bsdcontrol.rb provides Ruby bindings for libhbsdcontrol.
The following example prints a list of HardenedBSD features that can be enabled, disabled or restored to the system default setting:
#!/usr/bin/env ruby
# Required privileges: user, superuser
require "bsdcontrol"
BSD::Control
.available_features
.each do
print "The ", _1.name, " feature is available", "\n"
end
The next example enables the mprotect feature for the emacs binary. When a feature is enabled for a given file, that setting takes precendence over the system default. The system default can be restored with BSD::Control::Feature#sysdef!:
#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
.feature(:mprotect)
.enable! File.realpath("/usr/local/bin/emacs")
There are five recognized statuses: unknown, enabled, disabled,
sysdef, and invalid. The sysdef status indicates that a feature
is configured to use the system default, and it is the most common
status:
#!/usr/bin/env ruby
# Required privileges: superuser
require "bsdcontrol"
BSD::Control
.feature(:mprotect)
.status("/bin/ls") # => :sysdef
The libhbsdcontrol library is implemented via extended attribute namespaces (see extattr(2)), and the default namespace is the "system" namespace. The "system" namespace requires root privileges if you want to modify or read attributes, but the "user" namespace can be accessed by unprivileged users.
At the moment the HardenedBSD kernel works purely with the system namespace, but there are plans to add support for the user namespace in the future. Switching between namespaces can be achieved with the BSD::Control::Feature#set_namespace method:
#!/usr/bin/env ruby
# Required privileges: user
require "bsdcontrol"
BSD::Control.set_namespace(:user)
BSD::Control["mprotect"].status("/bin/ls") # => :sysdef
A complete API reference is available at 0x1eef.github.io/x/bsdcontrol.rb
bsdcontrol.rb can be installed via rubygems.org:
gem install bsdcontrol.rb
FAQs
Unknown package
We found that bsdcontrol.rb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A new site reviews software projects to reveal if they’re truly FOSS, making complex licensing and distribution models easy to understand.
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.