = cap_std::ambient_authority();
cap_std::fs::Dir::open_ambient_dir("/etc", aa).unwrap_err();
std::fs::File::open("/etc/passwd").unwrap_err();
let passwd = etc.open("passwd").unwrap();