2 .\" Copyright (c) 2013 The FreeBSD Foundation
4 .\" This documentation was written by Pawel Jakub Dawidek under sponsorship
5 .\" from the FreeBSD Foundation.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 .Nm cap_rights_clear ,
35 .Nm cap_rights_is_set ,
36 .Nm cap_rights_is_valid ,
37 .Nm cap_rights_merge ,
38 .Nm cap_rights_remove ,
39 .Nm cap_rights_contains
40 .Nd manage cap_rights_t structure
46 .Fn cap_rights_init "cap_rights_t *rights" "..."
48 .Fn cap_rights_set "cap_rights_t *rights" "..."
50 .Fn cap_rights_clear "cap_rights_t *rights" "..."
52 .Fn cap_rights_is_set "const cap_rights_t *rights" "..."
54 .Fn cap_rights_is_valid "const cap_rights_t *rights"
56 .Fn cap_rights_merge "cap_rights_t *dst" "const cap_rights_t *src"
58 .Fn cap_rights_remove "cap_rights_t *dst" "const cap_rights_t *src"
60 .Fn cap_rights_contains "const cap_rights_t *big" "const cap_rights_t *little"
62 The functions documented here allow to manage the
66 Capability rights should be separated with comma when passed to the
75 cap_rights_set(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT, CAP_SEEK);
78 The complete list of the capability rights can be found in the
84 function initialize provided
87 Only properly initialized structure can be passed to the remaining functions.
88 For convenience the structure can be filled with capability rights instead of
92 For even more convenience pointer to the given structure is returned, so it can
94 .Xr cap_rights_limit 2 :
98 if (cap_rights_limit(fd, cap_rights_init(&rights, CAP_READ, CAP_WRITE)) < 0)
99 err(1, "Unable to limit capability rights");
104 function adds the given capability rights to the given
110 function removes the given capability rights from the given
115 .Fn cap_rights_is_set
116 function checks if all the given capability rights are set for the given
121 .Fn cap_rights_is_valid
122 function verifies if the given
128 function merges all capability rights present in the
135 .Fn cap_rights_remove
136 function removes all capability rights present in the
143 .Fn cap_rights_contains
144 function checks if the
146 structure contains all capability rights present in the
150 The functions never fail.
151 In case an invalid capability right or an invalid
153 structure is given as an argument, the program will be aborted.
156 .Fn cap_rights_init ,
160 functions return pointer to the
162 structure given in the
169 .Fn cap_rights_remove
170 functions return pointer to the
172 structure given in the
177 .Fn cap_rights_is_set
180 if all the given capability rights are set in the
185 .Fn cap_rights_is_valid
186 function performs various checks to see if the given
188 structure is valid and returns
193 .Fn cap_rights_contains
196 if all capability rights set in the
198 structure are also present in the
202 The following example demonstrates how to prepare a
204 structure to be passed to the
205 .Xr cap_rights_limit 2
211 fd = open("/tmp/foo", O_RDWR);
213 err(1, "open() failed");
215 cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
217 if (allow_write_and_seek)
218 cap_rights_set(&rights, CAP_WRITE, CAP_SEEK);
221 cap_rights_clear(&rights, CAP_SEEK);
223 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
224 err(1, "cap_rights_limit() failed");
227 .Xr cap_rights_limit 2 ,
233 .Fn cap_rights_init ,
235 .Fn cap_rights_clear ,
236 .Fn cap_rights_is_set ,
237 .Fn cap_rights_is_valid ,
238 .Fn cap_rights_merge ,
239 .Fn cap_rights_remove
241 .Fn cap_rights_contains
244 Support for capabilities and capabilities mode was developed as part of the
248 This family of functions was created by
249 .An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net
250 under sponsorship from the FreeBSD Foundation.