Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CAPSICUM_HELPERS(3)	 BSD Library Functions Manual	   CAPSICUM_HELPERS(3)

NAME
     caph_limit_stream,	caph_limit_stdin, caph_limit_stderr,
     caph_limit_stdout,	caph_limit_stdio, caph_cache_tzdata,
     caph_cache_catpages, caph_enter, caph_enter_casper, caph_rights_limit,
     caph_ioctls_limit,	caph_fcntls_limit -- set of the	capsicum helpers, part
     of	the libcapsicum

LIBRARY
     library "libcapsicum"

SYNOPSIS
     #include <capsicum_helpers.h>

     int
     caph_enter(void);

     int
     caph_enter_casper(void);

     int
     caph_rights_limit(inf fd, const cap_righst_t *rights);

     int
     caph_ioctls_limit(inf fd, const unsigned long *cmds, size_t ncmds);

     int
     caph_fcntls_limit(inf fd, uint32_t	fcntlrights);

     int
     caph_limit_stdin(void);

     int
     caph_limit_stderr(void);

     int
     caph_limit_stdout(void);

     int
     caph_limit_stdio(void);

     void
     caph_cache_tzdata(void);

     void
     caph_cache_catpages(void);

DESCRIPTION
     The caph_enter, caph_rights_limit,	caph_ioctls_limit and
     caph_fcntls_limit are respectively	equivalent to cap_enter(2),
     cap_rights_limit(2), cap_ioctls_limit(2) and cap_fcntls_limit(2), it re-
     turns success when	the kernel is built without support of the capability
     mode.

     The caph_enter_casper is equivalent to the	caph_enter it returns success
     when the system is	built without Casper support.

     The capsicum helpers are a	set of a inline	functions which	simplify modi-
     fying programs to use Capsicum.  The goal is to reduce duplicated code
     patterns.	The capsicum helpers are part of libcapsicum but there is no
     need to link to the library.

     caph_limit_stream() restricts capabilities	on fd to only those needed by
     POSIX stream objects (that	is, FILEs).

     These flags can be	provided:

	   CAPH_IGNORE_EBADF  Do not return an error if	file descriptor	is in-
			      valid.
	   CAPH_READ	      Set CAP_READ on limited descriptor.
	   CAPH_WRITE	      Set CAP_WRITE on limited descriptor.

     caph_limit_stdin(), caph_limit_stderr() and caph_limit_stdout() limit
     standard descriptors using	the caph_limit_stream function.

     caph_limit_stdio()	limits stdin, stderr and stdout.

     caph_cache_tzdata() precaches all timezone	data needed to use libc	local
     time functions.

     caph_cache_catpages() caches Native Language Support (NLS)	data.  NLS
     data is used for localized	error printing by strerror(3) and err(3),
     among others.

SEE ALSO
     cap_enter(2), cap_rights_limit(2),	rights(4)

BSD			       November	4, 2018				   BSD

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=caph_limit_stream&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help