2 .\" Copyright (c) 2008-2010 Robert N. M. Watson
3 .\" Copyright (c) 2012-2013 The FreeBSD Foundation
4 .\" All rights reserved.
6 .\" This software was developed at the University of Cambridge Computer
7 .\" Laboratory with support from a grant from Google, Inc.
9 .\" Portions of this documentation were written by Pawel Jakub Dawidek
10 .\" under sponsorship from the FreeBSD Foundation.
12 .\" Redistribution and use in source and binary forms, with or without
13 .\" modification, are permitted provided that the following conditions
15 .\" 1. Redistributions of source code must retain the above copyright
16 .\" notice, this list of conditions and the following disclaimer.
17 .\" 2. Redistributions in binary form must reproduce the above copyright
18 .\" notice, this list of conditions and the following disclaimer in the
19 .\" documentation and/or other materials provided with the distribution.
21 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 .Dt CAP_RIGHTS_LIMIT 2
39 .Nm cap_rights_limit ,
41 .Nd manage capability rights
47 .Fn cap_rights_limit "int fd" "cap_rights_t rights"
49 .Fn cap_rights_get "int fd" "cap_rights_t *rightsp"
51 When a file descriptor is created by a function such as
63 it is assigned all capability rights.
64 Those rights can be reduced (but never expanded) by using the
67 Once capability rights are reduced, operations on the file descriptor will be
68 limited to those permitted by
71 A bitmask of capability rights assigned to a file descriptor can be obtained with
76 The following rights may be specified in a rights mask:
77 .Bl -tag -width CAP_EXTATTR_DELETE
82 Permit checking of an ACL on a file descriptor; there is no cross-reference
86 .Xr acl_delete_fd_np 3 .
100 Note that sockets can also become bound implicitly as a result of
104 and that socket options set with
106 may also affect binding behavior.
110 This right has to be present on the directory descriptor.
116 with a non-NULL destination address.
120 This right has to be present on the directory descriptor.
127 .\" XXXPJD: Doesn't exist anymore.
134 to be used in monitoring the file descriptor for events.
144 will also be required.
145 .It Dv CAP_EXTATTR_DELETE
147 .Xr extattr_delete_fd 2 .
148 .It Dv CAP_EXTATTR_GET
150 .Xr extattr_get_fd 2 .
151 .It Dv CAP_EXTATTR_LIST
153 .Xr extattr_list_fd 2 .
154 .It Dv CAP_EXTATTR_SET
156 .Xr extattr_set_fd 2 .
193 commands require this capability right.
194 Also note that the list of permitted commands can be further limited with the
195 .Xr cap_fcntls_limit 2
217 Permit UFS background-fsck operations on the descriptor.
256 .It Dv CAP_GETPEERNAME
259 .It Dv CAP_GETSOCKNAME
262 .It Dv CAP_GETSOCKOPT
268 Be aware that this system call has enormous scope, including potentially
269 global scope for some objects.
270 The list of permitted ioctl commands can be further limited with the
271 .Xr cap_ioctls_limit 2
273 .\" XXXPJD: Doesn't exist anymore.
278 is also required on file descriptors that will be monitored using
285 This right is required for the destination directory descriptor.
289 not much use (generally) without
292 Permit the file descriptor to be used as a starting directory for calls such as
382 .\" XXXPJD: Not documented.
383 .It Dv CAP_POLL_EVENT
384 .\" XXXPJD: Not documented.
385 .It Dv CAP_POST_EVENT
406 and related system calls.
413 This right is required for the source directory descriptor.
415 Permit operations that seek on the file descriptor, such as
417 but also required for I/O system calls that can read or write at any position
422 .It Dv CAP_SEM_GETVALUE
436 .It Dv CAP_SETSOCKOPT
439 this controls various aspects of socket behavior and may affect binding,
440 connecting, and other behaviors with global scope.
444 closing the socket will also generally shut down any connections on it.
449 Allow configuration of TTY hooks, such as
451 on the file descriptor.
457 This right is only required for
459 on the destination directory descriptor if the destination object already
460 exists and will be removed by the rename.
474 and related system calls.
477 with a non-NULL connection address,
484 flag, but without the
499 argument is not a valid active descriptor.
501 An invalid right has been requested in
503 .It Bq Er ENOTCAPABLE
505 contains requested rights not present in the current rights mask associated
506 with the given file descriptor.
515 argument is not a valid active descriptor.
519 argument points at an invalid address.
529 .Xr cap_fcntls_limit 2 ,
530 .Xr cap_ioctls_limit 2 ,
531 .Xr cap_rights_limit 2 ,
536 .Xr extattr_delete_fd 2 ,
537 .Xr extattr_get_fd 2 ,
538 .Xr extattr_list_fd 2 ,
539 .Xr extattr_set_fd 2 ,
590 .Xr acl_delete_fd_np 3 ,
592 .Xr acl_get_fd_np 3 ,
593 .Xr acl_set_fd_np 3 ,
605 Support for capabilities and capabilities mode was developed as part of the
609 This function was created by
610 .An Pawel Jakub Dawidek Aq pawel@dawidek.net
611 under sponsorship of the FreeBSD Foundation.
613 This man page should list the set of permitted system calls more specifically
614 for each capability right.
616 Capability rights sometimes have unclear indirect impacts, which should be
617 documented, or at least hinted at.