16f62d278SPawel Jakub Dawidek.\" 26f62d278SPawel Jakub Dawidek.\" Copyright (c) 2013 The FreeBSD Foundation 36f62d278SPawel Jakub Dawidek.\" All rights reserved. 46f62d278SPawel Jakub Dawidek.\" 56f62d278SPawel Jakub Dawidek.\" This documentation was written by Pawel Jakub Dawidek under sponsorship 66f62d278SPawel Jakub Dawidek.\" from the FreeBSD Foundation. 76f62d278SPawel Jakub Dawidek.\" 86f62d278SPawel Jakub Dawidek.\" Redistribution and use in source and binary forms, with or without 96f62d278SPawel Jakub Dawidek.\" modification, are permitted provided that the following conditions 106f62d278SPawel Jakub Dawidek.\" are met: 116f62d278SPawel Jakub Dawidek.\" 1. Redistributions of source code must retain the above copyright 126f62d278SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer. 136f62d278SPawel Jakub Dawidek.\" 2. Redistributions in binary form must reproduce the above copyright 146f62d278SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer in the 156f62d278SPawel Jakub Dawidek.\" documentation and/or other materials provided with the distribution. 166f62d278SPawel Jakub Dawidek.\" 176f62d278SPawel Jakub Dawidek.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 186f62d278SPawel Jakub Dawidek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 196f62d278SPawel Jakub Dawidek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 206f62d278SPawel Jakub Dawidek.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 216f62d278SPawel Jakub Dawidek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 226f62d278SPawel Jakub Dawidek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 236f62d278SPawel Jakub Dawidek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 246f62d278SPawel Jakub Dawidek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 256f62d278SPawel Jakub Dawidek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 266f62d278SPawel Jakub Dawidek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 276f62d278SPawel Jakub Dawidek.\" SUCH DAMAGE. 286f62d278SPawel Jakub Dawidek.\" 296f62d278SPawel Jakub Dawidek.\" $FreeBSD$ 306f62d278SPawel Jakub Dawidek.\" 31*cf321a51SRobert Watson.Dd March 27, 2014 326f62d278SPawel Jakub Dawidek.Dt CAP_RIGHTS_GET 3 336f62d278SPawel Jakub Dawidek.Os 346f62d278SPawel Jakub Dawidek.Sh NAME 356f62d278SPawel Jakub Dawidek.Nm cap_rights_get 366f62d278SPawel Jakub Dawidek.Nd obtain capability rights 376f62d278SPawel Jakub Dawidek.Sh LIBRARY 386f62d278SPawel Jakub Dawidek.Lb libc 396f62d278SPawel Jakub Dawidek.Sh SYNOPSIS 40*cf321a51SRobert Watson.In sys/capsicum.h 416f62d278SPawel Jakub Dawidek.Ft int 426f62d278SPawel Jakub Dawidek.Fn cap_rights_get "int fd" "cap_rights_t *rights" 436f62d278SPawel Jakub Dawidek.Sh DESCRIPTION 446f62d278SPawel Jakub DawidekThe 456f62d278SPawel Jakub Dawidek.Nm cap_rights_get 466f62d278SPawel Jakub Dawidekfunction allows to obtain current capability rights for the given descriptor. 476f62d278SPawel Jakub DawidekThe function will fill the 486f62d278SPawel Jakub Dawidek.Fa rights 496f62d278SPawel Jakub Dawidekargument with all capability rights if they were not limited or capability 506f62d278SPawel Jakub Dawidekrights configured during the last successful call of 516f62d278SPawel Jakub Dawidek.Xr cap_rights_limit 2 526f62d278SPawel Jakub Dawidekon the given descriptor. 536f62d278SPawel Jakub Dawidek.Pp 546f62d278SPawel Jakub DawidekThe 556f62d278SPawel Jakub Dawidek.Fa rights 566f62d278SPawel Jakub Dawidekargument can be inspected using 576f62d278SPawel Jakub Dawidek.Xr cap_rights_init 3 586f62d278SPawel Jakub Dawidekfamily of functions. 596f62d278SPawel Jakub Dawidek.Pp 606f62d278SPawel Jakub DawidekThe complete list of the capability rights can be found in the 616f62d278SPawel Jakub Dawidek.Xr rights 4 626f62d278SPawel Jakub Dawidekmanual page. 636f62d278SPawel Jakub Dawidek.Sh RETURN VALUES 646f62d278SPawel Jakub Dawidek.Rv -std 656f62d278SPawel Jakub Dawidek.Sh EXAMPLES 666f62d278SPawel Jakub DawidekThe following example demonstrates how to limit file descriptor capability 676f62d278SPawel Jakub Dawidekrights and how to obtain them. 686f62d278SPawel Jakub Dawidek.Bd -literal 696f62d278SPawel Jakub Dawidekcap_rights_t setrights, getrights; 706f62d278SPawel Jakub Dawidekint fd; 716f62d278SPawel Jakub Dawidek 726f62d278SPawel Jakub Dawidekmemset(&setrights, 0, sizeof(setrights)); 736f62d278SPawel Jakub Dawidekmemset(&getrights, 0, sizeof(getrights)); 746f62d278SPawel Jakub Dawidek 756f62d278SPawel Jakub Dawidekfd = open("/tmp/foo", O_RDONLY); 766f62d278SPawel Jakub Dawidekif (fd < 0) 776f62d278SPawel Jakub Dawidek err(1, "open() failed"); 786f62d278SPawel Jakub Dawidek 796f62d278SPawel Jakub Dawidekcap_rights_init(&setrights, CAP_FSTAT, CAP_READ); 806f62d278SPawel Jakub Dawidekif (cap_rights_limit(fd, &setrights) < 0 && errno != ENOSYS) 816f62d278SPawel Jakub Dawidek err(1, "cap_rights_limit() failed"); 826f62d278SPawel Jakub Dawidek 836f62d278SPawel Jakub Dawidekif (cap_rights_get(fd, &getrights) < 0 && errno != ENOSYS) 846f62d278SPawel Jakub Dawidek err(1, "cap_rights_get() failed"); 856f62d278SPawel Jakub Dawidek 866f62d278SPawel Jakub Dawidekassert(memcmp(&setrights, &getrights, sizeof(setrights)) == 0); 876f62d278SPawel Jakub Dawidek.Ed 886f62d278SPawel Jakub Dawidek.Sh ERRORS 896f62d278SPawel Jakub Dawidek.Fn cap_rights_get 906f62d278SPawel Jakub Dawideksucceeds unless: 916f62d278SPawel Jakub Dawidek.Bl -tag -width Er 926f62d278SPawel Jakub Dawidek.It Bq Er EBADF 936f62d278SPawel Jakub DawidekThe 946f62d278SPawel Jakub Dawidek.Fa fd 956f62d278SPawel Jakub Dawidekargument is not a valid active descriptor. 966f62d278SPawel Jakub Dawidek.It Bq Er EFAULT 976f62d278SPawel Jakub DawidekThe 986f62d278SPawel Jakub Dawidek.Fa rights 996f62d278SPawel Jakub Dawidekargument points at an invalid address. 1006f62d278SPawel Jakub Dawidek.El 1016f62d278SPawel Jakub Dawidek.Sh SEE ALSO 1026f62d278SPawel Jakub Dawidek.Xr cap_rights_limit 2 , 1036f62d278SPawel Jakub Dawidek.Xr cap_rights_init 3 , 1046f62d278SPawel Jakub Dawidek.Xr errno 2 , 1056f62d278SPawel Jakub Dawidek.Xr open 2 , 1066f62d278SPawel Jakub Dawidek.Xr assert 3 , 1076f62d278SPawel Jakub Dawidek.Xr err 3 , 1086f62d278SPawel Jakub Dawidek.Xr memcmp 3 , 1096f62d278SPawel Jakub Dawidek.Xr memset 3 , 1106f62d278SPawel Jakub Dawidek.Xr capsicum 4 , 1116f62d278SPawel Jakub Dawidek.Xr rights 4 1126f62d278SPawel Jakub Dawidek.Sh HISTORY 1136f62d278SPawel Jakub DawidekSupport for capabilities and capabilities mode was developed as part of the 1146f62d278SPawel Jakub Dawidek.Tn TrustedBSD 1156f62d278SPawel Jakub DawidekProject. 1166f62d278SPawel Jakub Dawidek.Sh AUTHORS 1176f62d278SPawel Jakub DawidekThis function was created by 1186f62d278SPawel Jakub Dawidek.An Pawel Jakub Dawidek Aq pawel@dawidek.net 1196f62d278SPawel Jakub Dawidekunder sponsorship of the FreeBSD Foundation. 120