2 .\" Copyright (c) 2013 The FreeBSD Foundation
4 .\" This documentation was written by Pawel Jakub Dawidek under sponsorship
5 .\" from the FreeBSD Foundation.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 .Nm cap_rights_clear ,
37 .Nm cap_rights_is_set ,
38 .Nm cap_rights_is_valid ,
39 .Nm cap_rights_merge ,
40 .Nm cap_rights_remove ,
41 .Nm cap_rights_contains
42 .Nd manage cap_rights_t structure
48 .Fn cap_rights_init "cap_rights_t *rights" "..."
50 .Fn cap_rights_set "cap_rights_t *rights" "..."
52 .Fn cap_rights_clear "cap_rights_t *rights" "..."
54 .Fn cap_rights_is_set "const cap_rights_t *rights" "..."
56 .Fn cap_rights_is_valid "const cap_rights_t *rights"
58 .Fn cap_rights_merge "cap_rights_t *dst" "const cap_rights_t *src"
60 .Fn cap_rights_remove "cap_rights_t *dst" "const cap_rights_t *src"
62 .Fn cap_rights_contains "const cap_rights_t *big" "const cap_rights_t *little"
64 The functions documented here allow to manage the
68 Capability rights should be separated with comma when passed to the
77 cap_rights_set(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT, CAP_SEEK);
80 The complete list of the capability rights can be found in the
86 function initialize provided
89 Only properly initialized structure can be passed to the remaining functions.
90 For convenience the structure can be filled with capability rights instead of
94 For even more convenience pointer to the given structure is returned, so it can
96 .Xr cap_rights_limit 2 :
100 if (cap_rights_limit(fd, cap_rights_init(&rights, CAP_READ, CAP_WRITE)) < 0)
101 err(1, "Unable to limit capability rights");
106 function adds the given capability rights to the given
112 function removes the given capability rights from the given
117 .Fn cap_rights_is_set
118 function checks if all the given capability rights are set for the given
123 .Fn cap_rights_is_valid
124 function verifies if the given
130 function merges all capability rights present in the
137 .Fn cap_rights_remove
138 function removes all capability rights present in the
145 .Fn cap_rights_contains
146 function checks if the
148 structure contains all capability rights present in the
152 The functions never fail.
153 In case an invalid capability right or an invalid
155 structure is given as an argument, the program will be aborted.
158 .Fn cap_rights_init ,
162 functions return pointer to the
164 structure given in the
171 .Fn cap_rights_remove
172 functions return pointer to the
174 structure given in the
179 .Fn cap_rights_is_set
182 if all the given capability rights are set in the
187 .Fn cap_rights_is_valid
188 function performs various checks to see if the given
190 structure is valid and returns
195 .Fn cap_rights_contains
198 if all capability rights set in the
200 structure are also present in the
204 The following example demonstrates how to prepare a
206 structure to be passed to the
207 .Xr cap_rights_limit 2
213 fd = open("/tmp/foo", O_RDWR);
215 err(1, "open() failed");
217 cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
219 if (allow_write_and_seek)
220 cap_rights_set(&rights, CAP_WRITE, CAP_SEEK);
223 cap_rights_clear(&rights, CAP_SEEK);
225 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
226 err(1, "cap_rights_limit() failed");
229 .Xr cap_rights_limit 2 ,
235 .Fn cap_rights_init ,
237 .Fn cap_rights_clear ,
238 .Fn cap_rights_is_set ,
239 .Fn cap_rights_is_valid ,
240 .Fn cap_rights_merge ,
241 .Fn cap_rights_remove
243 .Fn cap_rights_contains
246 Support for capabilities and capabilities mode was developed as part of the
250 This family of functions was created by
251 .An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net
252 under sponsorship from the FreeBSD Foundation.