2 .\" Copyright (c) 2013 The FreeBSD Foundation
3 .\" All rights reserved.
5 .\" This documentation was written by Pawel Jakub Dawidek under sponsorship
6 .\" from the FreeBSD Foundation.
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted provided that the following conditions
11 .\" 1. Redistributions of source code must retain the above copyright
12 .\" notice, this list of conditions and the following disclaimer.
13 .\" 2. Redistributions in binary form must reproduce the above copyright
14 .\" notice, this list of conditions and the following disclaimer in the
15 .\" documentation and/or other materials provided with the distribution.
17 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 .Dd September 23, 2013
37 .Nm cap_rights_clear ,
38 .Nm cap_rights_is_set ,
39 .Nm cap_rights_is_valid ,
40 .Nm cap_rights_merge ,
41 .Nm cap_rights_remove ,
42 .Nm cap_rights_contains
43 .Nd manage cap_rights_t structure
49 .Fn cap_rights_init "cap_rights_t *rights" "..."
51 .Fn cap_rights_set "cap_rights_t *rights" "..."
53 .Fn cap_rights_clear "cap_rights_t *rights" "..."
55 .Fn cap_rights_is_set "const cap_rights_t *rights" "..."
57 .Fn cap_rights_is_valid "const cap_rights_t *rights"
59 .Fn cap_rights_merge "cap_rights_t *dst" "const cap_rights_t *src"
61 .Fn cap_rights_remove "cap_rights_t *dst" "const cap_rights_t *src"
63 .Fn cap_rights_contains "const cap_rights_t *big" "const cap_rights_t *little"
65 The functions documented here allow to manage the
69 Capability rights should be separated with comma when passed to the
78 cap_rights_set(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT, CAP_SEEK);
81 The complete list of the capability rights can be found in the
87 function initialize provided
90 Only properly initialized structure can be passed to the remaining functions.
91 For convenience the structure can be filled with capability rights instead of
95 For even more convenience pointer to the given structure is returned, so it can
97 .Xr cap_rights_limit 2 :
101 if (cap_rights_limit(fd, cap_rights_init(&rights, CAP_READ, CAP_WRITE)) < 0)
102 err(1, "Unable to limit capability rights");
107 function adds the given capability rights to the given
113 function removes the given capability rights from the given
118 .Fn cap_rights_is_set
119 function checks if all the given capability rights are set for the given
124 .Fn cap_rights_is_valid
125 function verifies if the given
131 function merges all capability rights present in the
138 .Fn cap_rights_remove
139 function removes all capability rights present in the
146 .Fn cap_rights_contains
147 function checks if the
149 structure contains all capability rights present in the
153 The functions never fail.
154 In case an invalid capability right or an invalid
156 structure is given as an argument, the program will be aborted.
159 .Fn cap_rights_init ,
163 functions return pointer to the
165 structure given in the
172 .Fn cap_rights_remove
173 functions return pointer to the
175 structure given in the
180 .Fn cap_rights_is_set
183 if all the given capability rights are set in the
188 .Fn cap_rights_is_valid
189 function performs various checks to see if the given
191 structure is valid and returns
196 .Fn cap_rights_contains
199 if all capability rights set in the
201 structure are also present in the
205 The following example demonstrates how to prepare a
207 structure to be passed to the
208 .Xr cap_rights_limit 2
214 fd = open("/tmp/foo", O_RDWR);
216 err(1, "open() failed");
218 cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
220 if (allow_write_and_seek)
221 cap_rights_set(&rights, CAP_WRITE, CAP_SEEK);
224 cap_rights_clear(&rights, CAP_SEEK);
226 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
227 err(1, "cap_rights_limit() failed");
230 .Xr cap_rights_limit 2 ,
235 Support for capabilities and capabilities mode was developed as part of the
239 This family of functions was created by
240 .An Pawel Jakub Dawidek Aq pawel@dawidek.net
241 under sponsorship from the FreeBSD Foundation.