FreeBSD manual

download PDF document: capsicum_helpers.3.pdf

CAPSICUM_HELPERS(3) FreeBSD Library Functions Manual CAPSICUM_HELPERS(3)
NAME caph_limit_stream, caph_limit_stdin, caph_limit_stderr, caph_limit_stdout, caph_limit_stdio, caph_stream_rights, caph_cache_tzdata, caph_cache_catpages, caph_enter, caph_enter_casper, caph_rights_limit, caph_ioctls_limit, caph_fcntls_limit - set of the capsicum helpers, part of the libcapsicum
LIBRARY library "libcapsicum"
SYNOPSIS #include <capsicum_helpers.h>
int caph_enter(void);
int caph_enter_casper(void);
int caph_rights_limit(int fd, const cap_rights_t *rights);
int caph_ioctls_limit(int fd, const unsigned long *cmds, size_t ncmds);
int caph_fcntls_limit(int fd, uint32_t fcntlrights);
int caph_limit_stream(int fd, int flags);
int caph_limit_stdin(void);
int caph_limit_stderr(void);
int caph_limit_stdout(void);
int caph_limit_stdio(void);
void caph_stream_rights(cap_rights_t *, int flags);
void caph_cache_tzdata(void);
void caph_cache_catpages(void);
DESCRIPTION The caph_enter, caph_rights_limit, caph_ioctls_limit and caph_fcntls_limit are respectively equivalent to cap_enter(2), cap_rights_limit(2), cap_ioctls_limit(2) and cap_fcntls_limit(2), it returns success when the kernel is built without support of the code patterns. The capsicum helpers are part of libcapsicum but there is no need to link to the library.
caph_limit_stream() restricts capabilities on fd to only those needed by POSIX stream objects (that is, FILEs).
These flags can be provided:
CAPH_IGNORE_EBADF Do not return an error if file descriptor is invalid. CAPH_READ Set CAP_READ on limited descriptor. CAPH_WRITE Set CAP_WRITE on limited descriptor.
caph_limit_stdin(), caph_limit_stderr() and caph_limit_stdout() limit standard descriptors using the caph_limit_stream function.
caph_limit_stdio() limits stdin, stderr and stdout.
caph_stream_rights may be used to initialize rights with the same rights that a stream would be limited to, as if caph_limit_stream() had been invoked using the same flags.
caph_cache_tzdata() precaches all timezone data needed to use libc local time functions.
caph_cache_catpages() caches Native Language Support (NLS) data. NLS data is used for localized error printing by strerror(3) and err(3), among others.
SEE ALSO cap_enter(2), cap_rights_limit(2), rights(4)
FreeBSD 14.0-RELEASE-p11 January 2, 2020 FreeBSD 14.0-RELEASE-p11