dia 1.3.pre → 1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.yardopts +3 -1
- data/NEWS.md +2 -0
- data/README.md +12 -1
- data/lib/dia.rb +2 -2
- data/lib/dia/sandbox.rb +19 -3
- metadata +30 -16
data/.yardopts
CHANGED
data/NEWS.md
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
## NEWS
|
|
2
2
|
|
|
3
3
|
### 1.3
|
|
4
|
+
* Added Dia::Sandbox#running? to check if a process running a sandbox is alive or not.
|
|
4
5
|
* Dia::Sandbox only exposes its instance variables through getters now. No more setters.
|
|
5
6
|
* Dia::Sandbox#app_path is now Dia::Sandbox#app
|
|
6
7
|
* Removed run\_with\_block in favor of passing a block to the constructer. Dia::Sandbox#run is used to execute a block or an application now,
|
|
@@ -8,6 +9,7 @@
|
|
|
8
9
|
* Removed Dia::SandBox in favor of Dia::Sandbox.
|
|
9
10
|
* Added "has_rdoc = 'yard'" to the gem spec.
|
|
10
11
|
* Added ".yardopts" to the list of files in the gem spec.
|
|
12
|
+
* SandBoxException becomes SandboxException.
|
|
11
13
|
|
|
12
14
|
### 1.2
|
|
13
15
|
* I've decided to use Dia::Sandbox instead of Dia::SandBox but it won't be removed until 1.3 .. (Deprecated for 1.2)
|
data/README.md
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* A complete lockdown of Operating System resources.
|
|
12
12
|
|
|
13
13
|
## How it is done
|
|
14
|
-
FFI, and the
|
|
14
|
+
It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
|
15
15
|
|
|
16
16
|
## Examples
|
|
17
17
|
|
|
@@ -44,6 +44,17 @@ FFI, and the C header "sandbox.h" (found on OSX).
|
|
|
44
44
|
sleep(5)
|
|
45
45
|
sandbox.terminate
|
|
46
46
|
|
|
47
|
+
### Example 4 (Checking if a sandbox is running)
|
|
48
|
+
|
|
49
|
+
require 'rubygems'
|
|
50
|
+
require 'dia'
|
|
51
|
+
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
|
|
52
|
+
sleep(20)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
sandbox.run
|
|
56
|
+
puts sandbox.running? # => true
|
|
57
|
+
|
|
47
58
|
## Install
|
|
48
59
|
|
|
49
60
|
It's available at gemcutter:
|
data/lib/dia.rb
CHANGED
|
@@ -5,7 +5,7 @@ require File.join(File.dirname(__FILE__), 'dia/commonapi.rb')
|
|
|
5
5
|
require File.join(File.dirname(__FILE__), 'dia/sandbox.rb')
|
|
6
6
|
|
|
7
7
|
module Dia
|
|
8
|
-
VERSION = '1.3
|
|
9
|
-
class
|
|
8
|
+
VERSION = '1.3'
|
|
9
|
+
class SandboxException < StandardError; end
|
|
10
10
|
end
|
|
11
11
|
|
data/lib/dia/sandbox.rb
CHANGED
|
@@ -43,19 +43,19 @@ module Dia
|
|
|
43
43
|
@pid = nil
|
|
44
44
|
end
|
|
45
45
|
|
|
46
|
-
# The run method will spawn a child process and run the application _or_ block supplied
|
|
46
|
+
# The run method will spawn a child process and run the application _or_ block supplied to the constructer under a sandbox.
|
|
47
47
|
# This method will not block.
|
|
48
48
|
#
|
|
49
49
|
# @raise [SystemCallError] In the case of running a block, a number of subclasses of SystemCallError may be raised if the block violates sandbox restrictions.
|
|
50
50
|
# The parent process will not be affected and if you wish to catch exceptions you should do so in your block.
|
|
51
51
|
#
|
|
52
|
-
# @raise [Dia::
|
|
52
|
+
# @raise [Dia::SandboxException] Will raise Dia::SandboxException in a child process and exit if the sandbox could not be initiated.
|
|
53
53
|
# @return [Fixnum] The Process ID(PID) that the sandboxed application is being run under.
|
|
54
54
|
def run
|
|
55
55
|
|
|
56
56
|
@pid = fork do
|
|
57
57
|
if ( ret = sandbox_init(@profile, 0x0001, error = FFI::MemoryPointer.new(:pointer)) ) != 0
|
|
58
|
-
raise Dia::
|
|
58
|
+
raise Dia::SandboxException, "Couldn't sandbox #{@app}, sandbox_init returned #{ret} with error message: '#{error.get_pointer(0).read_string}'"
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
if @app_path
|
|
@@ -78,6 +78,22 @@ module Dia
|
|
|
78
78
|
Process.kill('SIGKILL', @pid)
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
# The running? method will return true if a sandbox is running, and false otherwise.
|
|
82
|
+
# It does so by sending a signal to the process running a sandbox.
|
|
83
|
+
#
|
|
84
|
+
# @raise [SystemCallError] It may raise a subclass of SystemCallError if you do not have permission to send a signal
|
|
85
|
+
# to the process running in a sandbox.
|
|
86
|
+
#
|
|
87
|
+
# @return [Boolean] It will return true or false.
|
|
88
|
+
def running?
|
|
89
|
+
begin
|
|
90
|
+
Process.kill(0, @pid)
|
|
91
|
+
true
|
|
92
|
+
rescue Errno::ESRCH
|
|
93
|
+
false
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
|
|
81
97
|
end
|
|
82
98
|
|
|
83
99
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dia
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 1
|
|
7
|
+
- 3
|
|
8
|
+
version: "1.3"
|
|
5
9
|
platform: ruby
|
|
6
10
|
authors:
|
|
7
11
|
- Robert Gleeson
|
|
@@ -9,29 +13,37 @@ autorequire:
|
|
|
9
13
|
bindir: bin
|
|
10
14
|
cert_chain: []
|
|
11
15
|
|
|
12
|
-
date: 2010-02-
|
|
16
|
+
date: 2010-02-23 00:00:00 +00:00
|
|
13
17
|
default_executable:
|
|
14
18
|
dependencies:
|
|
15
19
|
- !ruby/object:Gem::Dependency
|
|
16
20
|
name: ffi
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
21
|
+
prerelease: false
|
|
22
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
20
23
|
requirements:
|
|
21
24
|
- - "="
|
|
22
25
|
- !ruby/object:Gem::Version
|
|
26
|
+
segments:
|
|
27
|
+
- 0
|
|
28
|
+
- 5
|
|
29
|
+
- 4
|
|
23
30
|
version: 0.5.4
|
|
24
|
-
|
|
31
|
+
type: :runtime
|
|
32
|
+
version_requirements: *id001
|
|
25
33
|
- !ruby/object:Gem::Dependency
|
|
26
34
|
name: baretest
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
35
|
+
prerelease: false
|
|
36
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
30
37
|
requirements:
|
|
31
38
|
- - ">="
|
|
32
39
|
- !ruby/object:Gem::Version
|
|
40
|
+
segments:
|
|
41
|
+
- 0
|
|
42
|
+
- 2
|
|
43
|
+
- 4
|
|
33
44
|
version: 0.2.4
|
|
34
|
-
|
|
45
|
+
type: :development
|
|
46
|
+
version_requirements: *id002
|
|
35
47
|
description: Dia allows you to sandbox application(s) or block(s) of ruby on the OSX platform by restricting access to operating system resources
|
|
36
48
|
email: rob@flowof.info
|
|
37
49
|
executables: []
|
|
@@ -54,7 +66,7 @@ has_rdoc: yard
|
|
|
54
66
|
homepage:
|
|
55
67
|
licenses: []
|
|
56
68
|
|
|
57
|
-
post_install_message: " ********************************************************************\n Thanks for installing Dia! (1.3
|
|
69
|
+
post_install_message: " ********************************************************************\n Thanks for installing Dia! (1.3)\n \n Don't forget to check NEWS.md for what has changed in this release:\n http://www.flowof.info/dia/file.NEWS.html\n \n You can chat with us at irc.freenode.net / #flowof.info if you have\n any problems. Feel free to join us!\n ********************************************************************\n"
|
|
58
70
|
rdoc_options: []
|
|
59
71
|
|
|
60
72
|
require_paths:
|
|
@@ -63,18 +75,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
63
75
|
requirements:
|
|
64
76
|
- - ">="
|
|
65
77
|
- !ruby/object:Gem::Version
|
|
78
|
+
segments:
|
|
79
|
+
- 0
|
|
66
80
|
version: "0"
|
|
67
|
-
version:
|
|
68
81
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
69
82
|
requirements:
|
|
70
|
-
- - "
|
|
83
|
+
- - ">="
|
|
71
84
|
- !ruby/object:Gem::Version
|
|
72
|
-
|
|
73
|
-
|
|
85
|
+
segments:
|
|
86
|
+
- 0
|
|
87
|
+
version: "0"
|
|
74
88
|
requirements: []
|
|
75
89
|
|
|
76
90
|
rubyforge_project:
|
|
77
|
-
rubygems_version: 1.3.
|
|
91
|
+
rubygems_version: 1.3.6
|
|
78
92
|
signing_key:
|
|
79
93
|
specification_version: 3
|
|
80
94
|
summary: Dia allows you to sandbox application(s) or block(s) of ruby on the OSX platform by restricting access to operating system resources
|