GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CAPSICUM_HELPERS(3) FreeBSD Library Functions Manual CAPSICUM_HELPERS(3)

caph_limit_stream, caph_limit_stdin, caph_limit_stderr, caph_limit_stdout, caph_limit_stdio, caph_stream_rights, caph_cache_tzdata, caph_cache_catpages, caph_enter, caph_enter_casper, caph_rights_limit, caph_ioctls_limit, caph_fcntls_limit
set of the capsicum helpers, part of the libcapsicum

library “libcapsicum”

#include <capsicum_helpers.h>

int
caph_enter(void);

int
caph_enter_casper(void);

int
caph_rights_limit(int fd, const cap_rights_t *rights);

int
caph_ioctls_limit(int fd, const unsigned long *cmds, size_t ncmds);

int
caph_fcntls_limit(int fd, uint32_t fcntlrights);

int
caph_limit_stream(int fd, int flags);

int
caph_limit_stdin(void);

int
caph_limit_stderr(void);

int
caph_limit_stdout(void);

int
caph_limit_stdio(void);

void
caph_stream_rights(cap_rights_t *, int flags);

void
caph_cache_tzdata(void);

void
caph_cache_catpages(void);

The caph_enter, caph_rights_limit, caph_ioctls_limit and caph_fcntls_limit are respectively equivalent to cap_enter(2), cap_rights_limit(2), cap_ioctls_limit(2) and cap_fcntls_limit(2), it returns success when the kernel is built without support of the capability mode.

The caph_enter_casper is equivalent to the caph_enter it returns success when the system is built without Casper support.

The capsicum helpers are a set of a inline functions which simplify modifying programs to use Capsicum. The goal is to reduce duplicated code patterns. The capsicum helpers are part of libcapsicum but there is no need to link to the library.

caph_limit_stream() restricts capabilities on fd to only those needed by POSIX stream objects (that is, FILEs).

These flags can be provided:

Do not return an error if file descriptor is invalid.
Set CAP_READ on limited descriptor.
Set CAP_WRITE on limited descriptor.

caph_limit_stdin(), caph_limit_stderr() and caph_limit_stdout() limit standard descriptors using the caph_limit_stream function.

caph_limit_stdio() limits stdin, stderr and stdout.

caph_stream_rights may be used to initialize rights with the same rights that a stream would be limited to, as if caph_limit_stream() had been invoked using the same flags.

caph_cache_tzdata() precaches all timezone data needed to use libc local time functions.

caph_cache_catpages() caches Native Language Support (NLS) data. NLS data is used for localized error printing by strerror(3) and err(3), among others.

cap_enter(2), cap_rights_limit(2), rights(4)
January 2, 2020 FreeBSD 13.1-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.