dia 1.4 → 1.5.pre
Sign up to get free protection for your applications and to get access to all the features.
- data/HACKING.md +11 -5
- data/LICENSE +22 -0
- data/NEWS.md +6 -4
- data/README.md +58 -37
- data/lib/dia.rb +1 -1
- data/lib/dia/commonapi.rb +0 -3
- data/lib/dia/profiles.rb +11 -6
- data/lib/dia/sandbox.rb +78 -30
- data/test/suite/check_if_sandbox_is_alive_test.rb +8 -2
- data/test/suite/exit_status_test.rb +16 -0
- data/test/suite/run_block_in_sandbox_test.rb +7 -1
- data/test/suite/terminate_sandbox_test.rb +9 -1
- metadata +18 -10
data/HACKING.md
CHANGED
@@ -1,7 +1,13 @@
|
|
1
|
+
## Coding style
|
2
|
+
* Abide by the "80 Column Rule" when it is practical.
|
3
|
+
* methods should be identified by parenthesis all the time - foo(), bar(1,2,3).
|
4
|
+
|
1
5
|
## Git policy
|
6
|
+
* "master" should always be in a _working state_.
|
7
|
+
* Pre releases should never be merged into "master", but should live in
|
8
|
+
experimental instead.
|
9
|
+
* The experimental branch is the _one and only_ gateway to being merged into
|
10
|
+
master .. and topic branches should branch off from "experimental".
|
11
|
+
|
12
|
+
|
2
13
|
|
3
|
-
* "master" should always be in a _working state_, so no experimental code ..
|
4
|
-
* Pre releases should never be merged into "master", but should stay in experimental ..
|
5
|
-
* The experimental branch is the _one and only_ gateway to being merged into master ..
|
6
|
-
So, if you're working on a feature, branch off from experimental, merge back into experimental, and when deemed stable experimental
|
7
|
-
will be merged into master ..
|
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2010 Robert Gleeson
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person
|
4
|
+
obtaining a copy of this software and associated documentation
|
5
|
+
files (the "Software"), to deal in the Software without
|
6
|
+
restriction, including without limitation the rights to use,
|
7
|
+
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
8
|
+
copies of the Software, and to permit persons to whom the
|
9
|
+
Software is furnished to do so, subject to the following
|
10
|
+
conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be
|
13
|
+
included in all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
16
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
17
|
+
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
18
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
19
|
+
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
20
|
+
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
21
|
+
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
22
|
+
OTHER DEALINGS IN THE SOFTWARE.
|
data/NEWS.md
CHANGED
@@ -1,5 +1,11 @@
|
|
1
1
|
## NEWS
|
2
2
|
|
3
|
+
### 1.5
|
4
|
+
* Dia::Sandbox#running?, Dia::Sandbox#exit_status, and Dia::Sandbox#terminate will return nil if you call them before
|
5
|
+
calling Dia::Sandbox#run().
|
6
|
+
* Added Dia::Sandbox#exit_status for collecting the exit status of a child process running under a sandbox.
|
7
|
+
* Dia::Sandbox#run was not returning the PID of the process running under a sandbox like told in the documentation - it is now.
|
8
|
+
|
3
9
|
### 1.4
|
4
10
|
* A typo broke support for launching applications in a sandbox. (Bug affects 1.3 and all the 1.4 *pre* releases)
|
5
11
|
* Mac OSX 10.5 reported as working! (Bug fix)
|
@@ -28,16 +34,12 @@
|
|
28
34
|
|
29
35
|
### 1.1 (final)
|
30
36
|
* Dia::SandBox#run\_with\_block will exit the child process spawned by itself incase the user forgets to ..
|
31
|
-
|
32
37
|
* Added some tests for Dia::Sandbox.new#run\_with\_block ..
|
33
38
|
We ain't got full coverage but we're getting there.
|
34
|
-
|
35
39
|
* A person reported that ffi 0.6.0 does not work with dia ..
|
36
40
|
Supplied an explicit dependency on ffi 0.5.4 until I figure it out.
|
37
|
-
|
38
41
|
* You can run a block of ruby under a sandbox now but I had to change the order of arguments in the constructer ..
|
39
42
|
First argument is the profile, and (optionally) the second is the application path.
|
40
43
|
If you're running a block of ruby, you can forget about the second.
|
41
|
-
|
42
44
|
* I documented my methods!
|
43
45
|
|
data/README.md
CHANGED
@@ -1,21 +1,39 @@
|
|
1
1
|
## "Dia"
|
2
2
|
|
3
|
-
"Dia" allows you to sandbox an application or block of ruby on the OSX platform by restricting what access to
|
3
|
+
"Dia" allows you to sandbox an application or block of ruby on the OSX platform by restricting what access to
|
4
|
+
Operating System resources they can have.
|
5
|
+
|
6
|
+
## How it is done
|
7
|
+
It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
4
8
|
|
5
9
|
## What restrictions can you apply?
|
6
10
|
|
7
|
-
|
8
|
-
|
9
|
-
* No file system writes.
|
10
|
-
* No file system writes, exlcuding writing to /tmp.
|
11
|
-
* A complete lockdown of Operating System resources.
|
11
|
+
Restrictions are applied through a "Profile" that is the first argument to `Dia::Sandbox.new`.
|
12
|
+
There are five profiles in total that you can choose from out-of-the-box:
|
12
13
|
|
13
|
-
|
14
|
-
|
14
|
+
* No internet access
|
15
|
+
Using the profile Dia::Profiles::NO_INTERNET.
|
16
|
+
|
17
|
+
* No network access of any kind
|
18
|
+
Using the profile Dia::Profiles::NO_NETWORKING.
|
19
|
+
|
20
|
+
* No file system writes
|
21
|
+
Using the profile Dia::Profiles::NO_FILESYSTEM_WRITE.
|
22
|
+
|
23
|
+
* No file system writes, excluding writing to /tmp
|
24
|
+
Using the profile Dia::Profiles::NO_FILESYSTEM_WRITE_EXCEPT_TMP.
|
25
|
+
|
26
|
+
* No OS services at all(No internet, No Networking, No File I/O)
|
27
|
+
Using the profile Dia::Profiles::NO_OS_SERVICES.
|
28
|
+
|
29
|
+
_See Below_ for examples.
|
15
30
|
|
16
31
|
## Examples
|
17
32
|
|
18
|
-
|
33
|
+
**Running FireFox under a sandbox**
|
34
|
+
|
35
|
+
This example demonstrates how you would sandbox an application, in this example, 'FireFox'.
|
36
|
+
If you try this example yourself, you will see that FireFox cannot visit any websites on the internet.
|
19
37
|
|
20
38
|
require 'rubygems'
|
21
39
|
require 'dia'
|
@@ -24,19 +42,28 @@ It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
|
24
42
|
sandbox.run
|
25
43
|
puts "Launched #{sandbox.app} with a pid of #{sandbox.pid} using the profile #{sandbox.profile}"
|
26
44
|
|
27
|
-
|
45
|
+
**Running Ruby under a sandbox**
|
46
|
+
|
47
|
+
This example demonstrates how you would sandbox a block of ruby code.
|
48
|
+
In this example, the block of ruby code tries to access the internet but the profile(Dia::Profiles::NO_INTERNET) doesn't
|
49
|
+
allow this block of ruby to contact the internet and an exception is raised(in a child process - your app will continute to
|
50
|
+
execute normally).
|
28
51
|
|
29
52
|
require 'rubygems'
|
30
53
|
require 'dia'
|
31
54
|
require 'net/http'
|
32
55
|
require 'open-uri'
|
33
56
|
|
34
|
-
sandbox = Dia::Sandbox.new(Dia::Profiles::
|
57
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
|
35
58
|
open(URI.parse('http://www.google.com')).read
|
36
59
|
end
|
37
60
|
sandbox.run
|
38
61
|
|
39
|
-
|
62
|
+
**Terminating a sandbox**
|
63
|
+
|
64
|
+
Sometimes we might want to stop a sandbox from running any longer. `Dia::Sandbox#terminate` is provided to
|
65
|
+
terminate a sandbox - in this example, FireFox is running under a sandboxed environment and terminated after
|
66
|
+
running for 5 seconds.
|
40
67
|
|
41
68
|
require 'rubygems'
|
42
69
|
require 'dia'
|
@@ -45,7 +72,9 @@ It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
|
45
72
|
sleep(5)
|
46
73
|
sandbox.terminate
|
47
74
|
|
48
|
-
|
75
|
+
**Checking if a sandbox is alive**
|
76
|
+
|
77
|
+
If you need to check if a sandbox you have spawned is still running, you can use the `Dia::Sandbox#running?` method.
|
49
78
|
|
50
79
|
require 'rubygems'
|
51
80
|
require 'dia'
|
@@ -56,33 +85,25 @@ It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
|
56
85
|
sandbox.run
|
57
86
|
puts sandbox.running? # => true
|
58
87
|
|
88
|
+
|
89
|
+
.. Please see the yardoc [documentation](http://yardoc.org/docs/robgleeson-Dia) for more in-depth coverage of these methods,
|
90
|
+
in particular the documentation for the `Dia::Sandbox` class.
|
91
|
+
|
59
92
|
## Install
|
60
93
|
|
61
94
|
It's available at gemcutter:
|
62
95
|
|
63
|
-
|
96
|
+
`gem install dia`
|
64
97
|
|
65
|
-
##
|
98
|
+
## Bugs
|
99
|
+
|
100
|
+
No known bugs right now. [Found a bug?](http://github.com/robgleeson/dia/issues).
|
101
|
+
|
102
|
+
## Contact
|
103
|
+
|
104
|
+
* IRC
|
105
|
+
irc.freenode.net/#flowof.info as 'robgleeson'
|
106
|
+
|
107
|
+
* Mail
|
108
|
+
rob [at] flowof.info
|
66
109
|
|
67
|
-
Copyright (c) 2010 Robert Gleeson
|
68
|
-
|
69
|
-
Permission is hereby granted, free of charge, to any person
|
70
|
-
obtaining a copy of this software and associated documentation
|
71
|
-
files (the "Software"), to deal in the Software without
|
72
|
-
restriction, including without limitation the rights to use,
|
73
|
-
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
74
|
-
copies of the Software, and to permit persons to whom the
|
75
|
-
Software is furnished to do so, subject to the following
|
76
|
-
conditions:
|
77
|
-
|
78
|
-
The above copyright notice and this permission notice shall be
|
79
|
-
included in all copies or substantial portions of the Software.
|
80
|
-
|
81
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
82
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
83
|
-
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
84
|
-
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
85
|
-
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
86
|
-
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
87
|
-
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
88
|
-
OTHER DEALINGS IN THE SOFTWARE.
|
data/lib/dia.rb
CHANGED
data/lib/dia/commonapi.rb
CHANGED
data/lib/dia/profiles.rb
CHANGED
@@ -4,13 +4,18 @@ module Dia
|
|
4
4
|
extend FFI::Library
|
5
5
|
ffi_lib(%w(sandbox system libSystem.B.dylib))
|
6
6
|
|
7
|
-
NO_INTERNET = attach_variable(:kSBXProfileNoInternet,
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
7
|
+
NO_INTERNET = attach_variable(:kSBXProfileNoInternet,
|
8
|
+
:string).read_string
|
9
|
+
NO_NETWORKING = attach_variable(:kSBXProfileNoNetwork,
|
10
|
+
:string).read_string
|
11
|
+
NO_FILESYSTEM_WRITE = attach_variable(:kSBXProfileNoWrite,
|
12
|
+
:string).read_string
|
13
|
+
NO_FILESYSTEM_WRITE_EXCEPT_TMP = attach_variable(:kSBXProfileNoWriteExceptTemporary,
|
14
|
+
:string).read_string
|
15
|
+
NO_OS_SERVICES = attach_variable(:kSBXProfilePureComputation,
|
16
|
+
:string).read_string
|
12
17
|
|
13
18
|
end
|
14
19
|
|
15
20
|
end
|
16
|
-
|
21
|
+
|
data/lib/dia/sandbox.rb
CHANGED
@@ -9,7 +9,8 @@ module Dia
|
|
9
9
|
attr_reader :pid
|
10
10
|
attr_reader :blk
|
11
11
|
|
12
|
-
# The constructer accepts a profile as the first parameter, and an
|
12
|
+
# The constructer accepts a profile as the first parameter, and an
|
13
|
+
# application path _or_ block as its second parameter.
|
13
14
|
#
|
14
15
|
# @example
|
15
16
|
#
|
@@ -25,10 +26,16 @@ module Dia
|
|
25
26
|
#
|
26
27
|
# @see Dia::Sandbox#run See Dia::Sandbox#run for executing the sandbox.
|
27
28
|
#
|
28
|
-
# @param [Constant] Profile The profile to be used when creating a
|
29
|
-
#
|
30
|
-
#
|
31
|
-
# @param [
|
29
|
+
# @param [Constant] Profile The profile to be used when creating a
|
30
|
+
# sandbox.
|
31
|
+
#
|
32
|
+
# @param [Proc] Proc A proc object you want to run under a
|
33
|
+
# sandbox.
|
34
|
+
# Omit the "Application" parameter if
|
35
|
+
# passed.
|
36
|
+
#
|
37
|
+
# @param [String] Application The path to an application you want
|
38
|
+
# to run under a sandbox.
|
32
39
|
# Omit the "Proc" parameter if passed.
|
33
40
|
# @return [Dia::SandBox] Returns an instance of Dia::SandBox
|
34
41
|
|
@@ -43,21 +50,36 @@ module Dia
|
|
43
50
|
@pid = nil
|
44
51
|
end
|
45
52
|
|
46
|
-
# The run method will spawn a child process and run the application _or_
|
53
|
+
# The run method will spawn a child process and run the application _or_
|
54
|
+
# block supplied to the constructer under a sandbox.
|
47
55
|
# This method will not block.
|
48
56
|
#
|
49
|
-
# @param [Arguments]
|
57
|
+
# @param [Arguments] Arguments A variable amount of arguments that will
|
58
|
+
# be passed onto the block supplied to the
|
59
|
+
# constructer. Optional.
|
60
|
+
#
|
61
|
+
# @raise [SystemCallError] In the case of running a block, a number
|
62
|
+
# of subclasses of SystemCallError may be
|
63
|
+
# raised if the block violates sandbox
|
64
|
+
# restrictions.
|
65
|
+
# The parent process will not be affected
|
66
|
+
# and if you wish to catch exceptions you
|
67
|
+
# should do so in your block.
|
50
68
|
#
|
51
|
-
# @raise [
|
52
|
-
#
|
69
|
+
# @raise [Dia::SandboxException] Will raise Dia::SandboxException in a
|
70
|
+
# child process and exit if the sandbox
|
71
|
+
# could not be initiated.
|
53
72
|
#
|
54
|
-
# @
|
55
|
-
#
|
73
|
+
# @return [Fixnum] The Process ID(PID) that the sandboxed
|
74
|
+
# application is being run under.
|
56
75
|
def run(*args)
|
57
|
-
|
58
76
|
@pid = fork do
|
59
|
-
if sandbox_init(FFI::MemoryPointer.from_string(@profile),
|
60
|
-
|
77
|
+
if sandbox_init(FFI::MemoryPointer.from_string(@profile),
|
78
|
+
0x0001,
|
79
|
+
err = FFI::MemoryPointer.new(:pointer)) == -1
|
80
|
+
|
81
|
+
raise(Dia::SandboxException, "Failed to initialize sandbox" /
|
82
|
+
"(#{err.read_pointer.read_string})")
|
61
83
|
end
|
62
84
|
|
63
85
|
if @app
|
@@ -68,31 +90,57 @@ module Dia
|
|
68
90
|
end
|
69
91
|
|
70
92
|
# parent ..
|
71
|
-
Process.detach(@pid)
|
93
|
+
@thr = Process.detach(@pid)
|
94
|
+
@pid
|
72
95
|
end
|
73
|
-
|
96
|
+
|
97
|
+
# The exit_status method will return the exit status of the child process
|
98
|
+
# running in a sandbox.
|
99
|
+
# This method *will* block until the child process exits.
|
100
|
+
#
|
101
|
+
# @return [Fixnum, nil] Returns the exit status of the process that ran
|
102
|
+
# under a sandbox.
|
103
|
+
# Returns nil if Dia::Sandbox#run has not
|
104
|
+
# been called yet, or if the process stopped
|
105
|
+
# abnormally(ie: through SIGKILL, or #terminate).
|
106
|
+
def exit_status()
|
107
|
+
@thr.value().exitstatus() unless @thr.nil?
|
108
|
+
end
|
109
|
+
|
74
110
|
# The terminate method will send SIGKILL to a process running in a sandbox.
|
75
111
|
# By doing so, it effectively terminates the sandbox.
|
76
112
|
#
|
77
|
-
# @raise [SystemCallError] It may raise a number of subclasses of
|
78
|
-
#
|
79
|
-
|
80
|
-
|
113
|
+
# @raise [SystemCallError] It may raise a number of subclasses of
|
114
|
+
# SystemCallError if a call to Process.kill
|
115
|
+
# was unsuccessful ..
|
116
|
+
#
|
117
|
+
# @return [Fixnum, nil] It will return 1 when successful, and
|
118
|
+
# it will return "nil" if Dia::Sandbox#run()
|
119
|
+
# has not been called yet.
|
120
|
+
def terminate()
|
121
|
+
Process.kill('SIGKILL', @pid) unless @pid.nil?
|
81
122
|
end
|
82
123
|
|
83
|
-
# The running? method will return true if a sandbox is running,
|
84
|
-
#
|
124
|
+
# The running? method will return true if a sandbox is running,
|
125
|
+
# and false otherwise.
|
85
126
|
#
|
86
|
-
# @raise [SystemCallError] It may raise a subclass of SystemCallError if
|
127
|
+
# @raise [SystemCallError] It may raise a subclass of SystemCallError if
|
128
|
+
# you do not have permission to send a signal
|
87
129
|
# to the process running in a sandbox.
|
88
130
|
#
|
89
|
-
# @return [Boolean]
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
131
|
+
# @return [Boolean,nil] It will return true or false if the sandbox
|
132
|
+
# is running or not, and it will return "nil"
|
133
|
+
# if Dia::Sandbox#run has not been called yet.
|
134
|
+
def running?()
|
135
|
+
if @pid.nil?
|
136
|
+
nil
|
137
|
+
else
|
138
|
+
begin
|
139
|
+
Process.kill(0, @pid)
|
140
|
+
true
|
141
|
+
rescue Errno::ESRCH
|
142
|
+
false
|
143
|
+
end
|
96
144
|
end
|
97
145
|
end
|
98
146
|
|
@@ -19,5 +19,11 @@ BareTest.suite "Dia::Sandbox#running?", :tags => [ :running? ] do
|
|
19
19
|
sleep(1)
|
20
20
|
equal(false, sandbox.running?)
|
21
21
|
end
|
22
|
-
|
23
|
-
|
22
|
+
|
23
|
+
assert("nil will be returned if Dia::Sandbox#run hasn't been called before a call to #running?()") do
|
24
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
|
25
|
+
# ...
|
26
|
+
end
|
27
|
+
equal(nil, sandbox.running?)
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
BareTest.suite('Dia::Sandbox#exit_status') do
|
2
|
+
assert('The exit status of a child process running under a sandbox is returned.') do
|
3
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
|
4
|
+
exit(10)
|
5
|
+
end
|
6
|
+
sandbox.run
|
7
|
+
equal(10, sandbox.exit_status)
|
8
|
+
end
|
9
|
+
|
10
|
+
assert("nil will be returned if Dia::Sandbox#run hasn't been called before a call to #exit_status") do
|
11
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
|
12
|
+
end
|
13
|
+
equal(nil, sandbox.exit_status)
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
@@ -123,4 +123,10 @@ BareTest.suite 'Dia::Sandbox#run', :tags => [ :run ] do
|
|
123
123
|
equal('foobar', answer)
|
124
124
|
end
|
125
125
|
|
126
|
-
|
126
|
+
assert('A Ruby block will return the PID of the spawned child process after executing #run') do
|
127
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
|
128
|
+
# ...
|
129
|
+
end
|
130
|
+
equal(Fixnum, sandbox.run.class)
|
131
|
+
end
|
132
|
+
end
|
@@ -18,4 +18,12 @@ BareTest.suite 'Dia::Sandbox#terminate', :tags => [ :terminate ] do
|
|
18
18
|
|
19
19
|
end
|
20
20
|
|
21
|
-
|
21
|
+
assert("nil will be returned if Dia::Sandbox#run hasn't been called before a call to #terminate") do
|
22
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_INTERNET) do
|
23
|
+
# ...
|
24
|
+
end
|
25
|
+
|
26
|
+
equal(nil, sandbox.terminate)
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
metadata
CHANGED
@@ -1,11 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dia
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
prerelease:
|
4
|
+
prerelease: true
|
5
5
|
segments:
|
6
6
|
- 1
|
7
|
-
-
|
8
|
-
|
7
|
+
- 5
|
8
|
+
- pre
|
9
|
+
version: 1.5.pre
|
9
10
|
platform: ruby
|
10
11
|
authors:
|
11
12
|
- Robert Gleeson
|
@@ -13,7 +14,7 @@ autorequire:
|
|
13
14
|
bindir: bin
|
14
15
|
cert_chain: []
|
15
16
|
|
16
|
-
date: 2010-
|
17
|
+
date: 2010-05-03 00:00:00 +01:00
|
17
18
|
default_executable:
|
18
19
|
dependencies:
|
19
20
|
- !ruby/object:Gem::Dependency
|
@@ -56,7 +57,10 @@ dependencies:
|
|
56
57
|
version: "0"
|
57
58
|
type: :development
|
58
59
|
version_requirements: *id003
|
59
|
-
description:
|
60
|
+
description: |-
|
61
|
+
Dia allows you to sandbox application(s) or block(s) of ruby
|
62
|
+
on the OSX platform by restricting access to operating system
|
63
|
+
resources
|
60
64
|
email: rob@flowof.info
|
61
65
|
executables: []
|
62
66
|
|
@@ -74,11 +78,12 @@ files:
|
|
74
78
|
- lib/dia/sandbox.rb
|
75
79
|
- lib/dia.rb
|
76
80
|
- .yardopts
|
81
|
+
- LICENSE
|
77
82
|
has_rdoc: yard
|
78
83
|
homepage:
|
79
84
|
licenses: []
|
80
85
|
|
81
|
-
post_install_message: " ********************************************************************\n Dia (1.
|
86
|
+
post_install_message: " ********************************************************************\n Dia (1.5.pre)\n \n Thanks for installing Dia, 1.5.pre! \n \n Keep up with the latest @ GitHub:\n http://github.com/robgleeson/dia\n ********************************************************************\n"
|
82
87
|
rdoc_options: []
|
83
88
|
|
84
89
|
require_paths:
|
@@ -92,21 +97,24 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
92
97
|
version: "0"
|
93
98
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
94
99
|
requirements:
|
95
|
-
- - "
|
100
|
+
- - ">"
|
96
101
|
- !ruby/object:Gem::Version
|
97
102
|
segments:
|
98
|
-
-
|
99
|
-
|
103
|
+
- 1
|
104
|
+
- 3
|
105
|
+
- 1
|
106
|
+
version: 1.3.1
|
100
107
|
requirements: []
|
101
108
|
|
102
109
|
rubyforge_project:
|
103
110
|
rubygems_version: 1.3.6
|
104
111
|
signing_key:
|
105
112
|
specification_version: 3
|
106
|
-
summary: Dia allows you to sandbox application(s) or block(s) of
|
113
|
+
summary: Dia allows you to sandbox application(s) or block(s) of rubyon the OSX platform by restricting access to operating systemresources
|
107
114
|
test_files:
|
108
115
|
- test/setup.rb
|
109
116
|
- test/suite/check_if_sandbox_is_alive_test.rb
|
117
|
+
- test/suite/exit_status_test.rb
|
110
118
|
- test/suite/passing_parameters_to_constructer_test.rb
|
111
119
|
- test/suite/run_block_in_sandbox_test.rb
|
112
120
|
- test/suite/terminate_sandbox_test.rb
|