MacRuby has the Sandbox class which restricts the access to network, to files, etc. Sandbox class is implemented using the sandbox(7) in MacRuby.
You can restrict easily your application to access the network by Sandbox.no_network.apply!
. Ruby methods and Cocoa APIs both are restricted by the Sandbox.
1 2 3 4 5 6 7 8 9 10 |
|
The Sandbox is a good companion to the Ruby standard $SAFE functionality, you may use the Sandbox and $SAFE at the same time.
The Sandbox will be able to restrict your application,
- TCP/IP networking is prohibited.
- All sockets-based networking is prohibited.
- File system writes are prohibited.
- File system writes are restricted to temporary folders.
- All operating system services are prohibited.
As notes,
- Restriction is not able to change after applying.
- Restricts with respect to each process.
Methods in Sandbox Class
Sandbox.no_internet
Restricts TCP/IP networking in current process.
- no_internet -> Sandbox
- [RETURN]
- Returns a Sandbox instance.
- [RETURN]
Sandbox.no_network
Restricts all sockets-based networking in current process.
- no_network -> Sandbox
- [RETURN]
- Returns a Sandbox instance.
- [RETURN]
Sandbox.no_writes
Restricts to write in current process.
- no_writes -> Sandbox
- [RETURN]
- Returns a Sandbox instance.
- [RETURN]
Sandbox.temporary_writes
Restricts to write outside temporary folders in current process.
- temporary_writes -> Sandbox
- [RETURN]
- Returns a Sandbox instance.
- [RETURN]
Sandbox.pure_computation
Restricts all operating system services in current process.
- pure_computation -> Sandbox
- [RETURN]
- Returns a Sandbox instance.
- [RETURN]
Sandbox#apply!
Applies the restriction.
- apply!