dia 1.3 → 1.4.pre
Sign up to get free protection for your applications and to get access to all the features.
- data/NEWS.md +4 -0
- data/README.md +2 -1
- data/TODO.md +3 -0
- data/lib/dia/commonapi.rb +1 -0
- data/lib/dia/profiles.rb +1 -0
- data/lib/dia/sandbox.rb +6 -4
- data/lib/dia.rb +2 -2
- metadata +14 -11
data/NEWS.md
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
## NEWS
|
2
2
|
|
3
|
+
* Use ffi\_lib() to explicitly load the dynamic library "sandbox", or "System"
|
4
|
+
* Depend explicitly on FFI v0.6.2
|
5
|
+
* Dia::Sandbox#run accepts a variable amount of arguments that will be passed onto the block supplied to the constructer.
|
6
|
+
|
3
7
|
### 1.3
|
4
8
|
* Added Dia::Sandbox#running? to check if a process running a sandbox is alive or not.
|
5
9
|
* Dia::Sandbox only exposes its instance variables through getters now. No more setters.
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
## "Dia"
|
2
2
|
|
3
|
-
"Dia" allows you to sandbox
|
3
|
+
"Dia" allows you to sandbox an application or block of ruby on the OSX platform by restricting what access to Operating System resources they can have.
|
4
4
|
|
5
5
|
## What restrictions can you apply?
|
6
6
|
|
@@ -28,6 +28,7 @@ It uses the FFI library, and the features exposed by the sandbox header on OSX.
|
|
28
28
|
|
29
29
|
require 'rubygems'
|
30
30
|
require 'dia'
|
31
|
+
require 'net/http'
|
31
32
|
require 'open-uri'
|
32
33
|
|
33
34
|
sandbox = Dia::Sandbox.new(Dia::Profiles::NO_OS_SERVICES) do
|
data/TODO.md
CHANGED
data/lib/dia/commonapi.rb
CHANGED
data/lib/dia/profiles.rb
CHANGED
data/lib/dia/sandbox.rb
CHANGED
@@ -46,22 +46,24 @@ module Dia
|
|
46
46
|
# The run method will spawn a child process and run the application _or_ block supplied to the constructer under a sandbox.
|
47
47
|
# This method will not block.
|
48
48
|
#
|
49
|
+
# @param [Arguments] A variable amount of arguments that will be passed onto the block supplied to the constructer.
|
50
|
+
#
|
49
51
|
# @raise [SystemCallError] In the case of running a block, a number of subclasses of SystemCallError may be raised if the block violates sandbox restrictions.
|
50
52
|
# The parent process will not be affected and if you wish to catch exceptions you should do so in your block.
|
51
53
|
#
|
52
54
|
# @raise [Dia::SandboxException] Will raise Dia::SandboxException in a child process and exit if the sandbox could not be initiated.
|
53
55
|
# @return [Fixnum] The Process ID(PID) that the sandboxed application is being run under.
|
54
|
-
def run
|
56
|
+
def run(*args)
|
55
57
|
|
56
58
|
@pid = fork do
|
57
|
-
if ( ret = sandbox_init(@profile, 0x0001, error = FFI::MemoryPointer.new(:pointer)) )
|
58
|
-
raise Dia::SandboxException, "
|
59
|
+
if ( ret = sandbox_init(@profile, 0x0001, error = FFI::MemoryPointer.new(:pointer)) ) == -1
|
60
|
+
raise Dia::SandboxException, "Failed to initialize sandbox (#{error.read_pointer.read_string})"
|
59
61
|
end
|
60
62
|
|
61
63
|
if @app_path
|
62
64
|
exec(@app_path)
|
63
65
|
else
|
64
|
-
@blk.call
|
66
|
+
@blk.call(*args)
|
65
67
|
end
|
66
68
|
end
|
67
69
|
|
data/lib/dia.rb
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
gem 'ffi', '=0.
|
1
|
+
gem 'ffi', '= 0.6.2'
|
2
2
|
require 'ffi'
|
3
3
|
require File.join(File.dirname(__FILE__), 'dia/profiles.rb')
|
4
4
|
require File.join(File.dirname(__FILE__), 'dia/commonapi.rb')
|
5
5
|
require File.join(File.dirname(__FILE__), 'dia/sandbox.rb')
|
6
6
|
|
7
7
|
module Dia
|
8
|
-
VERSION = '1.
|
8
|
+
VERSION = '1.4.pre'
|
9
9
|
class SandboxException < StandardError; end
|
10
10
|
end
|
11
11
|
|
metadata
CHANGED
@@ -1,11 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dia
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
prerelease:
|
4
|
+
prerelease: true
|
5
5
|
segments:
|
6
6
|
- 1
|
7
|
-
-
|
8
|
-
|
7
|
+
- 4
|
8
|
+
- pre
|
9
|
+
version: 1.4.pre
|
9
10
|
platform: ruby
|
10
11
|
authors:
|
11
12
|
- Robert Gleeson
|
@@ -13,7 +14,7 @@ autorequire:
|
|
13
14
|
bindir: bin
|
14
15
|
cert_chain: []
|
15
16
|
|
16
|
-
date: 2010-02-
|
17
|
+
date: 2010-02-25 00:00:00 +00:00
|
17
18
|
default_executable:
|
18
19
|
dependencies:
|
19
20
|
- !ruby/object:Gem::Dependency
|
@@ -25,9 +26,9 @@ dependencies:
|
|
25
26
|
- !ruby/object:Gem::Version
|
26
27
|
segments:
|
27
28
|
- 0
|
28
|
-
-
|
29
|
-
-
|
30
|
-
version: 0.
|
29
|
+
- 6
|
30
|
+
- 2
|
31
|
+
version: 0.6.2
|
31
32
|
type: :runtime
|
32
33
|
version_requirements: *id001
|
33
34
|
- !ruby/object:Gem::Dependency
|
@@ -66,7 +67,7 @@ has_rdoc: yard
|
|
66
67
|
homepage:
|
67
68
|
licenses: []
|
68
69
|
|
69
|
-
post_install_message: " ********************************************************************\n Thanks for installing Dia! (1.
|
70
|
+
post_install_message: " ********************************************************************\n Thanks for installing Dia! (1.4.pre)\n \n Don't forget to check NEWS.md for what has changed in this release:\n http://www.flowof.info/dia/file.NEWS.html\n \n You can chat with us at irc.freenode.net / #flowof.info if you have\n any problems. Feel free to join us!\n ********************************************************************\n"
|
70
71
|
rdoc_options: []
|
71
72
|
|
72
73
|
require_paths:
|
@@ -80,11 +81,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
80
81
|
version: "0"
|
81
82
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
82
83
|
requirements:
|
83
|
-
- - "
|
84
|
+
- - ">"
|
84
85
|
- !ruby/object:Gem::Version
|
85
86
|
segments:
|
86
|
-
-
|
87
|
-
|
87
|
+
- 1
|
88
|
+
- 3
|
89
|
+
- 1
|
90
|
+
version: 1.3.1
|
88
91
|
requirements: []
|
89
92
|
|
90
93
|
rubyforge_project:
|