mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 13:57:35 +00:00
Utilities+Base: Add unveil utility
This utility essentially creates a filesystem sandbox for a specified command, so it can be tested with only the unveiled paths the user specifies beforehand.
This commit is contained in:
parent
7d7127b463
commit
8e16588757
3 changed files with 68 additions and 0 deletions
29
Base/usr/share/man/man1/unveil.md
Normal file
29
Base/usr/share/man/man1/unveil.md
Normal file
|
@ -0,0 +1,29 @@
|
|||
## Name
|
||||
|
||||
unveil - unveil certain paths when running a command
|
||||
|
||||
## Synopsis
|
||||
|
||||
```**sh
|
||||
$ unveil [--path] [command...]
|
||||
```
|
||||
|
||||
## Description
|
||||
|
||||
Run a command under certain path restrictions by using [`unveil`(2)](help://man/2/unveil).
|
||||
|
||||
## Options
|
||||
|
||||
* `-u`, `--path`: Unveil a path, with the format of `permissions,path`
|
||||
|
||||
## Examples
|
||||
|
||||
Run `ls -la /sys/kernel` with restricted access to certain paths:
|
||||
```sh
|
||||
$ unveil --path=r,/etc/timezone --path=r,/usr/lib --path=r,/sys/ --path=r,/etc/passwd --path=r,/etc/group ls -la /sys/kernel
|
||||
```
|
||||
|
||||
Run `ps -ef` with restricted access to certain paths:
|
||||
```sh
|
||||
$ unveil --path=r,/etc/timezone --path=r,/usr/lib --path=r,/sys/ --path=r,/etc/passwd --path=r,/etc/group ps -ef
|
||||
```
|
Loading…
Add table
Add a link
Reference in a new issue