rbsyd: Ruby FFI bindings of libsyd, the syd API C Library

!/usr/bin/env ruby frozen_string_literal: true

Syd: rock-solid application kernel

lib/src/syd.rb: Ruby FFI bindings of libsyd, the syd API C Library

SPDX-License-Identifier: LGPL-3.0

Top Level Namespace

Defined Under Namespace

Modules: Syd

Module: Syd

Extended by:: FFI::Library

Defined in:: syd.rb

Overview

Ruby FFI bindings of libsyd, the syd API C Library

Constant Summary collapse

LOCK_OFF = LOCK_OFF: The sandbox lock is off, allowing all sandbox commands. This state means that there are no restrictions on sandbox commands, providing full access to sandbox functionalities.

LOCK_EXEC = LOCK_EXEC: The sandbox lock is set to on for all processes except the initial process (syd exec child). This is the default state. In this state, the sandbox is locked for all new processes except for the initial process that executed the syd command. This provides a balance between security and functionality, allowing the initial process some level of control while restricting others.

LOCK_ON = LOCK_ON: The sandbox lock is on, disallowing all sandbox commands. This state imposes a complete lock down on the sandbox, preventing any sandbox commands from being executed. This is the most restrictive state, ensuring maximum security.

ACTION_ALLOW = Allow system call.

ACTION_WARN = Allow system call and warn.

ACTION_FILTER = Deny system call silently.

ACTION_DENY = Deny system call and warn.

ACTION_PANIC = Deny system call, warn and panic the current Syd thread.

ACTION_STOP = Deny system call, warn and stop offending process.

ACTION_ABORT = Deny system call, warn and abort offending process.

ACTION_KILL = Deny system call, warn and kill offending process.

ACTION_EXIT = Warn, and exit Syd immediately with deny errno as exit value.

Class Method Summary collapse

.api ⇒ Integer

Performs a syd API check by calling the ‘syd_api’ function from the ‘syd’ library.
.chattr_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chattr sandboxing.
.chattr_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chattr sandboxing.
.chattr_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chattr sandboxing.
.chdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chdir sandboxing.
.chdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chdir sandboxing.
.chdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chdir sandboxing.
.check ⇒ TrueClass

Performs a check by calling the ‘syd_check’ function from the ‘syd’ library.
.check_action(action) ⇒ Object

Helper method to check if the action is valid.
.check_return(r) ⇒ Object

Helper method to process return values from libsyd calls.
.chgrp_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chgrp sandboxing.
.chgrp_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chgrp sandboxing.
.chgrp_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chgrp sandboxing.
.chmod_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chmod sandboxing.
.chmod_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chmod sandboxing.
.chmod_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chmod sandboxing.
.chown_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chown sandboxing.
.chown_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chown sandboxing.
.chown_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chown sandboxing.
.chroot_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for chroot sandboxing.
.chroot_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for chroot sandboxing.
.chroot_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for chroot sandboxing.
.create_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for create sandboxing.
.create_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for create sandboxing.
.create_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for create sandboxing.
.default_block(action) ⇒ TrueClass

Set default action for block sandboxing.
.default_chattr(action) ⇒ TrueClass

Set default action for chattr sandboxing.
.default_chdir(action) ⇒ TrueClass

Set default action for chdir sandboxing.
.default_chgrp(action) ⇒ TrueClass

Set default action for chgrp sandboxing.
.default_chmod(action) ⇒ TrueClass

Set default action for chmod sandboxing.
.default_chown(action) ⇒ TrueClass

Set default action for chown sandboxing.
.default_chroot(action) ⇒ TrueClass

Set default action for chroot sandboxing.
.default_create(action) ⇒ TrueClass

Set default action for create sandboxing.
.default_delete(action) ⇒ TrueClass

Set default action for delete sandboxing.
.default_exec(action) ⇒ TrueClass

Set default action for exec sandboxing.
.default_force(action) ⇒ TrueClass

Set default action for force sandboxing.
.default_ioctl(action) ⇒ TrueClass

Set default action for ioctl sandboxing.
.default_mem(action) ⇒ TrueClass

Set default action for memory sandboxing.
.default_mkdev(action) ⇒ TrueClass

Set default action for mkdev sandboxing.
.default_mkdir(action) ⇒ TrueClass

Set default action for mkdir sandboxing.
.default_mkfifo(action) ⇒ TrueClass

Set default action for mkfifo sandboxing.
.default_mktemp(action) ⇒ TrueClass

Set default action for mktemp sandboxing.
.default_net(action) ⇒ TrueClass

Set default action for net sandboxing.
.default_pid(action) ⇒ TrueClass

Set default action for PID sandboxing.
.default_read(action) ⇒ TrueClass

Set default action for read sandboxing.
.default_readdir(action) ⇒ TrueClass

Set default action for readdir sandboxing.
.default_rename(action) ⇒ TrueClass

Set default action for rename sandboxing.
.default_rmdir(action) ⇒ TrueClass

Set default action for rmdir sandboxing.
.default_segvguard(action) ⇒ TrueClass

Set default action for SegvGuard.
.default_stat(action) ⇒ TrueClass

Set default action for stat sandboxing.
.default_symlink(action) ⇒ TrueClass

Set default action for symlink sandboxing.
.default_tpe(action) ⇒ TrueClass

Set default action for TPE sandboxing.
.default_truncate(action) ⇒ TrueClass

Set default action for truncate sandboxing.
.default_utime(action) ⇒ TrueClass

Set default action for utime sandboxing.
.default_write(action) ⇒ TrueClass

Set default action for write sandboxing.
.delete_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for delete sandboxing.
.delete_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for delete sandboxing.
.delete_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for delete sandboxing.
.disable_chattr ⇒ TrueClass

Disable chattr sandboxing.
.disable_chdir ⇒ TrueClass

Disable chdir sandboxing.
.disable_chgrp ⇒ TrueClass

Disable chgrp sandboxing.
.disable_chmod ⇒ TrueClass

Disable chmod sandboxing.
.disable_chown ⇒ TrueClass

Disable chown sandboxing.
.disable_chroot ⇒ TrueClass

Disable chroot sandboxing.
.disable_create ⇒ TrueClass

Disable create sandboxing.
.disable_delete ⇒ TrueClass

Disable delete sandboxing.
.disable_exec ⇒ TrueClass

Disable exec sandboxing.
.disable_force ⇒ TrueClass

Disable force sandboxing.
.disable_ioctl ⇒ TrueClass

Disable ioctl sandboxing.
.disable_mem ⇒ TrueClass

Disable memory sandboxing.
.disable_mkdev ⇒ TrueClass

Disable mkdev sandboxing.
.disable_mkdir ⇒ TrueClass

Disable mkdir sandboxing.
.disable_mkfifo ⇒ TrueClass

Disable mkfifo sandboxing.
.disable_mktemp ⇒ TrueClass

Disable mktemp sandboxing.
.disable_net ⇒ TrueClass

Disable net sandboxing.
.disable_pid ⇒ TrueClass

Disable PID sandboxing.
.disable_read ⇒ TrueClass

Disable read sandboxing.
.disable_readdir ⇒ TrueClass

Disable readdir sandboxing.
.disable_rename ⇒ TrueClass

Disable rename sandboxing.
.disable_rmdir ⇒ TrueClass

Disable rmdir sandboxing.
.disable_stat ⇒ TrueClass

Disable stat sandboxing.
.disable_symlink ⇒ TrueClass

Disable symlink sandboxing.
.disable_tpe ⇒ TrueClass

Disable TPE sandboxing.
.disable_truncate ⇒ TrueClass

Disable truncate sandboxing.
.disable_utime ⇒ TrueClass

Disable utime sandboxing.
.disable_write ⇒ TrueClass

Disable write sandboxing.
.enable_chattr ⇒ TrueClass

Enable chattr sandboxing.
.enable_chdir ⇒ TrueClass

Enable chdir sandboxing.
.enable_chgrp ⇒ TrueClass

Enable chgrp sandboxing.
.enable_chmod ⇒ TrueClass

Enable chmod sandboxing.
.enable_chown ⇒ TrueClass

Enable chown sandboxing.
.enable_chroot ⇒ TrueClass

Enable chroot sandboxing.
.enable_create ⇒ TrueClass

Enable create sandboxing.
.enable_delete ⇒ TrueClass

Enable delete sandboxing.
.enable_exec ⇒ TrueClass

Enable exec sandboxing.
.enable_force ⇒ TrueClass

Enable force sandboxing.
.enable_ioctl ⇒ TrueClass

Enable ioctl sandboxing.
.enable_mem ⇒ TrueClass

Enable memory sandboxing.
.enable_mkdev ⇒ TrueClass

Enable mkdev sandboxing.
.enable_mkdir ⇒ TrueClass

Enable mkdir sandboxing.
.enable_mkfifo ⇒ TrueClass

Enable mkfifo sandboxing.
.enable_mktemp ⇒ TrueClass

Enable mktemp sandboxing.
.enable_net ⇒ TrueClass

Enable net sandboxing.
.enable_pid ⇒ TrueClass

Enable PID sandboxing.
.enable_read ⇒ TrueClass

Enable read sandboxing.
.enable_readdir ⇒ TrueClass

Enable readdir sandboxing.
.enable_rename ⇒ TrueClass

Enable rename sandboxing.
.enable_rmdir ⇒ TrueClass

Enable rmdir sandboxing.
.enable_stat ⇒ TrueClass

Enable stat sandboxing.
.enable_symlink ⇒ TrueClass

Enable symlink sandboxing.
.enable_tpe ⇒ TrueClass

Enable TPE sandboxing.
.enable_truncate ⇒ TrueClass

Enable truncate sandboxing.
.enable_utime ⇒ TrueClass

Enable utime sandboxing.
.enable_write ⇒ TrueClass

Enable write sandboxing.
.enabled_chattr ⇒ Boolean

Checks if chattr sandboxing is enabled.
.enabled_chdir ⇒ Boolean

Checks if chdir sandboxing is enabled.
.enabled_chgrp ⇒ Boolean

Checks if chgrp sandboxing is enabled.
.enabled_chmod ⇒ Boolean

Checks if chmod sandboxing is enabled.
.enabled_chown ⇒ Boolean

Checks if chown sandboxing is enabled.
.enabled_chroot ⇒ Boolean

Checks if chroot sandboxing is enabled.
.enabled_create ⇒ Boolean

Checks if create sandboxing is enabled.
.enabled_crypt ⇒ Boolean

Checks if crypt sandboxing is enabled.
.enabled_delete ⇒ Boolean

Checks if delete sandboxing is enabled.
.enabled_exec ⇒ Boolean

Checks if exec sandboxing is enabled.
.enabled_force ⇒ Boolean

Checks if force sandboxing is enabled.
.enabled_ioctl ⇒ Boolean

Checks if ioctl sandboxing is enabled.
.enabled_lock ⇒ Boolean

Checks if lock sandboxing is enabled.
.enabled_mem ⇒ Boolean

Checks if memory sandboxing is enabled.
.enabled_mkdev ⇒ Boolean

Checks if mkdev sandboxing is enabled.
.enabled_mkdir ⇒ Boolean

Checks if mkdir sandboxing is enabled.
.enabled_mkfifo ⇒ Boolean

Checks if mkfifo sandboxing is enabled.
.enabled_mktemp ⇒ Boolean

Checks if mktemp sandboxing is enabled.
.enabled_net ⇒ Boolean

Checks if net sandboxing is enabled.
.enabled_pid ⇒ Boolean

Checks if PID sandboxing is enabled.
.enabled_proxy ⇒ Boolean

Checks if proxy sandboxing is enabled.
.enabled_read ⇒ Boolean

Checks if read sandboxing is enabled.
.enabled_readdir ⇒ Boolean

Checks if readdir sandboxing is enabled.
.enabled_rename ⇒ Boolean

Checks if rename sandboxing is enabled.
.enabled_rmdir ⇒ Boolean

Checks if rmdir sandboxing is enabled.
.enabled_stat ⇒ Boolean

Checks if stat sandboxing is enabled.
.enabled_symlink ⇒ Boolean

Checks if symlink sandboxing is enabled.
.enabled_tpe ⇒ Boolean

Checks if TPE sandboxing is enabled.
.enabled_truncate ⇒ Boolean

Checks if truncate sandboxing is enabled.
.enabled_utime ⇒ Boolean

Checks if utime sandboxing is enabled.
.enabled_write ⇒ Boolean

Checks if write sandboxing is enabled.
.exec(file, argv) ⇒ TrueClass

Execute a command outside the sandbox without sandboxing.
.exec_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for exec sandboxing.
.exec_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for exec sandboxing.
.exec_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for exec sandboxing.
.force_add(path, hash, action) ⇒ TrueClass

Adds an entry to the Integrity Force map for Force Sandboxing.
.force_clr ⇒ TrueClass

Clears the Integrity Force map for Force Sandboxing.
.force_del(path) ⇒ TrueClass

Removes an entry from the Integrity Force map for Force Sandboxing.
.info ⇒ Hash, NilClass

Reads the state of the syd sandbox from /dev/syd and returns it as a Ruby hash.
.ioctl_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for ioctl sandboxing.
.ioctl_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for ioctl sandboxing.
.ioctl_deny(request) ⇒ TrueClass

Adds a request to the ioctl(2) denylist.
.ioctl_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for ioctl sandboxing.
.load(fd) ⇒ TrueClass

Causes syd to read configuration from the given file descriptor.
.lock(state) ⇒ TrueClass

Sets the state of the sandbox lock.
.mem_max(size) ⇒ TrueClass

Set syd maximum per-process memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.
.mem_vm_max(size) ⇒ TrueClass

Set syd maximum per-process virtual memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.
.mkdev_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mkdev sandboxing.
.mkdev_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mkdev sandboxing.
.mkdev_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mkdev sandboxing.
.mkdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mkdir sandboxing.
.mkdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mkdir sandboxing.
.mkdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mkdir sandboxing.
.mkfifo_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mkfifo sandboxing.
.mkfifo_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mkfifo sandboxing.
.mkfifo_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mkfifo sandboxing.
.mktemp_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for mktemp sandboxing.
.mktemp_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for mktemp sandboxing.
.mktemp_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for mktemp sandboxing.
.net_bind_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/bind sandboxing.
.net_bind_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/bind sandboxing.
.net_bind_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/bind sandboxing.
.net_connect_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/connect sandboxing.
.net_connect_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/connect sandboxing.
.net_connect_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/connect sandboxing.
.net_link_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/link sandboxing.
.net_link_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/link sandboxing.
.net_link_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/link sandboxing.
.net_sendfd_add(action, addr) ⇒ TrueClass

Adds an address to the given actionlist for net/sendfd sandboxing.
.net_sendfd_del(action, addr) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for net/sendfd sandboxing.
.net_sendfd_rem(action, addr) ⇒ TrueClass

Removes all matching patterns from the given actionlist for net/sendfd sandboxing.
.panic ⇒ TrueClass

Causes syd to exit immediately with code 127.
.pid_max(size) ⇒ TrueClass

Set syd maximum process id limit for PID sandboxing.
.read_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for read sandboxing.
.read_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for read sandboxing.
.read_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for read sandboxing.
.readdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for readdir sandboxing.
.readdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for readdir sandboxing.
.readdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for readdir sandboxing.
.rename_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for rename sandboxing.
.rename_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for rename sandboxing.
.rename_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for rename sandboxing.
.reset ⇒ TrueClass

Causes syd to reset sandboxing to the default state.
.rmdir_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for rmdir sandboxing.
.rmdir_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for rmdir sandboxing.
.rmdir_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for rmdir sandboxing.
.segvguard_expiry(timeout) ⇒ TrueClass

Specify SegvGuard expiry timeout in seconds, must be greater than or equal to zero.
.segvguard_maxcrashes(limit) ⇒ TrueClass

Specify SegvGuard max number of crashes before suspension.
.segvguard_suspension(timeout) ⇒ TrueClass

Specify SegvGuard suspension timeout in seconds, must be greater than or equal to zero.
.stat_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for stat sandboxing.
.stat_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for stat sandboxing.
.stat_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for stat sandboxing.
.symlink_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for symlink sandboxing.
.symlink_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for symlink sandboxing.
.symlink_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for symlink sandboxing.
.truncate_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for truncate sandboxing.
.truncate_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for truncate sandboxing.
.truncate_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for truncate sandboxing.
.utime_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for utime sandboxing.
.utime_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for utime sandboxing.
.utime_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for utime sandboxing.
.write_add(action, glob) ⇒ TrueClass

Adds a path to the given actionlist for write sandboxing.
.write_del(action, glob) ⇒ TrueClass

Removes the first instance from the end of the given actionlist for write sandboxing.
.write_rem(action, glob) ⇒ TrueClass

Removes all matching patterns from the given actionlist for write sandboxing.

Class Method Details

.api ⇒ `Integer`

Performs a syd API check by calling the ‘syd_api’ function from the ‘syd’ library.

This method is intended to be used as a preliminary check before making any other syd API calls. It is advisable to perform this check to ensure the API is accessible and functioning as expected.

Returns:

(Integer) —

The API number on success.

Raises:

(SystemCallError) —

A Ruby exception corresponding to the negated errno on failure.



118
119
120

# File 'syd.rb', line 118

def self.api
  check_return syd_api
end

.chattr_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for chattr sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1693
1694
1695

# File 'syd.rb', line 1693

def self.chattr_add(action, glob)
  check_return syd_chattr_add(check_action(action), glob)
end

.chattr_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for chattr sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1704
1705
1706

# File 'syd.rb', line 1704

def self.chattr_del(action, glob)
  check_return syd_chattr_del(check_action(action), glob)
end

.chattr_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for chattr sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1715
1716
1717

# File 'syd.rb', line 1715

def self.chattr_rem(action, glob)
  check_return syd_chattr_rem(check_action(action), glob)
end

.chdir_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for chdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1469
1470
1471

# File 'syd.rb', line 1469

def self.chdir_add(action, glob)
  check_return syd_chdir_add(check_action(action), glob)
end

.chdir_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for chdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1480
1481
1482

# File 'syd.rb', line 1480

def self.chdir_del(action, glob)
  check_return syd_chdir_del(check_action(action), glob)
end

.chdir_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for chdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1491
1492
1493

# File 'syd.rb', line 1491

def self.chdir_rem(action, glob)
  check_return syd_chdir_rem(check_action(action), glob)
end

.check ⇒ `TrueClass`

Performs a check by calling the ‘syd_check’ function from the ‘syd’ library. This function essentially performs an lstat system call on the file “/dev/syd”.

corresponding to the errno on failure.

The ‘syd_check’ function returns 0 on success and negated errno on failure. In Ruby, this method translates a non-zero return value into a corresponding SystemCallError exception, providing a more idiomatic way of error handling.

Returns:

(TrueClass) —

Returns ‘true` if the operation is successful.

Raises:

(SystemCallError) —

Raises the appropriate Ruby exception



105
106
107

# File 'syd.rb', line 105

def self.check
  check_return syd_check
end

.check_action(action) ⇒ `Object`

Helper method to check if the action is valid.

Raises:

(Errno::EINVAL)

# File 'syd.rb', line 2093

def self.check_action(action)
  raise Errno::EINVAL unless action.is_a?(Integer) && (ACTION_ALLOW..ACTION_EXIT).cover?(action)

  action
end

.check_return(r) ⇒ `Object`

Helper method to process return values from libsyd calls

# File 'syd.rb', line 2100

def self.check_return(r)
  # Convert negative errno to Ruby exception.
  raise Errno.const_get(Errno.constants.find { |e| -r == Errno.const_get(e)::Errno }) unless r >= 0

  r.zero? ? true : r
end

.chgrp_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for chgrp sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1629
1630
1631

# File 'syd.rb', line 1629

def self.chgrp_add(action, glob)
  check_return syd_chgrp_add(check_action(action), glob)
end

.chgrp_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for chgrp sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1640
1641
1642

# File 'syd.rb', line 1640

def self.chgrp_del(action, glob)
  check_return syd_chgrp_del(check_action(action), glob)
end

.chgrp_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for chgrp sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1651
1652
1653

# File 'syd.rb', line 1651

def self.chgrp_rem(action, glob)
  check_return syd_chgrp_rem(check_action(action), glob)
end

.chmod_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for chmod sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1661
1662
1663

# File 'syd.rb', line 1661

def self.chmod_add(action, glob)
  check_return syd_chmod_add(check_action(action), glob)
end

.chmod_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for chmod sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1672
1673
1674

# File 'syd.rb', line 1672

def self.chmod_del(action, glob)
  check_return syd_chmod_del(check_action(action), glob)
end

.chmod_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for chmod sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1683
1684
1685

# File 'syd.rb', line 1683

def self.chmod_rem(action, glob)
  check_return syd_chmod_rem(check_action(action), glob)
end

.chown_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for chown sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1597
1598
1599

# File 'syd.rb', line 1597

def self.chown_add(action, glob)
  check_return syd_chown_add(check_action(action), glob)
end

.chown_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for chown sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1608
1609
1610

# File 'syd.rb', line 1608

def self.chown_del(action, glob)
  check_return syd_chown_del(check_action(action), glob)
end

.chown_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for chown sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1619
1620
1621

# File 'syd.rb', line 1619

def self.chown_rem(action, glob)
  check_return syd_chown_rem(check_action(action), glob)
end

.chroot_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for chroot sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1725
1726
1727

# File 'syd.rb', line 1725

def self.chroot_add(action, glob)
  check_return syd_chroot_add(check_action(action), glob)
end

.chroot_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for chroot sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1736
1737
1738

# File 'syd.rb', line 1736

def self.chroot_del(action, glob)
  check_return syd_chroot_del(check_action(action), glob)
end

.chroot_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for chroot sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1747
1748
1749

# File 'syd.rb', line 1747

def self.chroot_rem(action, glob)
  check_return syd_chroot_rem(check_action(action), glob)
end

.create_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for create sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1309
1310
1311

# File 'syd.rb', line 1309

def self.create_add(action, glob)
  check_return syd_create_add(check_action(action), glob)
end

.create_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for create sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1320
1321
1322

# File 'syd.rb', line 1320

def self.create_del(action, glob)
  check_return syd_create_del(check_action(action), glob)
end

.create_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for create sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1331
1332
1333

# File 'syd.rb', line 1331

def self.create_rem(action, glob)
  check_return syd_create_rem(check_action(action), glob)
end

.default_block(action) ⇒ `TrueClass`

Set default action for block sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1085
1086
1087

# File 'syd.rb', line 1085

def self.default_block(action)
  check_return syd_default_block(check_action(action))
end

.default_chattr(action) ⇒ `TrueClass`

Set default action for chattr sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1022
1023
1024

# File 'syd.rb', line 1022

def self.default_chattr(action)
  check_return syd_default_chattr(check_action(action))
end

.default_chdir(action) ⇒ `TrueClass`

Set default action for chdir sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



959
960
961

# File 'syd.rb', line 959

def self.default_chdir(action)
  check_return syd_default_chdir(check_action(action))
end

.default_chgrp(action) ⇒ `TrueClass`

Set default action for chgrp sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1004
1005
1006

# File 'syd.rb', line 1004

def self.default_chgrp(action)
  check_return syd_default_chgrp(check_action(action))
end

.default_chmod(action) ⇒ `TrueClass`

Set default action for chmod sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1013
1014
1015

# File 'syd.rb', line 1013

def self.default_chmod(action)
  check_return syd_default_chmod(check_action(action))
end

.default_chown(action) ⇒ `TrueClass`

Set default action for chown sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



995
996
997

# File 'syd.rb', line 995

def self.default_chown(action)
  check_return syd_default_chown(check_action(action))
end

.default_chroot(action) ⇒ `TrueClass`

Set default action for chroot sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1031
1032
1033

# File 'syd.rb', line 1031

def self.default_chroot(action)
  check_return syd_default_chroot(check_action(action))
end

.default_create(action) ⇒ `TrueClass`

Set default action for create sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



914
915
916

# File 'syd.rb', line 914

def self.default_create(action)
  check_return syd_default_create(check_action(action))
end

.default_delete(action) ⇒ `TrueClass`

Set default action for delete sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



923
924
925

# File 'syd.rb', line 923

def self.default_delete(action)
  check_return syd_default_delete(check_action(action))
end

.default_exec(action) ⇒ `TrueClass`

Set default action for exec sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



896
897
898

# File 'syd.rb', line 896

def self.default_exec(action)
  check_return syd_default_exec(check_action(action))
end

.default_force(action) ⇒ `TrueClass`

Set default action for force sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1112
1113
1114

# File 'syd.rb', line 1112

def self.default_force(action)
  check_return syd_default_force(check_action(action))
end

.default_ioctl(action) ⇒ `TrueClass`

Set default action for ioctl sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



905
906
907

# File 'syd.rb', line 905

def self.default_ioctl(action)
  check_return syd_default_ioctl(check_action(action))
end

.default_mem(action) ⇒ `TrueClass`

Set default action for memory sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1094
1095
1096

# File 'syd.rb', line 1094

def self.default_mem(action)
  check_return syd_default_mem(check_action(action))
end

.default_mkdev(action) ⇒ `TrueClass`

Set default action for mkdev sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1049
1050
1051

# File 'syd.rb', line 1049

def self.default_mkdev(action)
  check_return syd_default_mkdev(check_action(action))
end

.default_mkdir(action) ⇒ `TrueClass`

Set default action for mkdir sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



977
978
979

# File 'syd.rb', line 977

def self.default_mkdir(action)
  check_return syd_default_mkdir(check_action(action))
end

.default_mkfifo(action) ⇒ `TrueClass`

Set default action for mkfifo sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1058
1059
1060

# File 'syd.rb', line 1058

def self.default_mkfifo(action)
  check_return syd_default_mkfifo(check_action(action))
end

.default_mktemp(action) ⇒ `TrueClass`

Set default action for mktemp sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1067
1068
1069

# File 'syd.rb', line 1067

def self.default_mktemp(action)
  check_return syd_default_mktemp(check_action(action))
end

.default_net(action) ⇒ `TrueClass`

Set default action for net sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1076
1077
1078

# File 'syd.rb', line 1076

def self.default_net(action)
  check_return syd_default_net(check_action(action))
end

.default_pid(action) ⇒ `TrueClass`

Set default action for PID sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1103
1104
1105

# File 'syd.rb', line 1103

def self.default_pid(action)
  check_return syd_default_pid(check_action(action))
end

.default_read(action) ⇒ `TrueClass`

Set default action for read sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



878
879
880

# File 'syd.rb', line 878

def self.default_read(action)
  check_return syd_default_read(check_action(action))
end

.default_readdir(action) ⇒ `TrueClass`

Set default action for readdir sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



968
969
970

# File 'syd.rb', line 968

def self.default_readdir(action)
  check_return syd_default_readdir(check_action(action))
end

.default_rename(action) ⇒ `TrueClass`

Set default action for rename sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



932
933
934

# File 'syd.rb', line 932

def self.default_rename(action)
  check_return syd_default_rename(check_action(action))
end

.default_rmdir(action) ⇒ `TrueClass`

Set default action for rmdir sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



986
987
988

# File 'syd.rb', line 986

def self.default_rmdir(action)
  check_return syd_default_rmdir(check_action(action))
end

.default_segvguard(action) ⇒ `TrueClass`

Set default action for SegvGuard.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1121
1122
1123

# File 'syd.rb', line 1121

def self.default_segvguard(action)
  check_return syd_default_segvguard(check_action(action))
end

.default_stat(action) ⇒ `TrueClass`

Set default action for stat sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



869
870
871

# File 'syd.rb', line 869

def self.default_stat(action)
  check_return syd_default_stat(check_action(action))
end

.default_symlink(action) ⇒ `TrueClass`

Set default action for symlink sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



941
942
943

# File 'syd.rb', line 941

def self.default_symlink(action)
  check_return syd_default_symlink(check_action(action))
end

.default_tpe(action) ⇒ `TrueClass`

Set default action for TPE sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1130
1131
1132

# File 'syd.rb', line 1130

def self.default_tpe(action)
  check_return syd_default_tpe(check_action(action))
end

.default_truncate(action) ⇒ `TrueClass`

Set default action for truncate sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



950
951
952

# File 'syd.rb', line 950

def self.default_truncate(action)
  check_return syd_default_truncate(check_action(action))
end

.default_utime(action) ⇒ `TrueClass`

Set default action for utime sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1040
1041
1042

# File 'syd.rb', line 1040

def self.default_utime(action)
  check_return syd_default_utime(check_action(action))
end

.default_write(action) ⇒ `TrueClass`

Set default action for write sandboxing.

Parameters:

action (Integer) —

The desired default action.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



887
888
889

# File 'syd.rb', line 887

def self.default_write(action)
  check_return syd_default_write(check_action(action))
end

.delete_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for delete sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1341
1342
1343

# File 'syd.rb', line 1341

def self.delete_add(action, glob)
  check_return syd_delete_add(check_action(action), glob)
end

.delete_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for delete sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1352
1353
1354

# File 'syd.rb', line 1352

def self.delete_del(action, glob)
  check_return syd_delete_del(check_action(action), glob)
end

.delete_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for delete sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1363
1364
1365

# File 'syd.rb', line 1363

def self.delete_rem(action, glob)
  check_return syd_delete_rem(check_action(action), glob)
end

.disable_chattr ⇒ `TrueClass`

Disable chattr sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



602
603
604

# File 'syd.rb', line 602

def self.disable_chattr
  check_return syd_disable_chattr
end

.disable_chdir ⇒ `TrueClass`

Disable chdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



441
442
443

# File 'syd.rb', line 441

def self.disable_chdir
  check_return syd_disable_chdir
end

.disable_chgrp ⇒ `TrueClass`

Disable chgrp sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



556
557
558

# File 'syd.rb', line 556

def self.disable_chgrp
  check_return syd_disable_chgrp
end

.disable_chmod ⇒ `TrueClass`

Disable chmod sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



579
580
581

# File 'syd.rb', line 579

def self.disable_chmod
  check_return syd_disable_chmod
end

.disable_chown ⇒ `TrueClass`

Disable chown sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



533
534
535

# File 'syd.rb', line 533

def self.disable_chown
  check_return syd_disable_chown
end

.disable_chroot ⇒ `TrueClass`

Disable chroot sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



625
626
627

# File 'syd.rb', line 625

def self.disable_chroot
  check_return syd_disable_chroot
end

.disable_create ⇒ `TrueClass`

Disable create sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



326
327
328

# File 'syd.rb', line 326

def self.disable_create
  check_return syd_disable_create
end

.disable_delete ⇒ `TrueClass`

Disable delete sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



349
350
351

# File 'syd.rb', line 349

def self.disable_delete
  check_return syd_disable_delete
end

.disable_exec ⇒ `TrueClass`

Disable exec sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



280
281
282

# File 'syd.rb', line 280

def self.disable_exec
  check_return syd_disable_exec
end

.disable_force ⇒ `TrueClass`

Disable force sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



830
831
832

# File 'syd.rb', line 830

def self.disable_force
  check_return syd_disable_force
end

.disable_ioctl ⇒ `TrueClass`

Disable ioctl sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



303
304
305

# File 'syd.rb', line 303

def self.disable_ioctl
  check_return syd_disable_ioctl
end

.disable_mem ⇒ `TrueClass`

Disable memory sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



784
785
786

# File 'syd.rb', line 784

def self.disable_mem
  check_return syd_disable_mem
end

.disable_mkdev ⇒ `TrueClass`

Disable mkdev sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



671
672
673

# File 'syd.rb', line 671

def self.disable_mkdev
  check_return syd_disable_mkdev
end

.disable_mkdir ⇒ `TrueClass`

Disable mkdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



487
488
489

# File 'syd.rb', line 487

def self.disable_mkdir
  check_return syd_disable_mkdir
end

.disable_mkfifo ⇒ `TrueClass`

Disable mkfifo sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



694
695
696

# File 'syd.rb', line 694

def self.disable_mkfifo
  check_return syd_disable_mkfifo
end

.disable_mktemp ⇒ `TrueClass`

Disable mktemp sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



717
718
719

# File 'syd.rb', line 717

def self.disable_mktemp
  check_return syd_disable_mktemp
end

.disable_net ⇒ `TrueClass`

Disable net sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



740
741
742

# File 'syd.rb', line 740

def self.disable_net
  check_return syd_disable_net
end

.disable_pid ⇒ `TrueClass`

Disable PID sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



807
808
809

# File 'syd.rb', line 807

def self.disable_pid
  check_return syd_disable_pid
end

.disable_read ⇒ `TrueClass`

Disable read sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



234
235
236

# File 'syd.rb', line 234

def self.disable_read
  check_return syd_disable_read
end

.disable_readdir ⇒ `TrueClass`

Disable readdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



464
465
466

# File 'syd.rb', line 464

def self.disable_readdir
  check_return syd_disable_readdir
end

.disable_rename ⇒ `TrueClass`

Disable rename sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



372
373
374

# File 'syd.rb', line 372

def self.disable_rename
  check_return syd_disable_rename
end

.disable_rmdir ⇒ `TrueClass`

Disable rmdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



510
511
512

# File 'syd.rb', line 510

def self.disable_rmdir
  check_return syd_disable_rmdir
end

.disable_stat ⇒ `TrueClass`

Disable stat sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



211
212
213

# File 'syd.rb', line 211

def self.disable_stat
  check_return syd_disable_stat
end

.disable_symlink ⇒ `TrueClass`

Disable symlink sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



395
396
397

# File 'syd.rb', line 395

def self.disable_symlink
  check_return syd_disable_symlink
end

.disable_tpe ⇒ `TrueClass`

Disable TPE sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



853
854
855

# File 'syd.rb', line 853

def self.disable_tpe
  check_return syd_disable_tpe
end

.disable_truncate ⇒ `TrueClass`

Disable truncate sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



418
419
420

# File 'syd.rb', line 418

def self.disable_truncate
  check_return syd_disable_truncate
end

.disable_utime ⇒ `TrueClass`

Disable utime sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



648
649
650

# File 'syd.rb', line 648

def self.disable_utime
  check_return syd_disable_utime
end

.disable_write ⇒ `TrueClass`

Disable write sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



257
258
259

# File 'syd.rb', line 257

def self.disable_write
  check_return syd_disable_write
end

.enable_chattr ⇒ `TrueClass`

Enable chattr sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



594
595
596

# File 'syd.rb', line 594

def self.enable_chattr
  check_return syd_enable_chattr
end

.enable_chdir ⇒ `TrueClass`

Enable chdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



433
434
435

# File 'syd.rb', line 433

def self.enable_chdir
  check_return syd_enable_chdir
end

.enable_chgrp ⇒ `TrueClass`

Enable chgrp sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



548
549
550

# File 'syd.rb', line 548

def self.enable_chgrp
  check_return syd_enable_chgrp
end

.enable_chmod ⇒ `TrueClass`

Enable chmod sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



571
572
573

# File 'syd.rb', line 571

def self.enable_chmod
  check_return syd_enable_chmod
end

.enable_chown ⇒ `TrueClass`

Enable chown sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



525
526
527

# File 'syd.rb', line 525

def self.enable_chown
  check_return syd_enable_chown
end

.enable_chroot ⇒ `TrueClass`

Enable chroot sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



617
618
619

# File 'syd.rb', line 617

def self.enable_chroot
  check_return syd_enable_chroot
end

.enable_create ⇒ `TrueClass`

Enable create sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



318
319
320

# File 'syd.rb', line 318

def self.enable_create
  check_return syd_enable_create
end

.enable_delete ⇒ `TrueClass`

Enable delete sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



341
342
343

# File 'syd.rb', line 341

def self.enable_delete
  check_return syd_enable_delete
end

.enable_exec ⇒ `TrueClass`

Enable exec sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



272
273
274

# File 'syd.rb', line 272

def self.enable_exec
  check_return syd_enable_exec
end

.enable_force ⇒ `TrueClass`

Enable force sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



822
823
824

# File 'syd.rb', line 822

def self.enable_force
  check_return syd_enable_force
end

.enable_ioctl ⇒ `TrueClass`

Enable ioctl sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



295
296
297

# File 'syd.rb', line 295

def self.enable_ioctl
  check_return syd_enable_ioctl
end

.enable_mem ⇒ `TrueClass`

Enable memory sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



776
777
778

# File 'syd.rb', line 776

def self.enable_mem
  check_return syd_enable_mem
end

.enable_mkdev ⇒ `TrueClass`

Enable mkdev sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



663
664
665

# File 'syd.rb', line 663

def self.enable_mkdev
  check_return syd_enable_mkdev
end

.enable_mkdir ⇒ `TrueClass`

Enable mkdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



479
480
481

# File 'syd.rb', line 479

def self.enable_mkdir
  check_return syd_enable_mkdir
end

.enable_mkfifo ⇒ `TrueClass`

Enable mkfifo sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



686
687
688

# File 'syd.rb', line 686

def self.enable_mkfifo
  check_return syd_enable_mkfifo
end

.enable_mktemp ⇒ `TrueClass`

Enable mktemp sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



709
710
711

# File 'syd.rb', line 709

def self.enable_mktemp
  check_return syd_enable_mktemp
end

.enable_net ⇒ `TrueClass`

Enable net sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



732
733
734

# File 'syd.rb', line 732

def self.enable_net
  check_return syd_enable_net
end

.enable_pid ⇒ `TrueClass`

Enable PID sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



799
800
801

# File 'syd.rb', line 799

def self.enable_pid
  check_return syd_enable_pid
end

.enable_read ⇒ `TrueClass`

Enable read sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



226
227
228

# File 'syd.rb', line 226

def self.enable_read
  check_return syd_enable_read
end

.enable_readdir ⇒ `TrueClass`

Enable readdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



456
457
458

# File 'syd.rb', line 456

def self.enable_readdir
  check_return syd_enable_readdir
end

.enable_rename ⇒ `TrueClass`

Enable rename sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



364
365
366

# File 'syd.rb', line 364

def self.enable_rename
  check_return syd_enable_rename
end

.enable_rmdir ⇒ `TrueClass`

Enable rmdir sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



502
503
504

# File 'syd.rb', line 502

def self.enable_rmdir
  check_return syd_enable_rmdir
end

.enable_stat ⇒ `TrueClass`

Enable stat sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



203
204
205

# File 'syd.rb', line 203

def self.enable_stat
  check_return syd_enable_stat
end

.enable_symlink ⇒ `TrueClass`

Enable symlink sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



387
388
389

# File 'syd.rb', line 387

def self.enable_symlink
  check_return syd_enable_symlink
end

.enable_tpe ⇒ `TrueClass`

Enable TPE sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



845
846
847

# File 'syd.rb', line 845

def self.enable_tpe
  check_return syd_enable_tpe
end

.enable_truncate ⇒ `TrueClass`

Enable truncate sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



410
411
412

# File 'syd.rb', line 410

def self.enable_truncate
  check_return syd_enable_truncate
end

.enable_utime ⇒ `TrueClass`

Enable utime sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



640
641
642

# File 'syd.rb', line 640

def self.enable_utime
  check_return syd_enable_utime
end

.enable_write ⇒ `TrueClass`

Enable write sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



249
250
251

# File 'syd.rb', line 249

def self.enable_write
  check_return syd_enable_write
end

.enabled_chattr ⇒ `Boolean`

Checks if chattr sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if chattr sandboxing is enabled, `false` otherwise.



609
610
611

# File 'syd.rb', line 609

def self.enabled_chattr
  syd_enabled_chattr
end

.enabled_chdir ⇒ `Boolean`

Checks if chdir sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if chdir sandboxing is enabled, `false` otherwise.



448
449
450

# File 'syd.rb', line 448

def self.enabled_chdir
  syd_enabled_chdir
end

.enabled_chgrp ⇒ `Boolean`

Checks if chgrp sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if chgrp sandboxing is enabled, `false` otherwise.



563
564
565

# File 'syd.rb', line 563

def self.enabled_chgrp
  syd_enabled_chgrp
end

.enabled_chmod ⇒ `Boolean`

Checks if chmod sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if chmod sandboxing is enabled, `false` otherwise.



586
587
588

# File 'syd.rb', line 586

def self.enabled_chmod
  syd_enabled_chmod
end

.enabled_chown ⇒ `Boolean`

Checks if chown sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if chown sandboxing is enabled, `false` otherwise.



540
541
542

# File 'syd.rb', line 540

def self.enabled_chown
  syd_enabled_chown
end

.enabled_chroot ⇒ `Boolean`

Checks if chroot sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if chroot sandboxing is enabled, `false` otherwise.



632
633
634

# File 'syd.rb', line 632

def self.enabled_chroot
  syd_enabled_chroot
end

.enabled_create ⇒ `Boolean`

Checks if create sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if create sandboxing is enabled, `false` otherwise.



333
334
335

# File 'syd.rb', line 333

def self.enabled_create
  syd_enabled_create
end

.enabled_crypt ⇒ `Boolean`

Checks if crypt sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if crypt sandboxing is enabled, `false` otherwise.



761
762
763

# File 'syd.rb', line 761

def self.enabled_crypt
  syd_enabled_crypt
end

.enabled_delete ⇒ `Boolean`

Checks if delete sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if delete sandboxing is enabled, `false` otherwise.



356
357
358

# File 'syd.rb', line 356

def self.enabled_delete
  syd_enabled_delete
end

.enabled_exec ⇒ `Boolean`

Checks if exec sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if exec sandboxing is enabled, `false` otherwise.



287
288
289

# File 'syd.rb', line 287

def self.enabled_exec
  syd_enabled_exec
end

.enabled_force ⇒ `Boolean`

Checks if force sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if force sandboxing is enabled, `false` otherwise.



837
838
839

# File 'syd.rb', line 837

def self.enabled_force
  syd_enabled_force
end

.enabled_ioctl ⇒ `Boolean`

Checks if ioctl sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if ioctl sandboxing is enabled, `false` otherwise.



310
311
312

# File 'syd.rb', line 310

def self.enabled_ioctl
  syd_enabled_ioctl
end

.enabled_lock ⇒ `Boolean`

Checks if lock sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if lock sandboxing is enabled, `false` otherwise.



754
755
756

# File 'syd.rb', line 754

def self.enabled_lock
  syd_enabled_lock
end

.enabled_mem ⇒ `Boolean`

Checks if memory sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if memory sandboxing is enabled, `false` otherwise.



791
792
793

# File 'syd.rb', line 791

def self.enabled_mem
  syd_enabled_mem
end

.enabled_mkdev ⇒ `Boolean`

Checks if mkdev sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if mkdev sandboxing is enabled, `false` otherwise.



678
679
680

# File 'syd.rb', line 678

def self.enabled_mkdev
  syd_enabled_mkdev
end

.enabled_mkdir ⇒ `Boolean`

Checks if mkdir sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if mkdir sandboxing is enabled, `false` otherwise.



494
495
496

# File 'syd.rb', line 494

def self.enabled_mkdir
  syd_enabled_mkdir
end

.enabled_mkfifo ⇒ `Boolean`

Checks if mkfifo sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if mkfifo sandboxing is enabled, `false` otherwise.



701
702
703

# File 'syd.rb', line 701

def self.enabled_mkfifo
  syd_enabled_mkfifo
end

.enabled_mktemp ⇒ `Boolean`

Checks if mktemp sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if mktemp sandboxing is enabled, `false` otherwise.



724
725
726

# File 'syd.rb', line 724

def self.enabled_mktemp
  syd_enabled_mktemp
end

.enabled_net ⇒ `Boolean`

Checks if net sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if net sandboxing is enabled, `false` otherwise.



747
748
749

# File 'syd.rb', line 747

def self.enabled_net
  syd_enabled_net
end

.enabled_pid ⇒ `Boolean`

Checks if PID sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if PID sandboxing is enabled, `false` otherwise.



814
815
816

# File 'syd.rb', line 814

def self.enabled_pid
  syd_enabled_pid
end

.enabled_proxy ⇒ `Boolean`

Checks if proxy sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if proxy sandboxing is enabled, `false` otherwise.



768
769
770

# File 'syd.rb', line 768

def self.enabled_proxy
  syd_enabled_proxy
end

.enabled_read ⇒ `Boolean`

Checks if read sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if Read sandboxing is enabled, `false` otherwise.



241
242
243

# File 'syd.rb', line 241

def self.enabled_read
  syd_enabled_read
end

.enabled_readdir ⇒ `Boolean`

Checks if readdir sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if readdir sandboxing is enabled, `false` otherwise.



471
472
473

# File 'syd.rb', line 471

def self.enabled_readdir
  syd_enabled_readdir
end

.enabled_rename ⇒ `Boolean`

Checks if rename sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if rename sandboxing is enabled, `false` otherwise.



379
380
381

# File 'syd.rb', line 379

def self.enabled_rename
  syd_enabled_rename
end

.enabled_rmdir ⇒ `Boolean`

Checks if rmdir sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if rmdir sandboxing is enabled, `false` otherwise.



517
518
519

# File 'syd.rb', line 517

def self.enabled_rmdir
  syd_enabled_rmdir
end

.enabled_stat ⇒ `Boolean`

Checks if stat sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if stat sandboxing is enabled, `false` otherwise.



218
219
220

# File 'syd.rb', line 218

def self.enabled_stat
  syd_enabled_stat
end

.enabled_symlink ⇒ `Boolean`

Checks if symlink sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if symlink sandboxing is enabled, `false` otherwise.



402
403
404

# File 'syd.rb', line 402

def self.enabled_symlink
  syd_enabled_symlink
end

.enabled_tpe ⇒ `Boolean`

Checks if TPE sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if TPE sandboxing is enabled, `false` otherwise.



860
861
862

# File 'syd.rb', line 860

def self.enabled_tpe
  syd_enabled_tpe
end

.enabled_truncate ⇒ `Boolean`

Checks if truncate sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if truncate sandboxing is enabled, `false` otherwise.



425
426
427

# File 'syd.rb', line 425

def self.enabled_truncate
  syd_enabled_truncate
end

.enabled_utime ⇒ `Boolean`

Checks if utime sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if utime sandboxing is enabled, `false` otherwise.



655
656
657

# File 'syd.rb', line 655

def self.enabled_utime
  syd_enabled_utime
end

.enabled_write ⇒ `Boolean`

Checks if write sandboxing is enabled.

Returns:

(Boolean) —

Returns ‘true` if write sandboxing is enabled, `false` otherwise.



264
265
266

# File 'syd.rb', line 264

def self.enabled_write
  syd_enabled_write
end

.exec(file, argv) ⇒ `TrueClass`

Execute a command outside the sandbox without sandboxing.

This method is used to execute a command in the operating system, bypassing the sandbox. It takes a file path and an array of arguments, converts them to the appropriate C types, and then invokes the syd_exec function from the syd library.

Parameters:

file (String) —

The file path of the command to be executed.
argv (Array<String>) —

The arguments to the command.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.

# File 'syd.rb', line 184

def self.exec(file, argv)
  # Convert each argument into a memory pointer to a string
  argv_ptrs = argv.map { |arg| FFI::MemoryPointer.from_string(arg) }
  # Append a null pointer to the end of the array to signify the end of arguments
  argv_ptrs << nil

  # Create a memory pointer that will hold pointers to each argument string
  argv_ptr = FFI::MemoryPointer.new(:pointer, argv_ptrs.length)
  # Copy the pointers to the argument strings into the newly created memory pointer
  argv_ptr.put_array_of_pointer(0, argv_ptrs)

  # Call the syd_exec function and handle the return value
  check_return syd_exec(file, argv_ptr)
end

.exec_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for exec sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1245
1246
1247

# File 'syd.rb', line 1245

def self.exec_add(action, glob)
  check_return syd_exec_add(check_action(action), glob)
end

.exec_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for exec sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1256
1257
1258

# File 'syd.rb', line 1256

def self.exec_del(action, glob)
  check_return syd_exec_del(check_action(action), glob)
end

.exec_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for exec sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1267
1268
1269

# File 'syd.rb', line 1267

def self.exec_rem(action, glob)
  check_return syd_exec_rem(check_action(action), glob)
end

.force_add(path, hash, action) ⇒ `TrueClass`

Adds an entry to the Integrity Force map for Force Sandboxing.

Parameters:

path (String) —

Fully-qualified file name as string.
hash (String) —

Checksum as hexadecimal encoded string.
action (Integer) —

The desired action of for the rule.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2014
2015
2016

# File 'syd.rb', line 2014

def self.force_add(path, hash, action)
  check_return syd_force_add(path, hash, check_action(action))
end

.force_clr ⇒ `TrueClass`

Clears the Integrity Force map for Force Sandboxing.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2031
2032
2033

# File 'syd.rb', line 2031

def self.force_clr
  check_return syd_force_clr
end

.force_del(path) ⇒ `TrueClass`

Removes an entry from the Integrity Force map for Force Sandboxing.

Parameters:

path (String) —

Fully-qualified file name as string.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2023
2024
2025

# File 'syd.rb', line 2023

def self.force_del(path)
  check_return syd_force_del(path)
end

.info ⇒ `Hash`, `NilClass`

Reads the state of the syd sandbox from /dev/syd and returns it as a Ruby hash.

This method opens the special file /dev/syd, which contains the current state of the syd sandbox in JSON format. It then parses this state and returns it as a Ruby hash.

a Ruby hash, or nil if JSON module is not available.

Returns:

(Hash, NilClass) —

The current state of the syd sandbox as

Raises:

(Errno::ENOENT) —

If the file /dev/syd cannot be opened.
(JSON::ParserError) —

If the content of /dev/syd is not valid JSON.

# File 'syd.rb', line 83

def self.info
  begin
    require "json"
  rescue LoadError
    return nil
  end

  JSON.parse File.read("/dev/syd"), symbolize_names: true
end

.ioctl_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for ioctl sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1277
1278
1279

# File 'syd.rb', line 1277

def self.ioctl_add(action, glob)
  check_return syd_ioctl_add(check_action(action), glob)
end

.ioctl_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for ioctl sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1288
1289
1290

# File 'syd.rb', line 1288

def self.ioctl_del(action, glob)
  check_return syd_ioctl_del(check_action(action), glob)
end

.ioctl_deny(request) ⇒ `TrueClass`

Adds a request to the ioctl(2) denylist.

param request [Integer] The ioctl(2) request to deny.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1139
1140
1141

# File 'syd.rb', line 1139

def self.ioctl_deny(request)
  check_return syd_ioctl_deny(request)
end

.ioctl_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for ioctl sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1299
1300
1301

# File 'syd.rb', line 1299

def self.ioctl_rem(action, glob)
  check_return syd_ioctl_rem(check_action(action), glob)
end

.load(fd) ⇒ `TrueClass`

Causes syd to read configuration from the given file descriptor.

This function is utilized to load configuration settings for syd from a file represented by the provided file descriptor. It’s an essential function for initializing or reconfiguring syd based on external configuration files.

Parameters:

fd (Integer) —

The file descriptor of the configuration file.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



158
159
160

# File 'syd.rb', line 158

def self.load(fd)
  check_return syd_load(fd)
end

.lock(state) ⇒ `TrueClass`

Sets the state of the sandbox lock.

Parameters:

state (Integer) —

The desired state of the sandbox lock, should be one of LOCK_OFF, LOCK_EXEC, or LOCK_ON.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.

# File 'syd.rb', line 167

def self.lock(state)
  raise Errno::EINVAL unless state.is_a?(Integer) && (LOCK_OFF..LOCK_ON).cover?(state)

  check_return syd_lock(state)
end

.mem_max(size) ⇒ `TrueClass`

Set syd maximum per-process memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.

Parameters:

size (String) —

Limit size.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2041
2042
2043

# File 'syd.rb', line 2041

def self.mem_max(size)
  check_return syd_mem_max(size)
end

.mem_vm_max(size) ⇒ `TrueClass`

Set syd maximum per-process virtual memory usage limit for memory sandboxing, parse-size crate is used to parse the value so formatted strings are OK.

Parameters:

size (String) —

Limit size.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2051
2052
2053

# File 'syd.rb', line 2051

def self.mem_vm_max(size)
  check_return syd_mem_vm_max(size)
end

.mkdev_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for mkdev sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1789
1790
1791

# File 'syd.rb', line 1789

def self.mkdev_add(action, glob)
  check_return syd_mkdev_add(check_action(action), glob)
end

.mkdev_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for mkdev sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1800
1801
1802

# File 'syd.rb', line 1800

def self.mkdev_del(action, glob)
  check_return syd_mkdev_del(check_action(action), glob)
end

.mkdev_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for mkdev sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1811
1812
1813

# File 'syd.rb', line 1811

def self.mkdev_rem(action, glob)
  check_return syd_mkdev_rem(check_action(action), glob)
end

.mkdir_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for mkdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1533
1534
1535

# File 'syd.rb', line 1533

def self.mkdir_add(action, glob)
  check_return syd_mkdir_add(check_action(action), glob)
end

.mkdir_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for mkdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1544
1545
1546

# File 'syd.rb', line 1544

def self.mkdir_del(action, glob)
  check_return syd_mkdir_del(check_action(action), glob)
end

.mkdir_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for mkdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1555
1556
1557

# File 'syd.rb', line 1555

def self.mkdir_rem(action, glob)
  check_return syd_mkdir_rem(check_action(action), glob)
end

.mkfifo_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for mkfifo sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1821
1822
1823

# File 'syd.rb', line 1821

def self.mkfifo_add(action, glob)
  check_return syd_mkfifo_add(check_action(action), glob)
end

.mkfifo_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for mkfifo sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1832
1833
1834

# File 'syd.rb', line 1832

def self.mkfifo_del(action, glob)
  check_return syd_mkfifo_del(check_action(action), glob)
end

.mkfifo_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for mkfifo sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1843
1844
1845

# File 'syd.rb', line 1843

def self.mkfifo_rem(action, glob)
  check_return syd_mkfifo_rem(check_action(action), glob)
end

.mktemp_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for mktemp sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1853
1854
1855

# File 'syd.rb', line 1853

def self.mktemp_add(action, glob)
  check_return syd_mktemp_add(check_action(action), glob)
end

.mktemp_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for mktemp sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1864
1865
1866

# File 'syd.rb', line 1864

def self.mktemp_del(action, glob)
  check_return syd_mktemp_del(check_action(action), glob)
end

.mktemp_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for mktemp sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1875
1876
1877

# File 'syd.rb', line 1875

def self.mktemp_rem(action, glob)
  check_return syd_mktemp_rem(check_action(action), glob)
end

.net_bind_add(action, addr) ⇒ `TrueClass`

Adds an address to the given actionlist for net/bind sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1885
1886
1887

# File 'syd.rb', line 1885

def self.net_bind_add(action, addr)
  check_return syd_net_bind_add(check_action(action), addr)
end

.net_bind_del(action, addr) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for net/bind sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1896
1897
1898

# File 'syd.rb', line 1896

def self.net_bind_del(action, addr)
  check_return syd_net_bind_del(check_action(action), addr)
end

.net_bind_rem(action, addr) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for net/bind sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1907
1908
1909

# File 'syd.rb', line 1907

def self.net_bind_rem(action, addr)
  check_return syd_net_bind_rem(check_action(action), addr)
end

.net_connect_add(action, addr) ⇒ `TrueClass`

Adds an address to the given actionlist for net/connect sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1917
1918
1919

# File 'syd.rb', line 1917

def self.net_connect_add(action, addr)
  check_return syd_net_connect_add(check_action(action), addr)
end

.net_connect_del(action, addr) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for net/connect sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1928
1929
1930

# File 'syd.rb', line 1928

def self.net_connect_del(action, addr)
  check_return syd_net_connect_del(check_action(action), addr)
end

.net_connect_rem(action, addr) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for net/connect sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1939
1940
1941

# File 'syd.rb', line 1939

def self.net_connect_rem(action, addr)
  check_return syd_net_connect_rem(check_action(action), addr)
end

.net_link_add(action, addr) ⇒ `TrueClass`

Adds an address to the given actionlist for net/link sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1981
1982
1983

# File 'syd.rb', line 1981

def self.net_link_add(action, addr)
  check_return syd_net_link_add(check_action(action), addr)
end

.net_link_del(action, addr) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for net/link sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1992
1993
1994

# File 'syd.rb', line 1992

def self.net_link_del(action, addr)
  check_return syd_net_link_del(check_action(action), addr)
end

.net_link_rem(action, addr) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for net/link sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2003
2004
2005

# File 'syd.rb', line 2003

def self.net_link_rem(action, addr)
  check_return syd_net_link_rem(check_action(action), addr)
end

.net_sendfd_add(action, addr) ⇒ `TrueClass`

Adds an address to the given actionlist for net/sendfd sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1949
1950
1951

# File 'syd.rb', line 1949

def self.net_sendfd_add(action, addr)
  check_return syd_net_sendfd_add(check_action(action), addr)
end

.net_sendfd_del(action, addr) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for net/sendfd sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1960
1961
1962

# File 'syd.rb', line 1960

def self.net_sendfd_del(action, addr)
  check_return syd_net_sendfd_del(check_action(action), addr)
end

.net_sendfd_rem(action, addr) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for net/sendfd sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
addr (String) —

Address pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1971
1972
1973

# File 'syd.rb', line 1971

def self.net_sendfd_rem(action, addr)
  check_return syd_net_sendfd_rem(check_action(action), addr)
end

.panic ⇒ `TrueClass`

Causes syd to exit immediately with code 127.

This function is designed to trigger an immediate exit of syd with a specific exit code (127). It should be used in scenarios where an immediate and complete termination of syd is necessary.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



130
131
132

# File 'syd.rb', line 130

def self.panic
  check_return syd_panic
end

.pid_max(size) ⇒ `TrueClass`

Set syd maximum process id limit for PID sandboxing

Parameters:

size (Integer) —

Limit size, must be greater than or equal to zero.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2060
2061
2062

# File 'syd.rb', line 2060

def self.pid_max(size)
  check_return syd_pid_max(size)
end

.read_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for read sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1181
1182
1183

# File 'syd.rb', line 1181

def self.read_add(action, glob)
  check_return syd_read_add(check_action(action), glob)
end

.read_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for read sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1192
1193
1194

# File 'syd.rb', line 1192

def self.read_del(action, glob)
  check_return syd_read_del(check_action(action), glob)
end

.read_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for read sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1203
1204
1205

# File 'syd.rb', line 1203

def self.read_rem(action, glob)
  check_return syd_read_rem(check_action(action), glob)
end

.readdir_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for readdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1501
1502
1503

# File 'syd.rb', line 1501

def self.readdir_add(action, glob)
  check_return syd_readdir_add(check_action(action), glob)
end

.readdir_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for readdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1512
1513
1514

# File 'syd.rb', line 1512

def self.readdir_del(action, glob)
  check_return syd_readdir_del(check_action(action), glob)
end

.readdir_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for readdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1523
1524
1525

# File 'syd.rb', line 1523

def self.readdir_rem(action, glob)
  check_return syd_readdir_rem(check_action(action), glob)
end

.rename_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for rename sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1373
1374
1375

# File 'syd.rb', line 1373

def self.rename_add(action, glob)
  check_return syd_rename_add(check_action(action), glob)
end

.rename_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for rename sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1384
1385
1386

# File 'syd.rb', line 1384

def self.rename_del(action, glob)
  check_return syd_rename_del(check_action(action), glob)
end

.rename_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for rename sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1395
1396
1397

# File 'syd.rb', line 1395

def self.rename_rem(action, glob)
  check_return syd_rename_rem(check_action(action), glob)
end

.reset ⇒ `TrueClass`

Causes syd to reset sandboxing to the default state. This includes clearing any allowlists, denylists, and filters.

This function should be used when it is necessary to reset the state of syd sandboxing environment to its default settings. It’s particularly useful in scenarios where the sandboxing environment needs to be reconfigured or cleared of all previous configurations.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



144
145
146

# File 'syd.rb', line 144

def self.reset
  check_return syd_reset
end

.rmdir_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for rmdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1565
1566
1567

# File 'syd.rb', line 1565

def self.rmdir_add(action, glob)
  check_return syd_rmdir_add(check_action(action), glob)
end

.rmdir_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for rmdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1576
1577
1578

# File 'syd.rb', line 1576

def self.rmdir_del(action, glob)
  check_return syd_rmdir_del(check_action(action), glob)
end

.rmdir_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for rmdir sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1587
1588
1589

# File 'syd.rb', line 1587

def self.rmdir_rem(action, glob)
  check_return syd_rmdir_rem(check_action(action), glob)
end

.segvguard_expiry(timeout) ⇒ `TrueClass`

Specify SegvGuard expiry timeout in seconds, must be greater than or equal to zero. Setting this timeout to 0 effectively disables SegvGuard.

Parameters:

timeout (Integer) —

Expiry timeout in seconds, must be greater than or equal to zero.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2070
2071
2072

# File 'syd.rb', line 2070

def self.segvguard_expiry(timeout)
  check_return syd_segvguard_expiry(timeout)
end

.segvguard_maxcrashes(limit) ⇒ `TrueClass`

Specify SegvGuard max number of crashes before suspension.

Parameters:

limit (Integer) —

Limit, must be greater than or equal to zero.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2088
2089
2090

# File 'syd.rb', line 2088

def self.segvguard_maxcrashes(limit)
  check_return syd_segvguard_maxcrashes(limit)
end

.segvguard_suspension(timeout) ⇒ `TrueClass`

Specify SegvGuard suspension timeout in seconds, must be greater than or equal to zero.

Parameters:

timeout (Integer) —

Suspension timeout in seconds, must be greater than or equal to zero.

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



2079
2080
2081

# File 'syd.rb', line 2079

def self.segvguard_suspension(timeout)
  check_return syd_segvguard_suspension(timeout)
end

.stat_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for stat sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1149
1150
1151

# File 'syd.rb', line 1149

def self.stat_add(action, glob)
  check_return syd_stat_add(check_action(action), glob)
end

.stat_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for stat sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1160
1161
1162

# File 'syd.rb', line 1160

def self.stat_del(action, glob)
  check_return syd_stat_del(check_action(action), glob)
end

.stat_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for stat sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1171
1172
1173

# File 'syd.rb', line 1171

def self.stat_rem(action, glob)
  check_return syd_stat_rem(check_action(action), glob)
end

.symlink_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for symlink sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1405
1406
1407

# File 'syd.rb', line 1405

def self.symlink_add(action, glob)
  check_return syd_symlink_add(check_action(action), glob)
end

.symlink_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for symlink sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1416
1417
1418

# File 'syd.rb', line 1416

def self.symlink_del(action, glob)
  check_return syd_symlink_del(check_action(action), glob)
end

.symlink_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for symlink sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1427
1428
1429

# File 'syd.rb', line 1427

def self.symlink_rem(action, glob)
  check_return syd_symlink_rem(check_action(action), glob)
end

.truncate_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for truncate sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1437
1438
1439

# File 'syd.rb', line 1437

def self.truncate_add(action, glob)
  check_return syd_truncate_add(check_action(action), glob)
end

.truncate_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for truncate sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1448
1449
1450

# File 'syd.rb', line 1448

def self.truncate_del(action, glob)
  check_return syd_truncate_del(check_action(action), glob)
end

.truncate_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for truncate sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1459
1460
1461

# File 'syd.rb', line 1459

def self.truncate_rem(action, glob)
  check_return syd_truncate_rem(check_action(action), glob)
end

.utime_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for utime sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1757
1758
1759

# File 'syd.rb', line 1757

def self.utime_add(action, glob)
  check_return syd_utime_add(check_action(action), glob)
end

.utime_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for utime sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1768
1769
1770

# File 'syd.rb', line 1768

def self.utime_del(action, glob)
  check_return syd_utime_del(check_action(action), glob)
end

.utime_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for utime sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1779
1780
1781

# File 'syd.rb', line 1779

def self.utime_rem(action, glob)
  check_return syd_utime_rem(check_action(action), glob)
end

.write_add(action, glob) ⇒ `TrueClass`

Adds a path to the given actionlist for write sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1213
1214
1215

# File 'syd.rb', line 1213

def self.write_add(action, glob)
  check_return syd_write_add(check_action(action), glob)
end

.write_del(action, glob) ⇒ `TrueClass`

Removes the first instance from the end of the given actionlist for write sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1224
1225
1226

# File 'syd.rb', line 1224

def self.write_del(action, glob)
  check_return syd_write_del(check_action(action), glob)
end

.write_rem(action, glob) ⇒ `TrueClass`

Removes all matching patterns from the given actionlist for write sandboxing.

Parameters:

action (Integer) —

The desired action of for the rule.
glob (String) —

Glob pattern

Returns:

(TrueClass) —

Returns ‘true` on successful operation.

Raises:

(SystemCallError) —

Raises a Ruby exception corresponding to the negated errno on failure.



1235
1236
1237

# File 'syd.rb', line 1235

def self.write_rem(action, glob)
  check_return syd_write_rem(check_action(action), glob)
end

rbsyd: Ruby FFI bindings of libsyd, the syd API C Library

Top Level Namespace

Defined Under Namespace

Module: Syd

Overview

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.api ⇒ Integer

.chattr_add(action, glob) ⇒ TrueClass

.chattr_del(action, glob) ⇒ TrueClass

.chattr_rem(action, glob) ⇒ TrueClass

.chdir_add(action, glob) ⇒ TrueClass

.chdir_del(action, glob) ⇒ TrueClass

.chdir_rem(action, glob) ⇒ TrueClass

.check ⇒ TrueClass

.check_action(action) ⇒ Object

.check_return(r) ⇒ Object

.chgrp_add(action, glob) ⇒ TrueClass

.chgrp_del(action, glob) ⇒ TrueClass

.chgrp_rem(action, glob) ⇒ TrueClass

.chmod_add(action, glob) ⇒ TrueClass

.chmod_del(action, glob) ⇒ TrueClass

.chmod_rem(action, glob) ⇒ TrueClass

.chown_add(action, glob) ⇒ TrueClass

.chown_del(action, glob) ⇒ TrueClass

.chown_rem(action, glob) ⇒ TrueClass

.chroot_add(action, glob) ⇒ TrueClass

.chroot_del(action, glob) ⇒ TrueClass

.chroot_rem(action, glob) ⇒ TrueClass

.create_add(action, glob) ⇒ TrueClass

.create_del(action, glob) ⇒ TrueClass

.create_rem(action, glob) ⇒ TrueClass

.default_block(action) ⇒ TrueClass

.default_chattr(action) ⇒ TrueClass

.default_chdir(action) ⇒ TrueClass

.default_chgrp(action) ⇒ TrueClass

.default_chmod(action) ⇒ TrueClass

.default_chown(action) ⇒ TrueClass

.default_chroot(action) ⇒ TrueClass

.default_create(action) ⇒ TrueClass

.default_delete(action) ⇒ TrueClass

.default_exec(action) ⇒ TrueClass

.default_force(action) ⇒ TrueClass

.default_ioctl(action) ⇒ TrueClass

.default_mem(action) ⇒ TrueClass

.default_mkdev(action) ⇒ TrueClass

.default_mkdir(action) ⇒ TrueClass

.default_mkfifo(action) ⇒ TrueClass

.default_mktemp(action) ⇒ TrueClass

.default_net(action) ⇒ TrueClass

.default_pid(action) ⇒ TrueClass

.default_read(action) ⇒ TrueClass

.default_readdir(action) ⇒ TrueClass

.default_rename(action) ⇒ TrueClass

.default_rmdir(action) ⇒ TrueClass

.default_segvguard(action) ⇒ TrueClass

.default_stat(action) ⇒ TrueClass

.default_symlink(action) ⇒ TrueClass

.default_tpe(action) ⇒ TrueClass

.default_truncate(action) ⇒ TrueClass

.default_utime(action) ⇒ TrueClass

.default_write(action) ⇒ TrueClass

.delete_add(action, glob) ⇒ TrueClass

.delete_del(action, glob) ⇒ TrueClass

.delete_rem(action, glob) ⇒ TrueClass

.disable_chattr ⇒ TrueClass

.disable_chdir ⇒ TrueClass

.disable_chgrp ⇒ TrueClass

.disable_chmod ⇒ TrueClass

.disable_chown ⇒ TrueClass

.disable_chroot ⇒ TrueClass

.disable_create ⇒ TrueClass

.disable_delete ⇒ TrueClass

.disable_exec ⇒ TrueClass

.disable_force ⇒ TrueClass

.disable_ioctl ⇒ TrueClass

.disable_mem ⇒ TrueClass

.disable_mkdev ⇒ TrueClass

.disable_mkdir ⇒ TrueClass

.api ⇒ `Integer`

.chattr_add(action, glob) ⇒ `TrueClass`

.chattr_del(action, glob) ⇒ `TrueClass`

.chattr_rem(action, glob) ⇒ `TrueClass`

.chdir_add(action, glob) ⇒ `TrueClass`

.chdir_del(action, glob) ⇒ `TrueClass`

.chdir_rem(action, glob) ⇒ `TrueClass`

.check ⇒ `TrueClass`

.check_action(action) ⇒ `Object`

.check_return(r) ⇒ `Object`

.chgrp_add(action, glob) ⇒ `TrueClass`

.chgrp_del(action, glob) ⇒ `TrueClass`

.chgrp_rem(action, glob) ⇒ `TrueClass`

.chmod_add(action, glob) ⇒ `TrueClass`

.chmod_del(action, glob) ⇒ `TrueClass`

.chmod_rem(action, glob) ⇒ `TrueClass`

.chown_add(action, glob) ⇒ `TrueClass`

.chown_del(action, glob) ⇒ `TrueClass`

.chown_rem(action, glob) ⇒ `TrueClass`

.chroot_add(action, glob) ⇒ `TrueClass`

.chroot_del(action, glob) ⇒ `TrueClass`

.chroot_rem(action, glob) ⇒ `TrueClass`

.create_add(action, glob) ⇒ `TrueClass`

.create_del(action, glob) ⇒ `TrueClass`

.create_rem(action, glob) ⇒ `TrueClass`

.default_block(action) ⇒ `TrueClass`

.default_chattr(action) ⇒ `TrueClass`

.default_chdir(action) ⇒ `TrueClass`

.default_chgrp(action) ⇒ `TrueClass`

.default_chmod(action) ⇒ `TrueClass`

.default_chown(action) ⇒ `TrueClass`

.default_chroot(action) ⇒ `TrueClass`

.default_create(action) ⇒ `TrueClass`

.default_delete(action) ⇒ `TrueClass`

.default_exec(action) ⇒ `TrueClass`

.default_force(action) ⇒ `TrueClass`

.default_ioctl(action) ⇒ `TrueClass`

.default_mem(action) ⇒ `TrueClass`

.default_mkdev(action) ⇒ `TrueClass`

.default_mkdir(action) ⇒ `TrueClass`

.default_mkfifo(action) ⇒ `TrueClass`

.default_mktemp(action) ⇒ `TrueClass`

.default_net(action) ⇒ `TrueClass`

.default_pid(action) ⇒ `TrueClass`

.default_read(action) ⇒ `TrueClass`

.default_readdir(action) ⇒ `TrueClass`

.default_rename(action) ⇒ `TrueClass`

.default_rmdir(action) ⇒ `TrueClass`

.default_segvguard(action) ⇒ `TrueClass`

.default_stat(action) ⇒ `TrueClass`

.default_symlink(action) ⇒ `TrueClass`

.default_tpe(action) ⇒ `TrueClass`

.default_truncate(action) ⇒ `TrueClass`

.default_utime(action) ⇒ `TrueClass`

.default_write(action) ⇒ `TrueClass`

.delete_add(action, glob) ⇒ `TrueClass`

.delete_del(action, glob) ⇒ `TrueClass`

.delete_rem(action, glob) ⇒ `TrueClass`

.disable_chattr ⇒ `TrueClass`

.disable_chdir ⇒ `TrueClass`

.disable_chgrp ⇒ `TrueClass`

.disable_chmod ⇒ `TrueClass`

.disable_chown ⇒ `TrueClass`

.disable_chroot ⇒ `TrueClass`

.disable_create ⇒ `TrueClass`

.disable_delete ⇒ `TrueClass`

.disable_exec ⇒ `TrueClass`

.disable_force ⇒ `TrueClass`

.disable_ioctl ⇒ `TrueClass`

.disable_mem ⇒ `TrueClass`

.disable_mkdev ⇒ `TrueClass`

.disable_mkdir ⇒ `TrueClass`

.disable_mkfifo ⇒ `TrueClass`

.disable_mktemp ⇒ `TrueClass`

.disable_net ⇒ `TrueClass`

.disable_pid ⇒ `TrueClass`

.disable_read ⇒ `TrueClass`

.disable_readdir ⇒ `TrueClass`

.disable_rename ⇒ `TrueClass`

.disable_rmdir ⇒ `TrueClass`