rbsyd: Ruby FFI bindings of libsyd, the syd API C Library

!/usr/bin/env ruby frozen_string_literal: true

Syd: rock-solid application kernel

lib/src/syd.rb: Ruby FFI bindings of libsyd, the syd API C Library

Copyright © 2023, 2024, 2025 Ali Polatel <alip@chesswob.org>

SPDX-License-Identifier: LGPL-3.0

Top Level Namespace

Defined Under Namespace

Modules: Syd

Module: Syd

Extended by:
FFI::Library
Defined in:
syd.rb

Overview

Ruby FFI bindings of libsyd, the syd API C Library

Constant Summary collapse

LOCK_OFF =

LOCK_OFF: The sandbox lock is off, allowing all sandbox commands. This state means that there are no restrictions on sandbox commands, providing full access to sandbox functionalities.

0
LOCK_EXEC =

LOCK_EXEC: The sandbox lock is set to on for all processes except the initial process (syd exec child). This is the default state. In this state, the sandbox is locked for all new processes except for the initial process that executed the syd command. This provides a balance between security and functionality, allowing the initial process some level of control while restricting others.

1
LOCK_ON =

LOCK_ON: The sandbox lock is on, disallowing all sandbox commands. This state imposes a complete lock down on the sandbox, preventing any sandbox commands from being executed. This is the most restrictive state, ensuring maximum security.

2
ACTION_ALLOW =

Allow system call.

0
ACTION_WARN =

Allow system call and warn.

1
ACTION_FILTER =

Deny system call silently.

2
ACTION_DENY =

Deny system call and warn.

3
ACTION_PANIC =

Deny system call, warn and panic the current Syd thread.

4
ACTION_STOP =

Deny system call, warn and stop offending process.

5
ACTION_ABORT =

Deny system call, warn and abort offending process.

6
ACTION_KILL =

Deny system call, warn and kill offending process.

7
ACTION_EXIT =

Warn, and exit Syd immediately with deny errno as exit value.

8

Class Method Summary collapse

Class Method Details

.apiInteger

Performs a syd API check by calling the ‘syd_api’ function from the ‘syd’ library.

This method is intended to be used as a preliminary check before making any other syd API calls. It is advisable to perform this check to ensure the API is accessible and functioning as expected.

Returns:

  • (Integer)

    The API number on success.

Raises:

  • (SystemCallError)

    A Ruby exception corresponding to the negated errno on failure.

[View source]

118
119
120
 
# File 'syd.rb', line 118

def self.api
  check_return syd_api
end

.chattr_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chattr sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1629
1630
1631
 
# File 'syd.rb', line 1629

def self.chattr_add(action, glob)
  check_return syd_chattr_add(check_action(action), glob)
end

.chattr_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chattr sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1640
1641
1642
 
# File 'syd.rb', line 1640

def self.chattr_del(action, glob)
  check_return syd_chattr_del(check_action(action), glob)
end

.chattr_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chattr sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1651
1652
1653
 
# File 'syd.rb', line 1651

def self.chattr_rem(action, glob)
  check_return syd_chattr_rem(check_action(action), glob)
end

.chdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1437
1438
1439
 
# File 'syd.rb', line 1437

def self.chdir_add(action, glob)
  check_return syd_chdir_add(check_action(action), glob)
end

.chdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1448
1449
1450
 
# File 'syd.rb', line 1448

def self.chdir_del(action, glob)
  check_return syd_chdir_del(check_action(action), glob)
end

.chdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1459
1460
1461
 
# File 'syd.rb', line 1459

def self.chdir_rem(action, glob)
  check_return syd_chdir_rem(check_action(action), glob)
end

.checkTrueClass

Performs a check by calling the ‘syd_check’ function from the ‘syd’ library. This function essentially performs an lstat system call on the file “/dev/syd”.

corresponding to the errno on failure.

The ‘syd_check’ function returns 0 on success and negated errno on failure. In Ruby, this method translates a non-zero return value into a corresponding SystemCallError exception, providing a more idiomatic way of error handling.

Returns:

  • (TrueClass)

    Returns ‘true` if the operation is successful.

Raises:

  • (SystemCallError)

    Raises the appropriate Ruby exception

[View source]

105
106
107
 
# File 'syd.rb', line 105

def self.check
  check_return syd_check
end

.check_action(action) ⇒ Object

Helper method to check if the action is valid.

Raises:

  • (Errno::EINVAL)
[View source]

2029
2030
2031
2032
2033
 
# File 'syd.rb', line 2029

def self.check_action(action)
  raise Errno::EINVAL unless action.is_a?(Integer) && (ACTION_ALLOW..ACTION_EXIT).cover?(action)

  action
end

.check_return(r) ⇒ Object

Helper method to process return values from libsyd calls

[View source]

2036
2037
2038
2039
2040
2041
 
# File 'syd.rb', line 2036

def self.check_return(r)
  # Convert negative errno to Ruby exception.
  raise Errno.const_get(Errno.constants.find { |e| -r == Errno.const_get(e)::Errno }) unless r >= 0

  r.zero? ? true : r
end

.chgrp_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chgrp sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1565
1566
1567
 
# File 'syd.rb', line 1565

def self.chgrp_add(action, glob)
  check_return syd_chgrp_add(check_action(action), glob)
end

.chgrp_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chgrp sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1576
1577
1578
 
# File 'syd.rb', line 1576

def self.chgrp_del(action, glob)
  check_return syd_chgrp_del(check_action(action), glob)
end

.chgrp_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chgrp sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1587
1588
1589
 
# File 'syd.rb', line 1587

def self.chgrp_rem(action, glob)
  check_return syd_chgrp_rem(check_action(action), glob)
end

.chmod_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chmod sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1597
1598
1599
 
# File 'syd.rb', line 1597

def self.chmod_add(action, glob)
  check_return syd_chmod_add(check_action(action), glob)
end

.chmod_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chmod sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1608
1609
1610
 
# File 'syd.rb', line 1608

def self.chmod_del(action, glob)
  check_return syd_chmod_del(check_action(action), glob)
end

.chmod_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chmod sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1619
1620
1621
 
# File 'syd.rb', line 1619

def self.chmod_rem(action, glob)
  check_return syd_chmod_rem(check_action(action), glob)
end

.chown_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chown sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1533
1534
1535
 
# File 'syd.rb', line 1533

def self.chown_add(action, glob)
  check_return syd_chown_add(check_action(action), glob)
end

.chown_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chown sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1544
1545
1546
 
# File 'syd.rb', line 1544

def self.chown_del(action, glob)
  check_return syd_chown_del(check_action(action), glob)
end

.chown_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chown sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1555
1556
1557
 
# File 'syd.rb', line 1555

def self.chown_rem(action, glob)
  check_return syd_chown_rem(check_action(action), glob)
end

.chroot_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chroot sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1661
1662
1663
 
# File 'syd.rb', line 1661

def self.chroot_add(action, glob)
  check_return syd_chroot_add(check_action(action), glob)
end

.chroot_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chroot sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1672
1673
1674
 
# File 'syd.rb', line 1672

def self.chroot_del(action, glob)
  check_return syd_chroot_del(check_action(action), glob)
end

.chroot_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chroot sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1683
1684
1685
 
# File 'syd.rb', line 1683

def self.chroot_rem(action, glob)
  check_return syd_chroot_rem(check_action(action), glob)
end

.create_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for create sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1277
1278
1279
 
# File 'syd.rb', line 1277

def self.create_add(action, glob)
  check_return syd_create_add(check_action(action), glob)
end

.create_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for create sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1288
1289
1290
 
# File 'syd.rb', line 1288

def self.create_del(action, glob)
  check_return syd_create_del(check_action(action), glob)
end

.create_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for create sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1299
1300
1301
 
# File 'syd.rb', line 1299

def self.create_rem(action, glob)
  check_return syd_create_rem(check_action(action), glob)
end

.default_block(action) ⇒ TrueClass

Set default action for block sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1053
1054
1055
 
# File 'syd.rb', line 1053

def self.default_block(action)
  check_return syd_default_block(check_action(action))
end

.default_chattr(action) ⇒ TrueClass

Set default action for chattr sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

990
991
992
 
# File 'syd.rb', line 990

def self.default_chattr(action)
  check_return syd_default_chattr(check_action(action))
end

.default_chdir(action) ⇒ TrueClass

Set default action for chdir sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

936
937
938
 
# File 'syd.rb', line 936

def self.default_chdir(action)
  check_return syd_default_chdir(check_action(action))
end

.default_chgrp(action) ⇒ TrueClass

Set default action for chgrp sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

972
973
974
 
# File 'syd.rb', line 972

def self.default_chgrp(action)
  check_return syd_default_chgrp(check_action(action))
end

.default_chmod(action) ⇒ TrueClass

Set default action for chmod sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

981
982
983
 
# File 'syd.rb', line 981

def self.default_chmod(action)
  check_return syd_default_chmod(check_action(action))
end

.default_chown(action) ⇒ TrueClass

Set default action for chown sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

963
964
965
 
# File 'syd.rb', line 963

def self.default_chown(action)
  check_return syd_default_chown(check_action(action))
end

.default_chroot(action) ⇒ TrueClass

Set default action for chroot sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

999
1000
1001
 
# File 'syd.rb', line 999

def self.default_chroot(action)
  check_return syd_default_chroot(check_action(action))
end

.default_create(action) ⇒ TrueClass

Set default action for create sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

891
892
893
 
# File 'syd.rb', line 891

def self.default_create(action)
  check_return syd_default_create(check_action(action))
end

.default_delete(action) ⇒ TrueClass

Set default action for delete sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

900
901
902
 
# File 'syd.rb', line 900

def self.default_delete(action)
  check_return syd_default_delete(check_action(action))
end

.default_exec(action) ⇒ TrueClass

Set default action for exec sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

873
874
875
 
# File 'syd.rb', line 873

def self.default_exec(action)
  check_return syd_default_exec(check_action(action))
end

.default_force(action) ⇒ TrueClass

Set default action for force sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1080
1081
1082
 
# File 'syd.rb', line 1080

def self.default_force(action)
  check_return syd_default_force(check_action(action))
end

.default_ioctl(action) ⇒ TrueClass

Set default action for ioctl sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

882
883
884
 
# File 'syd.rb', line 882

def self.default_ioctl(action)
  check_return syd_default_ioctl(check_action(action))
end

.default_mem(action) ⇒ TrueClass

Set default action for memory sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1062
1063
1064
 
# File 'syd.rb', line 1062

def self.default_mem(action)
  check_return syd_default_mem(check_action(action))
end

.default_mkdev(action) ⇒ TrueClass

Set default action for mkdev sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1017
1018
1019
 
# File 'syd.rb', line 1017

def self.default_mkdev(action)
  check_return syd_default_mkdev(check_action(action))
end

.default_mkdir(action) ⇒ TrueClass

Set default action for mkdir sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

954
955
956
 
# File 'syd.rb', line 954

def self.default_mkdir(action)
  check_return syd_default_mkdir(check_action(action))
end

.default_mkfifo(action) ⇒ TrueClass

Set default action for mkfifo sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1026
1027
1028
 
# File 'syd.rb', line 1026

def self.default_mkfifo(action)
  check_return syd_default_mkfifo(check_action(action))
end

.default_mktemp(action) ⇒ TrueClass

Set default action for mktemp sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1035
1036
1037
 
# File 'syd.rb', line 1035

def self.default_mktemp(action)
  check_return syd_default_mktemp(check_action(action))
end

.default_net(action) ⇒ TrueClass

Set default action for net sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1044
1045
1046
 
# File 'syd.rb', line 1044

def self.default_net(action)
  check_return syd_default_net(check_action(action))
end

.default_pid(action) ⇒ TrueClass

Set default action for PID sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1071
1072
1073
 
# File 'syd.rb', line 1071

def self.default_pid(action)
  check_return syd_default_pid(check_action(action))
end

.default_read(action) ⇒ TrueClass

Set default action for read sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

855
856
857
 
# File 'syd.rb', line 855

def self.default_read(action)
  check_return syd_default_read(check_action(action))
end

.default_readdir(action) ⇒ TrueClass

Set default action for readdir sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

945
946
947
 
# File 'syd.rb', line 945

def self.default_readdir(action)
  check_return syd_default_readdir(check_action(action))
end

.default_rename(action) ⇒ TrueClass

Set default action for rename sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

909
910
911
 
# File 'syd.rb', line 909

def self.default_rename(action)
  check_return syd_default_rename(check_action(action))
end

.default_segvguard(action) ⇒ TrueClass

Set default action for SegvGuard.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1089
1090
1091
 
# File 'syd.rb', line 1089

def self.default_segvguard(action)
  check_return syd_default_segvguard(check_action(action))
end

.default_stat(action) ⇒ TrueClass

Set default action for stat sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

846
847
848
 
# File 'syd.rb', line 846

def self.default_stat(action)
  check_return syd_default_stat(check_action(action))
end

.default_symlink(action) ⇒ TrueClass

Set default action for symlink sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

918
919
920
 
# File 'syd.rb', line 918

def self.default_symlink(action)
  check_return syd_default_symlink(check_action(action))
end

.default_tpe(action) ⇒ TrueClass

Set default action for TPE sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1098
1099
1100
 
# File 'syd.rb', line 1098

def self.default_tpe(action)
  check_return syd_default_tpe(check_action(action))
end

.default_truncate(action) ⇒ TrueClass

Set default action for truncate sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

927
928
929
 
# File 'syd.rb', line 927

def self.default_truncate(action)
  check_return syd_default_truncate(check_action(action))
end

.default_utime(action) ⇒ TrueClass

Set default action for utime sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1008
1009
1010
 
# File 'syd.rb', line 1008

def self.default_utime(action)
  check_return syd_default_utime(check_action(action))
end

.default_write(action) ⇒ TrueClass

Set default action for write sandboxing.

Parameters:

  • action (Integer)

    The desired default action.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

864
865
866
 
# File 'syd.rb', line 864

def self.default_write(action)
  check_return syd_default_write(check_action(action))
end

.delete_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for delete sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1309
1310
1311
 
# File 'syd.rb', line 1309

def self.delete_add(action, glob)
  check_return syd_delete_add(check_action(action), glob)
end

.delete_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for delete sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1320
1321
1322
 
# File 'syd.rb', line 1320

def self.delete_del(action, glob)
  check_return syd_delete_del(check_action(action), glob)
end

.delete_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for delete sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1331
1332
1333
 
# File 'syd.rb', line 1331

def self.delete_rem(action, glob)
  check_return syd_delete_rem(check_action(action), glob)
end

.disable_chattrTrueClass

Disable chattr sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

579
580
581
 
# File 'syd.rb', line 579

def self.disable_chattr
  check_return syd_disable_chattr
end

.disable_chdirTrueClass

Disable chdir sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

441
442
443
 
# File 'syd.rb', line 441

def self.disable_chdir
  check_return syd_disable_chdir
end

.disable_chgrpTrueClass

Disable chgrp sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

533
534
535
 
# File 'syd.rb', line 533

def self.disable_chgrp
  check_return syd_disable_chgrp
end

.disable_chmodTrueClass

Disable chmod sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

556
557
558
 
# File 'syd.rb', line 556

def self.disable_chmod
  check_return syd_disable_chmod
end

.disable_chownTrueClass

Disable chown sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

510
511
512
 
# File 'syd.rb', line 510

def self.disable_chown
  check_return syd_disable_chown
end

.disable_chrootTrueClass

Disable chroot sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

602
603
604
 
# File 'syd.rb', line 602

def self.disable_chroot
  check_return syd_disable_chroot
end

.disable_createTrueClass

Disable create sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

326
327
328
 
# File 'syd.rb', line 326

def self.disable_create
  check_return syd_disable_create
end

.disable_deleteTrueClass

Disable delete sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

349
350
351
 
# File 'syd.rb', line 349

def self.disable_delete
  check_return syd_disable_delete
end

.disable_execTrueClass

Disable exec sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

280
281
282
 
# File 'syd.rb', line 280

def self.disable_exec
  check_return syd_disable_exec
end

.disable_forceTrueClass

Disable force sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

807
808
809
 
# File 'syd.rb', line 807

def self.disable_force
  check_return syd_disable_force
end

.disable_ioctlTrueClass

Disable ioctl sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

303
304
305
 
# File 'syd.rb', line 303

def self.disable_ioctl
  check_return syd_disable_ioctl
end

.disable_memTrueClass

Disable memory sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

761
762
763
 
# File 'syd.rb', line 761

def self.disable_mem
  check_return syd_disable_mem
end

.disable_mkdevTrueClass

Disable mkdev sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

648
649
650
 
# File 'syd.rb', line 648

def self.disable_mkdev
  check_return syd_disable_mkdev
end

.disable_mkdirTrueClass

Disable mkdir sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

487
488
489
 
# File 'syd.rb', line 487

def self.disable_mkdir
  check_return syd_disable_mkdir
end

.disable_mkfifoTrueClass

Disable mkfifo sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

671
672
673
 
# File 'syd.rb', line 671

def self.disable_mkfifo
  check_return syd_disable_mkfifo
end

.disable_mktempTrueClass

Disable mktemp sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

694
695
696
 
# File 'syd.rb', line 694

def self.disable_mktemp
  check_return syd_disable_mktemp
end

.disable_netTrueClass

Disable net sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

717
718
719
 
# File 'syd.rb', line 717

def self.disable_net
  check_return syd_disable_net
end

.disable_pidTrueClass

Disable PID sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

784
785
786
 
# File 'syd.rb', line 784

def self.disable_pid
  check_return syd_disable_pid
end

.disable_readTrueClass

Disable read sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

234
235
236
 
# File 'syd.rb', line 234

def self.disable_read
  check_return syd_disable_read
end

.disable_readdirTrueClass

Disable readdir sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

464
465
466
 
# File 'syd.rb', line 464

def self.disable_readdir
  check_return syd_disable_readdir
end

.disable_renameTrueClass

Disable rename sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

372
373
374
 
# File 'syd.rb', line 372

def self.disable_rename
  check_return syd_disable_rename
end

.disable_statTrueClass

Disable stat sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

211
212
213
 
# File 'syd.rb', line 211

def self.disable_stat
  check_return syd_disable_stat
end

.disable_symlinkTrueClass

Disable symlink sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

395
396
397
 
# File 'syd.rb', line 395

def self.disable_symlink
  check_return syd_disable_symlink
end

.disable_tpeTrueClass

Disable TPE sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

830
831
832
 
# File 'syd.rb', line 830

def self.disable_tpe
  check_return syd_disable_tpe
end

.disable_truncateTrueClass

Disable truncate sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

418
419
420
 
# File 'syd.rb', line 418

def self.disable_truncate
  check_return syd_disable_truncate
end

.disable_utimeTrueClass

Disable utime sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

625
626
627
 
# File 'syd.rb', line 625

def self.disable_utime
  check_return syd_disable_utime
end

.disable_writeTrueClass

Disable write sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

257
258
259
 
# File 'syd.rb', line 257

def self.disable_write
  check_return syd_disable_write
end

.enable_chattrTrueClass

Enable chattr sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

571
572
573
 
# File 'syd.rb', line 571

def self.enable_chattr
  check_return syd_enable_chattr
end

.enable_chdirTrueClass

Enable chdir sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

433
434
435
 
# File 'syd.rb', line 433

def self.enable_chdir
  check_return syd_enable_chdir
end

.enable_chgrpTrueClass

Enable chgrp sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

525
526
527
 
# File 'syd.rb', line 525

def self.enable_chgrp
  check_return syd_enable_chgrp
end

.enable_chmodTrueClass

Enable chmod sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

548
549
550
 
# File 'syd.rb', line 548

def self.enable_chmod
  check_return syd_enable_chmod
end

.enable_chownTrueClass

Enable chown sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

502
503
504
 
# File 'syd.rb', line 502

def self.enable_chown
  check_return syd_enable_chown
end

.enable_chrootTrueClass

Enable chroot sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

594
595
596
 
# File 'syd.rb', line 594

def self.enable_chroot
  check_return syd_enable_chroot
end

.enable_createTrueClass

Enable create sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

318
319
320
 
# File 'syd.rb', line 318

def self.enable_create
  check_return syd_enable_create
end

.enable_deleteTrueClass

Enable delete sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

341
342
343
 
# File 'syd.rb', line 341

def self.enable_delete
  check_return syd_enable_delete
end

.enable_execTrueClass

Enable exec sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

272
273
274
 
# File 'syd.rb', line 272

def self.enable_exec
  check_return syd_enable_exec
end

.enable_forceTrueClass

Enable force sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

799
800
801
 
# File 'syd.rb', line 799

def self.enable_force
  check_return syd_enable_force
end

.enable_ioctlTrueClass

Enable ioctl sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

295
296
297
 
# File 'syd.rb', line 295

def self.enable_ioctl
  check_return syd_enable_ioctl
end

.enable_memTrueClass

Enable memory sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

753
754
755
 
# File 'syd.rb', line 753

def self.enable_mem
  check_return syd_enable_mem
end

.enable_mkdevTrueClass

Enable mkdev sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

640
641
642
 
# File 'syd.rb', line 640

def self.enable_mkdev
  check_return syd_enable_mkdev
end

.enable_mkdirTrueClass

Enable mkdir sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

479
480
481
 
# File 'syd.rb', line 479

def self.enable_mkdir
  check_return syd_enable_mkdir
end

.enable_mkfifoTrueClass

Enable mkfifo sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

663
664
665
 
# File 'syd.rb', line 663

def self.enable_mkfifo
  check_return syd_enable_mkfifo
end

.enable_mktempTrueClass

Enable mktemp sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

686
687
688
 
# File 'syd.rb', line 686

def self.enable_mktemp
  check_return syd_enable_mktemp
end

.enable_netTrueClass

Enable net sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

709
710
711
 
# File 'syd.rb', line 709

def self.enable_net
  check_return syd_enable_net
end

.enable_pidTrueClass

Enable PID sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

776
777
778
 
# File 'syd.rb', line 776

def self.enable_pid
  check_return syd_enable_pid
end

.enable_readTrueClass

Enable read sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

226
227
228
 
# File 'syd.rb', line 226

def self.enable_read
  check_return syd_enable_read
end

.enable_readdirTrueClass

Enable readdir sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

456
457
458
 
# File 'syd.rb', line 456

def self.enable_readdir
  check_return syd_enable_readdir
end

.enable_renameTrueClass

Enable rename sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

364
365
366
 
# File 'syd.rb', line 364

def self.enable_rename
  check_return syd_enable_rename
end

.enable_statTrueClass

Enable stat sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

203
204
205
 
# File 'syd.rb', line 203

def self.enable_stat
  check_return syd_enable_stat
end

.enable_symlinkTrueClass

Enable symlink sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

387
388
389
 
# File 'syd.rb', line 387

def self.enable_symlink
  check_return syd_enable_symlink
end

.enable_tpeTrueClass

Enable TPE sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

822
823
824
 
# File 'syd.rb', line 822

def self.enable_tpe
  check_return syd_enable_tpe
end

.enable_truncateTrueClass

Enable truncate sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

410
411
412
 
# File 'syd.rb', line 410

def self.enable_truncate
  check_return syd_enable_truncate
end

.enable_utimeTrueClass

Enable utime sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

617
618
619
 
# File 'syd.rb', line 617

def self.enable_utime
  check_return syd_enable_utime
end

.enable_writeTrueClass

Enable write sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

249
250
251
 
# File 'syd.rb', line 249

def self.enable_write
  check_return syd_enable_write
end

.enabled_chattrBoolean

Checks if chattr sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if chattr sandboxing is enabled, `false` otherwise.

[View source]

586
587
588
 
# File 'syd.rb', line 586

def self.enabled_chattr
  syd_enabled_chattr
end

.enabled_chdirBoolean

Checks if chdir sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if chdir sandboxing is enabled, `false` otherwise.

[View source]

448
449
450
 
# File 'syd.rb', line 448

def self.enabled_chdir
  syd_enabled_chdir
end

.enabled_chgrpBoolean

Checks if chgrp sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if chgrp sandboxing is enabled, `false` otherwise.

[View source]

540
541
542
 
# File 'syd.rb', line 540

def self.enabled_chgrp
  syd_enabled_chgrp
end

.enabled_chmodBoolean

Checks if chmod sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if chmod sandboxing is enabled, `false` otherwise.

[View source]

563
564
565
 
# File 'syd.rb', line 563

def self.enabled_chmod
  syd_enabled_chmod
end

.enabled_chownBoolean

Checks if chown sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if chown sandboxing is enabled, `false` otherwise.

[View source]

517
518
519
 
# File 'syd.rb', line 517

def self.enabled_chown
  syd_enabled_chown
end

.enabled_chrootBoolean

Checks if chroot sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if chroot sandboxing is enabled, `false` otherwise.

[View source]

609
610
611
 
# File 'syd.rb', line 609

def self.enabled_chroot
  syd_enabled_chroot
end

.enabled_createBoolean

Checks if create sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if create sandboxing is enabled, `false` otherwise.

[View source]

333
334
335
 
# File 'syd.rb', line 333

def self.enabled_create
  syd_enabled_create
end

.enabled_cryptBoolean

Checks if crypt sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if crypt sandboxing is enabled, `false` otherwise.

[View source]

738
739
740
 
# File 'syd.rb', line 738

def self.enabled_crypt
  syd_enabled_crypt
end

.enabled_deleteBoolean

Checks if delete sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if delete sandboxing is enabled, `false` otherwise.

[View source]

356
357
358
 
# File 'syd.rb', line 356

def self.enabled_delete
  syd_enabled_delete
end

.enabled_execBoolean

Checks if exec sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if exec sandboxing is enabled, `false` otherwise.

[View source]

287
288
289
 
# File 'syd.rb', line 287

def self.enabled_exec
  syd_enabled_exec
end

.enabled_forceBoolean

Checks if force sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if force sandboxing is enabled, `false` otherwise.

[View source]

814
815
816
 
# File 'syd.rb', line 814

def self.enabled_force
  syd_enabled_force
end

.enabled_ioctlBoolean

Checks if ioctl sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if ioctl sandboxing is enabled, `false` otherwise.

[View source]

310
311
312
 
# File 'syd.rb', line 310

def self.enabled_ioctl
  syd_enabled_ioctl
end

.enabled_lockBoolean

Checks if lock sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if lock sandboxing is enabled, `false` otherwise.

[View source]

731
732
733
 
# File 'syd.rb', line 731

def self.enabled_lock
  syd_enabled_lock
end

.enabled_memBoolean

Checks if memory sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if memory sandboxing is enabled, `false` otherwise.

[View source]

768
769
770
 
# File 'syd.rb', line 768

def self.enabled_mem
  syd_enabled_mem
end

.enabled_mkdevBoolean

Checks if mkdev sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if mkdev sandboxing is enabled, `false` otherwise.

[View source]

655
656
657
 
# File 'syd.rb', line 655

def self.enabled_mkdev
  syd_enabled_mkdev
end

.enabled_mkdirBoolean

Checks if mkdir sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if mkdir sandboxing is enabled, `false` otherwise.

[View source]

494
495
496
 
# File 'syd.rb', line 494

def self.enabled_mkdir
  syd_enabled_mkdir
end

.enabled_mkfifoBoolean

Checks if mkfifo sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if mkfifo sandboxing is enabled, `false` otherwise.

[View source]

678
679
680
 
# File 'syd.rb', line 678

def self.enabled_mkfifo
  syd_enabled_mkfifo
end

.enabled_mktempBoolean

Checks if mktemp sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if mktemp sandboxing is enabled, `false` otherwise.

[View source]

701
702
703
 
# File 'syd.rb', line 701

def self.enabled_mktemp
  syd_enabled_mktemp
end

.enabled_netBoolean

Checks if net sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if net sandboxing is enabled, `false` otherwise.

[View source]

724
725
726
 
# File 'syd.rb', line 724

def self.enabled_net
  syd_enabled_net
end

.enabled_pidBoolean

Checks if PID sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if PID sandboxing is enabled, `false` otherwise.

[View source]

791
792
793
 
# File 'syd.rb', line 791

def self.enabled_pid
  syd_enabled_pid
end

.enabled_proxyBoolean

Checks if proxy sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if proxy sandboxing is enabled, `false` otherwise.

[View source]

745
746
747
 
# File 'syd.rb', line 745

def self.enabled_proxy
  syd_enabled_proxy
end

.enabled_readBoolean

Checks if read sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if Read sandboxing is enabled, `false` otherwise.

[View source]

241
242
243
 
# File 'syd.rb', line 241

def self.enabled_read
  syd_enabled_read
end

.enabled_readdirBoolean

Checks if readdir sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if readdir sandboxing is enabled, `false` otherwise.

[View source]

471
472
473
 
# File 'syd.rb', line 471

def self.enabled_readdir
  syd_enabled_readdir
end

.enabled_renameBoolean

Checks if rename sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if rename sandboxing is enabled, `false` otherwise.

[View source]

379
380
381
 
# File 'syd.rb', line 379

def self.enabled_rename
  syd_enabled_rename
end

.enabled_statBoolean

Checks if stat sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if stat sandboxing is enabled, `false` otherwise.

[View source]

218
219
220
 
# File 'syd.rb', line 218

def self.enabled_stat
  syd_enabled_stat
end

.enabled_symlinkBoolean

Checks if symlink sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if symlink sandboxing is enabled, `false` otherwise.

[View source]

402
403
404
 
# File 'syd.rb', line 402

def self.enabled_symlink
  syd_enabled_symlink
end

.enabled_tpeBoolean

Checks if TPE sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if TPE sandboxing is enabled, `false` otherwise.

[View source]

837
838
839
 
# File 'syd.rb', line 837

def self.enabled_tpe
  syd_enabled_tpe
end

.enabled_truncateBoolean

Checks if truncate sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if truncate sandboxing is enabled, `false` otherwise.

[View source]

425
426
427
 
# File 'syd.rb', line 425

def self.enabled_truncate
  syd_enabled_truncate
end

.enabled_utimeBoolean

Checks if utime sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if utime sandboxing is enabled, `false` otherwise.

[View source]

632
633
634
 
# File 'syd.rb', line 632

def self.enabled_utime
  syd_enabled_utime
end

.enabled_writeBoolean

Checks if write sandboxing is enabled.

Returns:

  • (Boolean)

    Returns ‘true` if write sandboxing is enabled, `false` otherwise.

[View source]

264
265
266
 
# File 'syd.rb', line 264

def self.enabled_write
  syd_enabled_write
end

.exec(file, argv) ⇒ TrueClass

Execute a command outside the sandbox without sandboxing.

This method is used to execute a command in the operating system, bypassing the sandbox. It takes a file path and an array of arguments, converts them to the appropriate C types, and then invokes the syd_exec function from the syd library.

Parameters:

  • file (String)

    The file path of the command to be executed.

  • argv (Array<String>)

    The arguments to the command.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

184
185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'syd.rb', line 184

def self.exec(file, argv)
  # Convert each argument into a memory pointer to a string
  argv_ptrs = argv.map { |arg| FFI::MemoryPointer.from_string(arg) }
  # Append a null pointer to the end of the array to signify the end of arguments
  argv_ptrs << nil

  # Create a memory pointer that will hold pointers to each argument string
  argv_ptr = FFI::MemoryPointer.new(:pointer, argv_ptrs.length)
  # Copy the pointers to the argument strings into the newly created memory pointer
  argv_ptr.put_array_of_pointer(0, argv_ptrs)

  # Call the syd_exec function and handle the return value
  check_return syd_exec(file, argv_ptr)
end

.exec_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for exec sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1213
1214
1215
 
# File 'syd.rb', line 1213

def self.exec_add(action, glob)
  check_return syd_exec_add(check_action(action), glob)
end

.exec_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for exec sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1224
1225
1226
 
# File 'syd.rb', line 1224

def self.exec_del(action, glob)
  check_return syd_exec_del(check_action(action), glob)
end

.exec_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for exec sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1235
1236
1237
 
# File 'syd.rb', line 1235

def self.exec_rem(action, glob)
  check_return syd_exec_rem(check_action(action), glob)
end

.force_add(path, hash, action) ⇒ TrueClass

Adds an entry to the Integrity Force map for Force Sandboxing.

Parameters:

  • path (String)

    Fully-qualified file name as string.

  • hash (String)

    Checksum as hexadecimal encoded string.

  • action (Integer)

    The desired action of for the rule.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1950
1951
1952
 
# File 'syd.rb', line 1950

def self.force_add(path, hash, action)
  check_return syd_force_add(path, hash, check_action(action))
end

.force_clrTrueClass

Clears the Integrity Force map for Force Sandboxing.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1967
1968
1969
 
# File 'syd.rb', line 1967

def self.force_clr
  check_return syd_force_clr
end

.force_del(path) ⇒ TrueClass

Removes an entry from the Integrity Force map for Force Sandboxing.

Parameters:

  • path (String)

    Fully-qualified file name as string.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1959
1960
1961
 
# File 'syd.rb', line 1959

def self.force_del(path)
  check_return syd_force_del(path)
end

.infoHash, NilClass

Reads the state of the syd sandbox from /dev/syd and returns it as a Ruby hash.

This method opens the special file /dev/syd, which contains the current state of the syd sandbox in JSON format. It then parses this state and returns it as a Ruby hash.

a Ruby hash, or nil if JSON module is not available.

Returns:

  • (Hash, NilClass)

    The current state of the syd sandbox as

Raises:

  • (Errno::ENOENT)

    If the file /dev/syd cannot be opened.

  • (JSON::ParserError)

    If the content of /dev/syd is not valid JSON.

[View source]

83
84
85
86
87
88
89
90
91
 
# File 'syd.rb', line 83

def self.info
  begin
    require "json"
  rescue LoadError
    return nil
  end

  JSON.parse File.read("/dev/syd"), symbolize_names: true
end

.ioctl_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for ioctl sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1245
1246
1247
 
# File 'syd.rb', line 1245

def self.ioctl_add(action, glob)
  check_return syd_ioctl_add(check_action(action), glob)
end

.ioctl_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for ioctl sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1256
1257
1258
 
# File 'syd.rb', line 1256

def self.ioctl_del(action, glob)
  check_return syd_ioctl_del(check_action(action), glob)
end

.ioctl_deny(request) ⇒ TrueClass

Adds a request to the ioctl(2) denylist.

param request [Integer] The ioctl(2) request to deny.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1107
1108
1109
 
# File 'syd.rb', line 1107

def self.ioctl_deny(request)
  check_return syd_ioctl_deny(request)
end

.ioctl_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for ioctl sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1267
1268
1269
 
# File 'syd.rb', line 1267

def self.ioctl_rem(action, glob)
  check_return syd_ioctl_rem(check_action(action), glob)
end

.load(fd) ⇒ TrueClass

Causes syd to read configuration from the given file descriptor.

This function is utilized to load configuration settings for syd from a file represented by the provided file descriptor. It’s an essential function for initializing or reconfiguring syd based on external configuration files.

Parameters:

  • fd (Integer)

    The file descriptor of the configuration file.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

158
159
160
 
# File 'syd.rb', line 158

def self.load(fd)
  check_return syd_load(fd)
end

.lock(state) ⇒ TrueClass

Sets the state of the sandbox lock.

Parameters:

  • state (Integer)

    The desired state of the sandbox lock, should be one of LOCK_OFF, LOCK_EXEC, or LOCK_ON.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

167
168
169
170
171
 
# File 'syd.rb', line 167

def self.lock(state)
  raise Errno::EINVAL unless state.is_a?(Integer) && (LOCK_OFF..LOCK_ON).cover?(state)

  check_return syd_lock(state)
end

.mem_max(size) ⇒ TrueClass

Set syd maximum per-process memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.

Parameters:

  • size (String)

    Limit size.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1977
1978
1979
 
# File 'syd.rb', line 1977

def self.mem_max(size)
  check_return syd_mem_max(size)
end

.mem_vm_max(size) ⇒ TrueClass

Set syd maximum per-process virtual memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.

Parameters:

  • size (String)

    Limit size.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1987
1988
1989
 
# File 'syd.rb', line 1987

def self.mem_vm_max(size)
  check_return syd_mem_vm_max(size)
end

.mkdev_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mkdev sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1725
1726
1727
 
# File 'syd.rb', line 1725

def self.mkdev_add(action, glob)
  check_return syd_mkdev_add(check_action(action), glob)
end

.mkdev_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mkdev sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1736
1737
1738
 
# File 'syd.rb', line 1736

def self.mkdev_del(action, glob)
  check_return syd_mkdev_del(check_action(action), glob)
end

.mkdev_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mkdev sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1747
1748
1749
 
# File 'syd.rb', line 1747

def self.mkdev_rem(action, glob)
  check_return syd_mkdev_rem(check_action(action), glob)
end

.mkdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mkdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1501
1502
1503
 
# File 'syd.rb', line 1501

def self.mkdir_add(action, glob)
  check_return syd_mkdir_add(check_action(action), glob)
end

.mkdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mkdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1512
1513
1514
 
# File 'syd.rb', line 1512

def self.mkdir_del(action, glob)
  check_return syd_mkdir_del(check_action(action), glob)
end

.mkdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mkdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1523
1524
1525
 
# File 'syd.rb', line 1523

def self.mkdir_rem(action, glob)
  check_return syd_mkdir_rem(check_action(action), glob)
end

.mkfifo_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mkfifo sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1757
1758
1759
 
# File 'syd.rb', line 1757

def self.mkfifo_add(action, glob)
  check_return syd_mkfifo_add(check_action(action), glob)
end

.mkfifo_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mkfifo sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1768
1769
1770
 
# File 'syd.rb', line 1768

def self.mkfifo_del(action, glob)
  check_return syd_mkfifo_del(check_action(action), glob)
end

.mkfifo_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mkfifo sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1779
1780
1781
 
# File 'syd.rb', line 1779

def self.mkfifo_rem(action, glob)
  check_return syd_mkfifo_rem(check_action(action), glob)
end

.mktemp_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mktemp sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1789
1790
1791
 
# File 'syd.rb', line 1789

def self.mktemp_add(action, glob)
  check_return syd_mktemp_add(check_action(action), glob)
end

.mktemp_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mktemp sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1800
1801
1802
 
# File 'syd.rb', line 1800

def self.mktemp_del(action, glob)
  check_return syd_mktemp_del(check_action(action), glob)
end

.mktemp_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mktemp sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1811
1812
1813
 
# File 'syd.rb', line 1811

def self.mktemp_rem(action, glob)
  check_return syd_mktemp_rem(check_action(action), glob)
end

.net_bind_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/bind sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1821
1822
1823
 
# File 'syd.rb', line 1821

def self.net_bind_add(action, addr)
  check_return syd_net_bind_add(check_action(action), addr)
end

.net_bind_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/bind sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1832
1833
1834
 
# File 'syd.rb', line 1832

def self.net_bind_del(action, addr)
  check_return syd_net_bind_del(check_action(action), addr)
end

.net_bind_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/bind sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1843
1844
1845
 
# File 'syd.rb', line 1843

def self.net_bind_rem(action, addr)
  check_return syd_net_bind_rem(check_action(action), addr)
end

.net_connect_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/connect sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1853
1854
1855
 
# File 'syd.rb', line 1853

def self.net_connect_add(action, addr)
  check_return syd_net_connect_add(check_action(action), addr)
end

.net_connect_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/connect sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1864
1865
1866
 
# File 'syd.rb', line 1864

def self.net_connect_del(action, addr)
  check_return syd_net_connect_del(check_action(action), addr)
end

.net_connect_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/connect sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1875
1876
1877
 
# File 'syd.rb', line 1875

def self.net_connect_rem(action, addr)
  check_return syd_net_connect_rem(check_action(action), addr)
end

.net_link_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/link sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1917
1918
1919
 
# File 'syd.rb', line 1917

def self.net_link_add(action, addr)
  check_return syd_net_link_add(check_action(action), addr)
end

.net_link_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/link sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1928
1929
1930
 
# File 'syd.rb', line 1928

def self.net_link_del(action, addr)
  check_return syd_net_link_del(check_action(action), addr)
end

.net_link_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/link sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1939
1940
1941
 
# File 'syd.rb', line 1939

def self.net_link_rem(action, addr)
  check_return syd_net_link_rem(check_action(action), addr)
end

.net_sendfd_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/sendfd sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1885
1886
1887
 
# File 'syd.rb', line 1885

def self.net_sendfd_add(action, addr)
  check_return syd_net_sendfd_add(check_action(action), addr)
end

.net_sendfd_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/sendfd sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1896
1897
1898
 
# File 'syd.rb', line 1896

def self.net_sendfd_del(action, addr)
  check_return syd_net_sendfd_del(check_action(action), addr)
end

.net_sendfd_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/sendfd sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • addr (String)

    Address pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1907
1908
1909
 
# File 'syd.rb', line 1907

def self.net_sendfd_rem(action, addr)
  check_return syd_net_sendfd_rem(check_action(action), addr)
end

.panicTrueClass

Causes syd to exit immediately with code 127.

This function is designed to trigger an immediate exit of syd with a specific exit code (127). It should be used in scenarios where an immediate and complete termination of syd is necessary.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

130
131
132
 
# File 'syd.rb', line 130

def self.panic
  check_return syd_panic
end

.pid_max(size) ⇒ TrueClass

Set syd maximum process id limit for PID sandboxing

Parameters:

  • size (Integer)

    Limit size, must be greater than or equal to zero.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1996
1997
1998
 
# File 'syd.rb', line 1996

def self.pid_max(size)
  check_return syd_pid_max(size)
end

.read_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for read sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1149
1150
1151
 
# File 'syd.rb', line 1149

def self.read_add(action, glob)
  check_return syd_read_add(check_action(action), glob)
end

.read_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for read sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1160
1161
1162
 
# File 'syd.rb', line 1160

def self.read_del(action, glob)
  check_return syd_read_del(check_action(action), glob)
end

.read_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for read sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1171
1172
1173
 
# File 'syd.rb', line 1171

def self.read_rem(action, glob)
  check_return syd_read_rem(check_action(action), glob)
end

.readdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for readdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1469
1470
1471
 
# File 'syd.rb', line 1469

def self.readdir_add(action, glob)
  check_return syd_readdir_add(check_action(action), glob)
end

.readdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for readdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1480
1481
1482
 
# File 'syd.rb', line 1480

def self.readdir_del(action, glob)
  check_return syd_readdir_del(check_action(action), glob)
end

.readdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for readdir sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1491
1492
1493
 
# File 'syd.rb', line 1491

def self.readdir_rem(action, glob)
  check_return syd_readdir_rem(check_action(action), glob)
end

.rename_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for rename sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1341
1342
1343
 
# File 'syd.rb', line 1341

def self.rename_add(action, glob)
  check_return syd_rename_add(check_action(action), glob)
end

.rename_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for rename sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1352
1353
1354
 
# File 'syd.rb', line 1352

def self.rename_del(action, glob)
  check_return syd_rename_del(check_action(action), glob)
end

.rename_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for rename sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1363
1364
1365
 
# File 'syd.rb', line 1363

def self.rename_rem(action, glob)
  check_return syd_rename_rem(check_action(action), glob)
end

.resetTrueClass

Causes syd to reset sandboxing to the default state. This includes clearing any allowlists, denylists, and filters.

This function should be used when it is necessary to reset the state of syd sandboxing environment to its default settings. It’s particularly useful in scenarios where the sandboxing environment needs to be reconfigured or cleared of all previous configurations.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

144
145
146
 
# File 'syd.rb', line 144

def self.reset
  check_return syd_reset
end

.segvguard_expiry(timeout) ⇒ TrueClass

Specify SegvGuard expiry timeout in seconds, must be greater than or equal to zero. Setting this timeout to 0 effectively disables SegvGuard.

Parameters:

  • timeout (Integer)

    Expiry timeout in seconds, must be greater than or equal to zero.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

2006
2007
2008
 
# File 'syd.rb', line 2006

def self.segvguard_expiry(timeout)
  check_return syd_segvguard_expiry(timeout)
end

.segvguard_maxcrashes(limit) ⇒ TrueClass

Specify SegvGuard max number of crashes before suspension.

Parameters:

  • limit (Integer)

    Limit, must be greater than or equal to zero.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

2024
2025
2026
 
# File 'syd.rb', line 2024

def self.segvguard_maxcrashes(limit)
  check_return syd_segvguard_maxcrashes(limit)
end

.segvguard_suspension(timeout) ⇒ TrueClass

Specify SegvGuard suspension timeout in seconds, must be greater than or equal to zero.

Parameters:

  • timeout (Integer)

    Suspension timeout in seconds, must be greater than or equal to zero.

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

2015
2016
2017
 
# File 'syd.rb', line 2015

def self.segvguard_suspension(timeout)
  check_return syd_segvguard_suspension(timeout)
end

.stat_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for stat sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1117
1118
1119
 
# File 'syd.rb', line 1117

def self.stat_add(action, glob)
  check_return syd_stat_add(check_action(action), glob)
end

.stat_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for stat sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1128
1129
1130
 
# File 'syd.rb', line 1128

def self.stat_del(action, glob)
  check_return syd_stat_del(check_action(action), glob)
end

.stat_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for stat sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1139
1140
1141
 
# File 'syd.rb', line 1139

def self.stat_rem(action, glob)
  check_return syd_stat_rem(check_action(action), glob)
end

.symlink_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for symlink sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1373
1374
1375
 
# File 'syd.rb', line 1373

def self.symlink_add(action, glob)
  check_return syd_symlink_add(check_action(action), glob)
end

.symlink_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for symlink sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1384
1385
1386
 
# File 'syd.rb', line 1384

def self.symlink_del(action, glob)
  check_return syd_symlink_del(check_action(action), glob)
end

.symlink_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for symlink sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1395
1396
1397
 
# File 'syd.rb', line 1395

def self.symlink_rem(action, glob)
  check_return syd_symlink_rem(check_action(action), glob)
end

.truncate_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for truncate sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1405
1406
1407
 
# File 'syd.rb', line 1405

def self.truncate_add(action, glob)
  check_return syd_truncate_add(check_action(action), glob)
end

.truncate_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for truncate sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1416
1417
1418
 
# File 'syd.rb', line 1416

def self.truncate_del(action, glob)
  check_return syd_truncate_del(check_action(action), glob)
end

.truncate_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for truncate sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1427
1428
1429
 
# File 'syd.rb', line 1427

def self.truncate_rem(action, glob)
  check_return syd_truncate_rem(check_action(action), glob)
end

.utime_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for utime sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1693
1694
1695
 
# File 'syd.rb', line 1693

def self.utime_add(action, glob)
  check_return syd_utime_add(check_action(action), glob)
end

.utime_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for utime sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1704
1705
1706
 
# File 'syd.rb', line 1704

def self.utime_del(action, glob)
  check_return syd_utime_del(check_action(action), glob)
end

.utime_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for utime sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1715
1716
1717
 
# File 'syd.rb', line 1715

def self.utime_rem(action, glob)
  check_return syd_utime_rem(check_action(action), glob)
end

.write_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for write sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1181
1182
1183
 
# File 'syd.rb', line 1181

def self.write_add(action, glob)
  check_return syd_write_add(check_action(action), glob)
end

.write_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for write sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1192
1193
1194
 
# File 'syd.rb', line 1192

def self.write_del(action, glob)
  check_return syd_write_del(check_action(action), glob)
end

.write_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for write sandboxing.

Parameters:

  • action (Integer)

    The desired action of for the rule.

  • glob (String)

    Glob pattern

Returns:

  • (TrueClass)

    Returns ‘true` on successful operation.

Raises:

  • (SystemCallError)

    Raises a Ruby exception corresponding to the negated errno on failure.

[View source]

1203
1204
1205
 
# File 'syd.rb', line 1203

def self.write_rem(action, glob)
  check_return syd_write_rem(check_action(action), glob)
end