Skip to content

markrwilliams/spyce

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
docs
docs
 
 
spyce
spyce
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
requirements-docs.txt
requirements-docs.txt
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 
vcversioner.py
vcversioner.py
 
 

Repository files navigation

spyce

What it is

spyce provides Python bindings for FreeBSD's Capsicum sandboxing framework.

It uses cffi, so it works with CPython 2 & 3 as well as PyPy.

NB: This has only been tested against against FreeBSD 10.1-RELEASE

What it does

spyce currently provides the following:

        from spyce import Rights, getFileRights, CAP_READ, CAP_SEEK
        with open('somefile', 'rb') as f:
            originalRights = getFileRights(f)
            assert originalRights & {CAP_READ, CAP_SEEK}
            Rights([CAP_READ, CAP_SEEK]).limitFile(f)
            # do some stuff!
        from spyce import FcntlRights, getFileFcntlRights, CAP_FCNTL_GETFL
        with open('somefile', 'rb') as f:
            originalFcntlRights = getFileFcntlRights(f)
            assert CAP_FCNTL_GETFL in originalFcntlRights
            FcntlRights([CAP_FCNTL_GETFL]).limitFile(f)
            # do some stuff!
        from spyce import IoctlRights, getFileIoctlRights, CAP_IOCTLS_ALL
        from termios import FIOCLEX
        with open('somefile', 'rb') as f:
            originalIoctlRights = getFileIoctlRights(f)
            assert originalIoctlRights.allIoctls
            IoctlRights([FIOCLEX]).limitFile(f)
            # do some stuff!

All limitFile methods work on objects with .fileno() methods or integers.

Docs are coming soon!

About

python bindings to freebsd's capsicum API

Resources

Readme

License

View license
Activity

Stars

6 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages