NAME
cap_fcntls_limit,
cap_fcntls_get —
manage allowed fcntl
commands
LIBRARY
library “libc”
SYNOPSIS
#include
<sys/capsicum.h>
int
cap_fcntls_limit(int
fd, uint32_t
fcntlrights);
int
cap_fcntls_get(int
fd, uint32_t
*fcntlrightsp);
DESCRIPTION
If a file descriptor is granted theCAP_FCNTL capability
right, the list of allowed
fcntl(2) commands can be selectively reduced (but never expanded) with
the
cap_fcntls_limit()
system call.
A bitmask of allowed fcntls commands for a
given file descriptor can be obtained with the
cap_fcntls_get()
system call.
FLAGS
The following flags may be specified in the fcntlrights argument or returned in the fcntlrightsp argument:
CAP_FCNTL_GETFL- Permit
F_GETFLcommand. CAP_FCNTL_SETFL- Permit
F_SETFLcommand. CAP_FCNTL_GETOWN- Permit
F_GETOWNcommand. CAP_FCNTL_SETOWN- Permit
F_SETOWNcommand.
RETURN VALUES
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.
ERRORS
cap_fcntls_limit() succeeds unless:
- [
EBADF] - The fd argument is not a valid descriptor.
- [
EINVAL] - An invalid flag has been passed in fcntlrights.
- [
ENOTCAPABLE] - fcntlrights would expand the list of allowed fcntl(2) commands.
cap_fcntls_get() succeeds unless:
- [
EBADF] - The fd argument is not a valid descriptor.
- [
EFAULT] - The fcntlrightsp argument points at an invalid address.
SEE ALSO
HISTORY
Support for capabilities and capabilities mode was developed as part of the TrustedBSD Project.
AUTHORS
This function was created by Pawel Jakub Dawidek <pawel@dawidek.net> under sponsorship of the FreeBSD Foundation.