2 .\" Copyright (c) 2012 The FreeBSD Foundation
4 .\" This documentation was written by Pawel Jakub Dawidek under sponsorship
5 .\" the FreeBSD Foundation.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 .Dt CAP_IOCTLS_LIMIT 2
32 .Nm cap_ioctls_limit ,
34 .Nd manage allowed ioctl commands
40 .Fn cap_ioctls_limit "int fd" "const unsigned long *cmds" "size_t ncmds"
42 .Fn cap_ioctls_get "int fd" "unsigned long *cmds" "size_t maxcmds"
44 If a file descriptor is granted the
46 capability right, the list of allowed
48 commands can be selectively reduced (but never expanded) with the
53 argument is an array of
57 argument specifies the number of elements in the array.
60 elements in the array.
61 Including an element that has been previously revoked will generate an error.
62 After a successful call only those listed in the array may be used.
64 The list of allowed ioctl commands for a given file descriptor can be obtained
70 argument points at memory that can hold up to
73 The function populates the provided buffer with up to
75 elements, but always returns the total number of ioctl commands allowed for the
76 given file descriptor.
77 The total number of ioctls commands for the given file descriptor can be
86 If all ioctl commands are allowed
88 capability right is assigned to the file descriptor and the
90 system call was never called for this file descriptor), the
92 system call will return
94 and will not modify the buffer pointed to by the
98 .Rv -std cap_ioctls_limit
102 function, if successful, returns the total number of allowed ioctl commands or
105 if all ioctls commands are allowed.
108 is returned and the global variable errno is set to indicate the error.
114 system calls will fail if:
119 argument is not a valid descriptor.
123 argument points at an invalid address.
125 The running kernel was compiled without
126 .Cd "options CAPABILITY_MODE" .
131 system call may also return the following errors:
136 argument is greater than
138 .It Bq Er ENOTCAPABLE
140 would expand the list of allowed
145 .Xr cap_fcntls_limit 2 ,
146 .Xr cap_rights_limit 2 ,
153 system calls first appeared in
155 Support for capabilities and capabilities mode was developed as part of the
159 This function was created by
160 .An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net
161 under sponsorship of the FreeBSD Foundation.