dia 1.3.pre → 1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +3 -1
- data/NEWS.md +2 -0
- data/README.md +12 -1
- data/lib/dia.rb +2 -2
- data/lib/dia/sandbox.rb +19 -3
- metadata +30 -16
data/.yardopts
CHANGED
data/NEWS.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
## NEWS
|
2
2
|
|
3
3
|
### 1.3
|
4
|
+
* Added Dia::Sandbox#running? to check if a process running a sandbox is alive or not.
|
4
5
|
* Dia::Sandbox only exposes its instance variables through getters now. No more setters.
|
5
6
|
* Dia::Sandbox#app_path is now Dia::Sandbox#app
|
6
7
|
* Removed run\_with\_block in favor of passing a block to the constructer. Dia::Sandbox#run is used to execute a block or an application now,
|
@@ -8,6 +9,7 @@
|
|
8
9
|
* Removed Dia::SandBox in favor of Dia::Sandbox.
|
9
10
|
* Added "has_rdoc = 'yard'" to the gem spec.
|
10
11
|
* Added ".yardopts" to the list of files in the gem spec.
|
12
|
+
* SandBoxException becomes SandboxException.
|
11
13
|
|
12
14
|
### 1.2
|
13
15
|
* I've decided to use Dia::Sandbox instead of Dia::SandBox but it won't be removed until 1.3 .. (Deprecated for 1.2)
|
data/README.md
CHANGED
@@ -11,7 +11,7 @@
|
|
11
11
|
* A complete lockdown of Operating System resources.
|
12
12
|
|
13
13
|
## How it is done
|
14
|
-
FFI, and the
|
14
|
+
It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
15
15
|
|
16
16
|
## Examples
|
17
17
|
|
@@ -44,6 +44,17 @@ FFI, and the C header "sandbox.h" (found on OSX).
|
|
44
44
|
sleep(5)
|
45
45
|
sandbox.terminate
|
46
46
|
|
47
|
+
### Example 4 (Checking if a sandbox is running)
|
48
|
+
|
49
|
+
require 'rubygems'
|
50
|
+
require 'dia'
|
51
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
|
52
|
+
sleep(20)
|
53
|
+
end
|
54
|
+
|
55
|
+
sandbox.run
|
56
|
+
puts sandbox.running? # => true
|
57
|
+
|
47
58
|
## Install
|
48
59
|
|
49
60
|
It's available at gemcutter:
|
data/lib/dia.rb
CHANGED
@@ -5,7 +5,7 @@ require File.join(File.dirname(__FILE__), 'dia/commonapi.rb')
|
|
5
5
|
require File.join(File.dirname(__FILE__), 'dia/sandbox.rb')
|
6
6
|
|
7
7
|
module Dia
|
8
|
-
VERSION = '1.3
|
9
|
-
class
|
8
|
+
VERSION = '1.3'
|
9
|
+
class SandboxException < StandardError; end
|
10
10
|
end
|
11
11
|
|
data/lib/dia/sandbox.rb
CHANGED
@@ -43,19 +43,19 @@ module Dia
|
|
43
43
|
@pid = nil
|
44
44
|
end
|
45
45
|
|
46
|
-
# The run method will spawn a child process and run the application _or_ block supplied
|
46
|
+
# The run method will spawn a child process and run the application _or_ block supplied to the constructer under a sandbox.
|
47
47
|
# This method will not block.
|
48
48
|
#
|
49
49
|
# @raise [SystemCallError] In the case of running a block, a number of subclasses of SystemCallError may be raised if the block violates sandbox restrictions.
|
50
50
|
# The parent process will not be affected and if you wish to catch exceptions you should do so in your block.
|
51
51
|
#
|
52
|
-
# @raise [Dia::
|
52
|
+
# @raise [Dia::SandboxException] Will raise Dia::SandboxException in a child process and exit if the sandbox could not be initiated.
|
53
53
|
# @return [Fixnum] The Process ID(PID) that the sandboxed application is being run under.
|
54
54
|
def run
|
55
55
|
|
56
56
|
@pid = fork do
|
57
57
|
if ( ret = sandbox_init(@profile, 0x0001, error = FFI::MemoryPointer.new(:pointer)) ) != 0
|
58
|
-
raise Dia::
|
58
|
+
raise Dia::SandboxException, "Couldn't sandbox #{@app}, sandbox_init returned #{ret} with error message: '#{error.get_pointer(0).read_string}'"
|
59
59
|
end
|
60
60
|
|
61
61
|
if @app_path
|
@@ -78,6 +78,22 @@ module Dia
|
|
78
78
|
Process.kill('SIGKILL', @pid)
|
79
79
|
end
|
80
80
|
|
81
|
+
# The running? method will return true if a sandbox is running, and false otherwise.
|
82
|
+
# It does so by sending a signal to the process running a sandbox.
|
83
|
+
#
|
84
|
+
# @raise [SystemCallError] It may raise a subclass of SystemCallError if you do not have permission to send a signal
|
85
|
+
# to the process running in a sandbox.
|
86
|
+
#
|
87
|
+
# @return [Boolean] It will return true or false.
|
88
|
+
def running?
|
89
|
+
begin
|
90
|
+
Process.kill(0, @pid)
|
91
|
+
true
|
92
|
+
rescue Errno::ESRCH
|
93
|
+
false
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
81
97
|
end
|
82
98
|
|
83
99
|
end
|
metadata
CHANGED
@@ -1,7 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dia
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 3
|
8
|
+
version: "1.3"
|
5
9
|
platform: ruby
|
6
10
|
authors:
|
7
11
|
- Robert Gleeson
|
@@ -9,29 +13,37 @@ autorequire:
|
|
9
13
|
bindir: bin
|
10
14
|
cert_chain: []
|
11
15
|
|
12
|
-
date: 2010-02-
|
16
|
+
date: 2010-02-23 00:00:00 +00:00
|
13
17
|
default_executable:
|
14
18
|
dependencies:
|
15
19
|
- !ruby/object:Gem::Dependency
|
16
20
|
name: ffi
|
17
|
-
|
18
|
-
|
19
|
-
version_requirements: !ruby/object:Gem::Requirement
|
21
|
+
prerelease: false
|
22
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
20
23
|
requirements:
|
21
24
|
- - "="
|
22
25
|
- !ruby/object:Gem::Version
|
26
|
+
segments:
|
27
|
+
- 0
|
28
|
+
- 5
|
29
|
+
- 4
|
23
30
|
version: 0.5.4
|
24
|
-
|
31
|
+
type: :runtime
|
32
|
+
version_requirements: *id001
|
25
33
|
- !ruby/object:Gem::Dependency
|
26
34
|
name: baretest
|
27
|
-
|
28
|
-
|
29
|
-
version_requirements: !ruby/object:Gem::Requirement
|
35
|
+
prerelease: false
|
36
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
30
37
|
requirements:
|
31
38
|
- - ">="
|
32
39
|
- !ruby/object:Gem::Version
|
40
|
+
segments:
|
41
|
+
- 0
|
42
|
+
- 2
|
43
|
+
- 4
|
33
44
|
version: 0.2.4
|
34
|
-
|
45
|
+
type: :development
|
46
|
+
version_requirements: *id002
|
35
47
|
description: Dia allows you to sandbox application(s) or block(s) of ruby on the OSX platform by restricting access to operating system resources
|
36
48
|
email: rob@flowof.info
|
37
49
|
executables: []
|
@@ -54,7 +66,7 @@ has_rdoc: yard
|
|
54
66
|
homepage:
|
55
67
|
licenses: []
|
56
68
|
|
57
|
-
post_install_message: " ********************************************************************\n Thanks for installing Dia! (1.3
|
69
|
+
post_install_message: " ********************************************************************\n Thanks for installing Dia! (1.3)\n \n Don't forget to check NEWS.md for what has changed in this release:\n http://www.flowof.info/dia/file.NEWS.html\n \n You can chat with us at irc.freenode.net / #flowof.info if you have\n any problems. Feel free to join us!\n ********************************************************************\n"
|
58
70
|
rdoc_options: []
|
59
71
|
|
60
72
|
require_paths:
|
@@ -63,18 +75,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
63
75
|
requirements:
|
64
76
|
- - ">="
|
65
77
|
- !ruby/object:Gem::Version
|
78
|
+
segments:
|
79
|
+
- 0
|
66
80
|
version: "0"
|
67
|
-
version:
|
68
81
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
69
82
|
requirements:
|
70
|
-
- - "
|
83
|
+
- - ">="
|
71
84
|
- !ruby/object:Gem::Version
|
72
|
-
|
73
|
-
|
85
|
+
segments:
|
86
|
+
- 0
|
87
|
+
version: "0"
|
74
88
|
requirements: []
|
75
89
|
|
76
90
|
rubyforge_project:
|
77
|
-
rubygems_version: 1.3.
|
91
|
+
rubygems_version: 1.3.6
|
78
92
|
signing_key:
|
79
93
|
specification_version: 3
|
80
94
|
summary: Dia allows you to sandbox application(s) or block(s) of ruby on the OSX platform by restricting access to operating system resources
|