man.bsd.lv manual page server

Manual Page Search Parameters

CAP_FCNTLS_LIMIT(2) System Calls Manual CAP_FCNTLS_LIMIT(2)

cap_fcntls_limit, cap_fcntls_getmanage allowed fcntl commands

library “libc”

#include <sys/capsicum.h>

int
cap_fcntls_limit(int fd, uint32_t fcntlrights);

int
cap_fcntls_get(int fd, uint32_t *fcntlrightsp);

If a file descriptor is granted the CAP_FCNTL capability right, the list of allowed fcntl(2) commands can be selectively reduced (but never expanded) with the () system call.

A bitmask of allowed fcntls commands for a given file descriptor can be obtained with the () system call.

The following flags may be specified in the fcntlrights argument or returned in the fcntlrightsp argument:

Permit F_GETFL command.
Permit F_SETFL command.
Permit F_GETOWN command.
Permit F_SETOWN command.

Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

cap_fcntls_limit() succeeds unless:

[]
The fd argument is not a valid descriptor.
[]
An invalid flag has been passed in fcntlrights.
[]
fcntlrights would expand the list of allowed fcntl(2) commands.

cap_fcntls_get() succeeds unless:

[]
The fd argument is not a valid descriptor.
[]
The fcntlrightsp argument points at an invalid address.

cap_ioctls_limit(2), cap_rights_limit(2), fcntl(2)

Support for capabilities and capabilities mode was developed as part of the TrustedBSD Project.

This function was created by Pawel Jakub Dawidek <pawel@dawidek.net> under sponsorship of the FreeBSD Foundation.

March 27, 2014 FreeBSD-12.0