16f62d278SPawel Jakub Dawidek.\" 26f62d278SPawel Jakub Dawidek.\" Copyright (c) 2013 The FreeBSD Foundation 36f62d278SPawel Jakub Dawidek.\" 46f62d278SPawel Jakub Dawidek.\" This documentation was written by Pawel Jakub Dawidek under sponsorship 56f62d278SPawel Jakub Dawidek.\" from the FreeBSD Foundation. 66f62d278SPawel Jakub Dawidek.\" 76f62d278SPawel Jakub Dawidek.\" Redistribution and use in source and binary forms, with or without 86f62d278SPawel Jakub Dawidek.\" modification, are permitted provided that the following conditions 96f62d278SPawel Jakub Dawidek.\" are met: 106f62d278SPawel Jakub Dawidek.\" 1. Redistributions of source code must retain the above copyright 116f62d278SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer. 126f62d278SPawel Jakub Dawidek.\" 2. Redistributions in binary form must reproduce the above copyright 136f62d278SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer in the 146f62d278SPawel Jakub Dawidek.\" documentation and/or other materials provided with the distribution. 156f62d278SPawel Jakub Dawidek.\" 166f62d278SPawel Jakub Dawidek.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 176f62d278SPawel Jakub Dawidek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 186f62d278SPawel Jakub Dawidek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 196f62d278SPawel Jakub Dawidek.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 206f62d278SPawel Jakub Dawidek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 216f62d278SPawel Jakub Dawidek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 226f62d278SPawel Jakub Dawidek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 236f62d278SPawel Jakub Dawidek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 246f62d278SPawel Jakub Dawidek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 256f62d278SPawel Jakub Dawidek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 266f62d278SPawel Jakub Dawidek.\" SUCH DAMAGE. 276f62d278SPawel Jakub Dawidek.\" 28*421f325eSGordon Bergling.Dd May 5, 2020 296f62d278SPawel Jakub Dawidek.Dt CAP_RIGHTS_GET 3 306f62d278SPawel Jakub Dawidek.Os 316f62d278SPawel Jakub Dawidek.Sh NAME 326f62d278SPawel Jakub Dawidek.Nm cap_rights_get 336f62d278SPawel Jakub Dawidek.Nd obtain capability rights 346f62d278SPawel Jakub Dawidek.Sh LIBRARY 356f62d278SPawel Jakub Dawidek.Lb libc 366f62d278SPawel Jakub Dawidek.Sh SYNOPSIS 37cf321a51SRobert Watson.In sys/capsicum.h 386f62d278SPawel Jakub Dawidek.Ft int 396f62d278SPawel Jakub Dawidek.Fn cap_rights_get "int fd" "cap_rights_t *rights" 406f62d278SPawel Jakub Dawidek.Sh DESCRIPTION 416f62d278SPawel Jakub DawidekThe 426f62d278SPawel Jakub Dawidek.Nm cap_rights_get 436f62d278SPawel Jakub Dawidekfunction allows to obtain current capability rights for the given descriptor. 446f62d278SPawel Jakub DawidekThe function will fill the 456f62d278SPawel Jakub Dawidek.Fa rights 466f62d278SPawel Jakub Dawidekargument with all capability rights if they were not limited or capability 476f62d278SPawel Jakub Dawidekrights configured during the last successful call of 486f62d278SPawel Jakub Dawidek.Xr cap_rights_limit 2 496f62d278SPawel Jakub Dawidekon the given descriptor. 506f62d278SPawel Jakub Dawidek.Pp 516f62d278SPawel Jakub DawidekThe 526f62d278SPawel Jakub Dawidek.Fa rights 536f62d278SPawel Jakub Dawidekargument can be inspected using 546f62d278SPawel Jakub Dawidek.Xr cap_rights_init 3 556f62d278SPawel Jakub Dawidekfamily of functions. 566f62d278SPawel Jakub Dawidek.Pp 576f62d278SPawel Jakub DawidekThe complete list of the capability rights can be found in the 586f62d278SPawel Jakub Dawidek.Xr rights 4 596f62d278SPawel Jakub Dawidekmanual page. 606f62d278SPawel Jakub Dawidek.Sh RETURN VALUES 616f62d278SPawel Jakub Dawidek.Rv -std 626f62d278SPawel Jakub Dawidek.Sh EXAMPLES 636f62d278SPawel Jakub DawidekThe following example demonstrates how to limit file descriptor capability 646f62d278SPawel Jakub Dawidekrights and how to obtain them. 656f62d278SPawel Jakub Dawidek.Bd -literal 666f62d278SPawel Jakub Dawidekcap_rights_t setrights, getrights; 676f62d278SPawel Jakub Dawidekint fd; 686f62d278SPawel Jakub Dawidek 696f62d278SPawel Jakub Dawidekmemset(&setrights, 0, sizeof(setrights)); 706f62d278SPawel Jakub Dawidekmemset(&getrights, 0, sizeof(getrights)); 716f62d278SPawel Jakub Dawidek 726f62d278SPawel Jakub Dawidekfd = open("/tmp/foo", O_RDONLY); 736f62d278SPawel Jakub Dawidekif (fd < 0) 746f62d278SPawel Jakub Dawidek err(1, "open() failed"); 756f62d278SPawel Jakub Dawidek 766f62d278SPawel Jakub Dawidekcap_rights_init(&setrights, CAP_FSTAT, CAP_READ); 776f62d278SPawel Jakub Dawidekif (cap_rights_limit(fd, &setrights) < 0 && errno != ENOSYS) 786f62d278SPawel Jakub Dawidek err(1, "cap_rights_limit() failed"); 796f62d278SPawel Jakub Dawidek 806f62d278SPawel Jakub Dawidekif (cap_rights_get(fd, &getrights) < 0 && errno != ENOSYS) 816f62d278SPawel Jakub Dawidek err(1, "cap_rights_get() failed"); 826f62d278SPawel Jakub Dawidek 836f62d278SPawel Jakub Dawidekassert(memcmp(&setrights, &getrights, sizeof(setrights)) == 0); 846f62d278SPawel Jakub Dawidek.Ed 856f62d278SPawel Jakub Dawidek.Sh ERRORS 866f62d278SPawel Jakub Dawidek.Fn cap_rights_get 876f62d278SPawel Jakub Dawideksucceeds unless: 886f62d278SPawel Jakub Dawidek.Bl -tag -width Er 896f62d278SPawel Jakub Dawidek.It Bq Er EBADF 906f62d278SPawel Jakub DawidekThe 916f62d278SPawel Jakub Dawidek.Fa fd 926f62d278SPawel Jakub Dawidekargument is not a valid active descriptor. 936f62d278SPawel Jakub Dawidek.It Bq Er EFAULT 946f62d278SPawel Jakub DawidekThe 956f62d278SPawel Jakub Dawidek.Fa rights 966f62d278SPawel Jakub Dawidekargument points at an invalid address. 976f62d278SPawel Jakub Dawidek.El 986f62d278SPawel Jakub Dawidek.Sh SEE ALSO 996f62d278SPawel Jakub Dawidek.Xr cap_rights_limit 2 , 1006f62d278SPawel Jakub Dawidek.Xr errno 2 , 1016f62d278SPawel Jakub Dawidek.Xr open 2 , 1026f62d278SPawel Jakub Dawidek.Xr assert 3 , 1030aee91e1SChristian Brueffer.Xr cap_rights_init 3 , 1046f62d278SPawel Jakub Dawidek.Xr err 3 , 1056f62d278SPawel Jakub Dawidek.Xr memcmp 3 , 1066f62d278SPawel Jakub Dawidek.Xr memset 3 , 1076f62d278SPawel Jakub Dawidek.Xr capsicum 4 , 1086f62d278SPawel Jakub Dawidek.Xr rights 4 1096f62d278SPawel Jakub Dawidek.Sh HISTORY 110*421f325eSGordon BerglingThe 111*421f325eSGordon Bergling.Fn cap_rights_get 112*421f325eSGordon Berglingfunction first appeared in 113*421f325eSGordon Bergling.Fx 9.2 . 1146f62d278SPawel Jakub DawidekSupport for capabilities and capabilities mode was developed as part of the 1156f62d278SPawel Jakub Dawidek.Tn TrustedBSD 1166f62d278SPawel Jakub DawidekProject. 1176f62d278SPawel Jakub Dawidek.Sh AUTHORS 1186f62d278SPawel Jakub DawidekThis function was created by 1198fbf3d50SBaptiste Daroussin.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net 1206f62d278SPawel Jakub Dawidekunder sponsorship of the FreeBSD Foundation. 121