RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 01:47:34 +00:00
Code Issues Activity Actions

Utilities+Base: Add unveil utility

Browse source 
This utility essentially creates a filesystem sandbox for a specified
command, so it can be tested with only the unveiled paths the user
specifies beforehand.
This commit is contained in:
Liav A 2022-11-04 21:20:10 +02:00 committed by Andrew Kaster
parent 7d7127b463
commit 8e16588757
3 changed files with 68 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

29
Base/usr/share/man/man1/unveil.md Normal file
View file

@ -0,0 +1,29 @@
## Name
unveil - unveil certain paths when running a command
## Synopsis
```**sh
$ unveil [--path] [command...]
```
## Description
Run a command under certain path restrictions by using [`unveil`(2)](help://man/2/unveil).
## Options
* `-u`, `--path`: Unveil a path, with the format of `permissions,path`
## Examples
Run `ls -la /sys/kernel` with restricted access to certain paths:
```sh
$ unveil --path=r,/etc/timezone --path=r,/usr/lib --path=r,/sys/ --path=r,/etc/passwd --path=r,/etc/group ls -la /sys/kernel
```
Run `ps -ef` with restricted access to certain paths:
```sh
$ unveil --path=r,/etc/timezone --path=r,/usr/lib --path=r,/sys/ --path=r,/etc/passwd --path=r,/etc/group ps -ef
```