Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CAPSICUM_HELPERS(3)	    Library Functions Manual	   CAPSICUM_HELPERS(3)

NAME
       caph_limit_stream,	  caph_limit_stdin,	    caph_limit_stderr,
       caph_limit_stdout,	 caph_limit_stdio,	   caph_stream_rights,
       caph_cache_tzdata,  caph_cache_catpages,	caph_enter, caph_enter_casper,
       caph_rights_limit, caph_ioctls_limit, caph_fcntls_limit -- set  of  the
       capsicum	helpers, part of the libcapsicum

LIBRARY
       library "libcapsicum"

SYNOPSIS
       #include	<capsicum_helpers.h>

       int
       caph_enter(void);

       int
       caph_enter_casper(void);

       int
       caph_rights_limit(int fd, const cap_rights_t *rights);

       int
       caph_ioctls_limit(int fd, const unsigned	long *cmds, size_t ncmds);

       int
       caph_fcntls_limit(int fd, uint32_t fcntlrights);

       int
       caph_limit_stream(int fd, int flags);

       int
       caph_limit_stdin(void);

       int
       caph_limit_stderr(void);

       int
       caph_limit_stdout(void);

       int
       caph_limit_stdio(void);

       void
       caph_stream_rights(cap_rights_t *, int flags);

       void
       caph_cache_tzdata(void);

       void
       caph_cache_catpages(void);

DESCRIPTION
       The     caph_enter,     caph_rights_limit,     caph_ioctls_limit	   and
       caph_fcntls_limit  are	respectively   equivalent   to	 cap_enter(2),
       cap_rights_limit(2),  cap_ioctls_limit(2)  and  cap_fcntls_limit(2), it
       returns success when the	kernel is built	without	support	of  the	 capa-
       bility mode.

       The  caph_enter_casper  is equivalent to	the caph_enter it returns suc-
       cess when the system is built without Casper support.

       The capsicum helpers are	a set of a  inline  functions  which  simplify
       modifying  programs  to use Capsicum.  The goal is to reduce duplicated
       code patterns.  The capsicum helpers are	part of	libcapsicum but	 there
       is no need to link to the library.

       caph_limit_stream()  restricts  capabilities on fd to only those	needed
       by POSIX	stream objects (that is, FILEs).

       These flags can be provided:

	     CAPH_IGNORE_EBADF	Do not return an error if file	descriptor  is
				invalid.
	     CAPH_READ		Set CAP_READ on	limited	descriptor.
	     CAPH_WRITE		Set CAP_WRITE on limited descriptor.

       caph_limit_stdin(),  caph_limit_stderr()	 and caph_limit_stdout() limit
       standard	descriptors using the caph_limit_stream	function.

       caph_limit_stdio() limits stdin,	stderr and stdout.

       caph_stream_rights may be used  to  initialize  rights  with  the  same
       rights that a stream would be limited to, as if caph_limit_stream() had
       been invoked using the same flags.

       caph_cache_tzdata()  precaches all timezone data	needed to use libc lo-
       cal time	functions.

       caph_cache_catpages() caches Native Language Support (NLS)  data.   NLS
       data  is	 used  for localized error printing by strerror(3) and err(3),
       among others.

SEE ALSO
       cap_enter(2), cap_rights_limit(2), rights(4)

FreeBSD	13.2			January	2, 2020		   CAPSICUM_HELPERS(3)

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | SEE ALSO

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=capsicum_helpers&sektion=3&manpath=FreeBSD+14.0-RELEASE+and+Ports>

home | help