| /freebsd/lib/libc/capability/ |
| H A D | cap_rights_init.3 | 47 .Fn cap_rights_init "cap_rights_t *rights" "..."
49 .Fn cap_rights_set "cap_rights_t *rights" "..."
51 .Fn cap_rights_clear "cap_rights_t *rights" "..."
53 .Fn cap_rights_is_set "const cap_rights_t *rights" "..."
55 .Fn cap_rights_is_empty "const cap_rights_t *rights"
57 .Fn cap_rights_is_valid "const cap_rights_t *rights"
69 Capability rights should be separated with comma when passed to the
78 cap_rights_set(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT, CAP_SEEK);
81 The complete list of the capability rights can be found in the
82 .Xr rights 4
[all …]
|
| /freebsd/contrib/capsicum-test/ |
| H A D | capsicum-rights.h | 29 * rights manipulation API in terms of original (FreeBSD9.x)
35 /* Rights manipulation macros/functions.
39 #define cap_rights_init(rights, ...) _cap_rights_init((rights), __VA_ARGS__, 0ULL) argument
40 #define cap_rights_set(rights, ...) _cap_rights_set((rights), __VA_ARGS__, 0ULL) argument
41 #define cap_rights_clear(rights, ...) _cap_rights_clear((rights), __VA_ARGS__, 0ULL) argument
42 #define cap_rights_is_set(rights, ...) _cap_rights_is_set((rights), __VA_ARGS__, 0ULL) argument
44 inline cap_rights_t* _cap_rights_init(cap_rights_t *rights, ...) { in _cap_rights_init() argument
47 *rights = 0; in _cap_rights_init()
48 va_start(ap, rights); in _cap_rights_init()
51 *rights |= right; in _cap_rights_init()
[all …]
|
| H A D | capability-fd.cc | 20 /* Utilities for printing rights information */
29 /* Rights that are common to all versions of Capsicum */
111 /* Rights that are only present in some version or some OS, and so are #ifdef'ed */
129 /* Linux-specific rights */
148 /* Rights in later versions of FreeBSD (>10.0) */
154 cap_rights_t rights; in ShowCapRights() local
155 CAP_SET_NONE(&rights); in ShowCapRights()
156 if (cap_rights_get(fd, &rights) < 0) { in ShowCapRights()
157 fprintf(out, "Failed to get rights for fd %d: errno %d\n", fd, errno); in ShowCapRights()
161 /* First print out all known rights */ in ShowCapRights()
[all …]
|
| H A D | capsicum.h | 21 #define CAP_SET_ALL(rights) CAP_ALL(rights) argument
23 #define CAP_SET_ALL(rights) *(rights) = CAP_MASK_VALID argument
29 #define CAP_SET_NONE(rights) CAP_NONE(rights) argument
31 #define CAP_SET_NONE(rights) *(rights) = 0 argument
37 * Define new-style rights in terms of old-style rights if
40 #include "capsicum-rights.h"
122 inline int cap_rights_get(int fd, cap_rights_t *rights) { in cap_rights_get() argument
123 return cap_getrights(fd, rights); in cap_rights_get()
130 inline int cap_rights_limit(int fd, const cap_rights_t *rights) { in cap_rights_limit() argument
131 int cap = cap_new(fd, *rights); in cap_rights_limit()
[all …]
|
| H A D | fcntl.cc | 23 cap_rights_t rights; in FORK_TEST() local
24 cap_rights_init(&rights, CAP_READ, CAP_FCNTL); in FORK_TEST()
48 EXPECT_OK(cap_rights_limit(caps[key], &rights)); in FORK_TEST()
76 // FreeBSD10 FreeBSD9.1: Linux: Rights: Summary:
132 cap_rights_t rights; in CheckFcntl() local
133 cap_rights_init(&rights, right); in CheckFcntl()
136 if (cap_rights_contains(&(fcntl_rights[ii]), &rights)) { in CheckFcntl()
170 // Check the things that need no rights against caps[0]. in TEST()
173 // dup()'ed FD should have same rights. in TEST()
174 cap_rights_t rights; in TEST() local
[all …]
|
| H A D | ioctl.cc | 52 // Expect to have all primary rights. in TEST()
53 cap_rights_t rights; in TEST() local
54 EXPECT_OK(cap_rights_get(fd, &rights)); in TEST()
57 EXPECT_RIGHTS_EQ(&all, &rights); in TEST()
75 cap_rights_t rights; in TEST() local
76 cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_IOCTL); in TEST()
77 EXPECT_OK(cap_rights_limit(fd, &rights)); in TEST()
85 EXPECT_RIGHTS_EQ(&rights, &cur_rights); in TEST()
91 // Limiting the top-level rights leaves the subrights unaffected... in TEST()
92 cap_rights_clear(&rights, CAP_READ); in TEST()
[all …]
|
| /freebsd/sys/kern/ |
| H A D | subr_capability.c | 174 cap_rights_vset(cap_rights_t *rights, va_list ap) in cap_rights_vset() argument
179 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00); in cap_rights_vset()
181 n = CAPARSIZE(rights); in cap_rights_vset()
192 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vset()
193 rights->cr_rights[i] |= right; in cap_rights_vset()
194 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vset()
199 cap_rights_vclear(cap_rights_t *rights, va_list ap) in cap_rights_vclear() argument
204 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00); in cap_rights_vclear()
206 n = CAPARSIZE(rights); in cap_rights_vclear()
217 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vclear()
[all …]
|
| H A D | sys_capability.c | 7 * All rights reserved.
49 * rights mask set when the capability is created. New capabilities may be
51 * strict subset of the rights on the original capability.
160 const cap_rights_t rights[] = { *needp, *havep }; in _cap_check() local
164 ktrcapfail(type, rights); in _cap_check()
171 * Test whether a capability grants the requested rights.
183 const cap_rights_t rights[] = { *needp, *havep }; in cap_check_failed_notcapable() local
186 ktrcapfail(CAPFAIL_NOTCAPABLE, rights); in cap_check_failed_notcapable()
191 * Convert capability rights into VM access flags.
210 * Extract rights from a capability for monitoring purposes -- not for use in
[all …]
|
| /freebsd/lib/libsys/ |
| H A D | cap_rights_limit.2 | 4 .\" All rights reserved.
38 .Nd limit capability rights
44 .Fn cap_rights_limit "int fd" "const cap_rights_t *rights"
57 it is assigned all capability rights; for
62 it inherits capability rights from the "parent" file descriptor.
63 Those rights can be reduced (but never expanded) by using the
66 Once capability rights are reduced, operations on the file descriptor will be
68 .Fa rights .
71 .Fa rights
76 Capability rights assigne
[all...] |
| /freebsd/lib/libsysdecode/tests/ |
| H A D | sysdecode_test.c | 39 * Take a comma-separated list of capability rights and verify that all rights
40 * are present in the specified table, and that all rights in the table are
91 cap_rights_t rights; in ATF_TC_BODY() local
97 * libsysdecode emits a pseudo-right, CAP_NONE, when no rights are in ATF_TC_BODY()
101 cap_rights_init(&rights), in ATF_TC_BODY()
105 cap_rights_init(&rights, CAP_READ, CAP_SEEK), in ATF_TC_BODY()
109 cap_rights_init(&rights, CAP_READ, CAP_MMAP, CAP_SEEK_TELL), in ATF_TC_BODY()
113 cap_rights_init(&rights, CAP_MMAP, CAP_READ, CAP_WRITE, CAP_SEEK), in ATF_TC_BODY()
117 cap_rights_init(&rights, CAP_READ, CAP_MMAP_X), in ATF_TC_BODY()
122 cap_rights_init(&rights, CAP_RECV, CAP_SEND), in ATF_TC_BODY()
[all …]
|
| /freebsd/crypto/openssl/doc/man7/ |
| H A D | proxy-certificates.pod | 12 extend rights to some other entity (a computer process, typically, or
104 Note that the proxy policy value is what determines the rights granted
134 some default rights (perhaps none at all), then compute the resulting
135 rights by checking the rights against the chain of proxy certificates,
179 * In this example, I will use a view of granted rights as a bit
183 unsigned char rights[(total_rights + 7) / 8];
223 YOUR_RIGHTS *rights =
232 * Do whatever you need to grant explicit rights
235 * are none to be found, clear all rights (making
237 * of any rights).
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man7/ |
| H A D | proxy-certificates.7 | 144 extend rights to some other entity (a computer process, typically, or
227 Note that the proxy policy value is what determines the rights granted
260 some default rights (perhaps none at all), then compute the resulting
261 rights by checking the rights against the chain of proxy certificates,
294 \& * In this example, I will use a view of granted rights as a bit
298 \& unsigned char rights[(total_rights + 7) / 8];
338 \& YOUR_RIGHTS *rights =
347 \& * Do whatever you need to grant explicit rights
350 \& * are none to be found, clear all rights (making
352 \& * of any rights).
[all …]
|
| /freebsd/lib/libc/gen/ |
| H A D | cap_rights_get.3 | 33 .Nd obtain capability rights
39 .Fn cap_rights_get "int fd" "cap_rights_t *rights"
43 function allows to obtain current capability rights for the given descriptor.
45 .Fa rights
46 argument with all capability rights if they were not limited or capability
47 rights configured during the last successful call of
52 .Fa rights
57 The complete list of the capability rights can be found in the
58 .Xr rights 4
64 rights and how to obtain them.
[all …]
|
| /freebsd/lib/libcasper/services/cap_fileargs/tests/ |
| H A D | fileargs_test.c | 217 test_file_cap(int fd, cap_rights_t *rights) in test_file_cap() argument
223 return (cap_rights_contains(&fdrights, rights)); in test_file_cap()
285 cap_rights_t rights, norights; in ATF_TC_BODY() local
294 cap_rights_init(&rights, CAP_READ, CAP_FCNTL); in ATF_TC_BODY()
296 fa = fileargs_init(MAX_FILES, files, O_RDONLY, 0, &rights, in ATF_TC_BODY()
308 ATF_REQUIRE(test_file_cap(fd, &rights) == true); in ATF_TC_BODY()
332 cap_rights_t rights, norights; in ATF_TC_BODY() local
341 cap_rights_init(&rights, CAP_WRITE, CAP_FCNTL); in ATF_TC_BODY()
343 fa = fileargs_init(MAX_FILES, files, O_WRONLY, 0, &rights, in ATF_TC_BODY()
355 ATF_REQUIRE(test_file_cap(fd, &rights) == true); in ATF_TC_BODY()
[all …]
|
| /freebsd/sys/sys/ |
| H A D | capsicum.h | 6 * All rights reserved.
55 * Possible rights on capabilities.
239 /* Strange and powerful rights that should not be given lightly. */
293 #define CAP_ALL(rights) do { \ argument
294 (rights)->cr_rights[0] = \
296 (rights)->cr_rights[1] = CAP_ALL1; \
299 #define CAP_NONE(rights) do { \ argument
300 (rights)->cr_rights[0] = \
302 (rights)->cr_rights[1] = CAPRIGHT(1, 0ULL); \
306 #define CAPVER(rights) CAPRVER((rights)->cr_rights[0]) argument
[all …]
|
| /freebsd/share/man/man4/ |
| H A D | rights.4 | 4 .\" All rights reserved.
37 .Nm Capability rights
38 .Nd Capsicum capability rights for file descriptors
51 it is assigned all capability rights; for
56 it inherits capability rights from the "parent" file descriptor.
57 Those rights can be reduced (but never expanded) by using the
62 Once capability rights are reduced, operations on the file descriptor will be
63 limited to those permitted by rights.
65 The complete list of capability rights is provided below.
68 type is used to store list of capability rights.
[all …]
|
| /freebsd/contrib/llvm-project/llvm/lib/Support/BLAKE3/ |
| H A D | LICENSE | 22 exclusive Copyright and Related Rights (defined below) upon the creator
26 Certain owners wish to permanently relinquish those rights to a Work for
40 is an owner of Copyright and Related Rights in the Work, voluntarily
42 terms, with knowledge of his or her Copyright and Related Rights in the
43 Work and the meaning and intended legal effect of CC0 on those rights.
45 1. Copyright and Related Rights. A Work made available under CC0 may be
46 protected by copyright and related or neighboring rights ("Copyright and
47 Related Rights"). Copyright and Related Rights include, but are not
52 ii. moral rights retained by the original author(s) and/or performer(s);
53 iii. publicity and privacy rights pertaining to a person's image or
[all …]
|
| /freebsd/lib/libcapsicum/ |
| H A D | capsicum_helpers.h | 3 * All rights reserved.
64 caph_stream_rights(cap_rights_t *rights, int flags) in caph_stream_rights() argument
67 cap_rights_init(rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT, in caph_stream_rights()
71 cap_rights_set(rights, CAP_READ); in caph_stream_rights()
73 cap_rights_set(rights, CAP_WRITE); in caph_stream_rights()
75 cap_rights_set(rights, CAP_LOOKUP); in caph_stream_rights()
81 cap_rights_t rights; in caph_limit_stream() local
83 caph_stream_rights(&rights, flags); in caph_limit_stream()
84 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) { in caph_limit_stream()
167 caph_rights_limit(int fd, const cap_rights_t *rights)
158 caph_rights_limit(int fd,const cap_rights_t * rights) caph_rights_limit() argument
[all...] |
| /freebsd/crypto/openssh/ |
| H A D | sandbox-capsicum.c | 43 * limits rights on stdout, stdin, stderr, monitor and switches to
73 cap_rights_t rights; in ssh_sandbox_child() local
93 cap_rights_init(&rights); in ssh_sandbox_child()
95 if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
97 if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
99 if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
102 cap_rights_init(&rights, CAP_READ, CAP_WRITE); in ssh_sandbox_child()
103 if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 && in ssh_sandbox_child()
106 cap_rights_init(&rights, CAP_WRITE); in ssh_sandbox_child()
107 if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) < 0 && in ssh_sandbox_child()
|
| /freebsd/tools/regression/security/cap_test/ |
| H A D | cap_test.h | 4 * All rights reserved.
109 /* Ensure that 'rights' are a subset of 'max'. */
110 #define CHECK_RIGHTS(rights, max) do { \ argument
111 if ((success == PASSED) && (rights != max)) \
112 FAILX("Rights of opened file (%jx) > maximum (%jx)", \
113 (cap_rights_t) rights, (cap_rights_t) max); \
117 #define MAKE_CAPABILITY(to, from, rights) do { \ argument
119 REQUIRE(to = cap_new(from, rights)); \
121 if ((success == PASSED) && (_rights != (rights))) \
122 FAILX("New capability's rights (%jx) != %jx", \
[all …]
|
| H A D | cap_test_relative.c | 4 * All rights reserved.
56 cap_rights_t rights; in test_relative() local
59 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc, &rights); in test_relative()
60 CHECK_RIGHTS(rights, CAP_ALL); in test_relative()
98 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc_cap_base, &rights); in test_relative()
101 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
102 CHECK_RIGHTS(rights, baserights); in test_relative()
137 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
143 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
144 CHECK_RIGHTS(rights, baserights); in test_relative()
|
| /freebsd/sys/contrib/openzfs/man/man8/ |
| H A D | zfs-jail.8 | 21 .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
23 .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
28 .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
29 .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
33 .\" Copyright (c) 2014-2015, The FreeBSD Foundation, All Rights Reserved.
34 .\" Copyright (c) 2016 Nexenta Systems, Inc. All Rights Reserved.
35 .\" Copyright 2019 Richard Laager. All rights reserved.
|
| H A D | zfs-zone.8 | 21 .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
23 .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
28 .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
29 .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
33 .\" Copyright (c) 2014-2015, The FreeBSD Foundation, All Rights Reserved.
34 .\" Copyright (c) 2016 Nexenta Systems, Inc. All Rights Reserved.
35 .\" Copyright 2019 Richard Laager. All rights reserved.
|
| H A D | zfs-unjail.8 | 21 .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
23 .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
28 .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
29 .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
33 .\" Copyright (c) 2014-2015, The FreeBSD Foundation, All Rights Reserved.
34 .\" Copyright (c) 2016 Nexenta Systems, Inc. All Rights Reserved.
35 .\" Copyright 2019 Richard Laager. All rights reserved.
|
| H A D | zfs-unzone.8 | 21 .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
23 .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
28 .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
29 .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
30 .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
33 .\" Copyright (c) 2014-2015, The FreeBSD Foundation, All Rights Reserved.
34 .\" Copyright (c) 2016 Nexenta Systems, Inc. All Rights Reserved.
35 .\" Copyright 2019 Richard Laager. All rights reserved.
|