Method: Pledge#unveil
- Defined in:
- lib/unveil.rb
#unveil(paths) ⇒ Object
Limit access to the file system using unveil(2). paths should be a hash where keys are paths and values are the access permissions for that path. Each value should be a string with the following characters specifying what permissions are allowed:
- r
-
Allow read access to existing files and directories
- w
-
Allow write access to existing files and directories
- c
-
Allow create/delete access for new files and directories
- x
-
Allow execute access to programs
You can use the empty string as permissions if you want to allow no access to the given path, even if you have granted some access to a folder above the given folder. You can use a value of :gem to allow read access to the directory for the gem specified by the key.
If called with an empty hash, adds an unveil of / with no permissions, which denies all access to the file system if unveil_without_lock was not called previously.
24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/unveil.rb', line 24 def unveil(paths) # :nocov: raise NotImplementedError, "unveil not supported" unless Pledge.respond_to?(:_unveil, true) # :nocov: if paths.empty? paths = {'/'=>''} end unveil_without_lock(paths) _finalize_unveil! end |