1c3eed03dSMariusz Zaborski.\" Copyright (c) 2016 Mariusz Zaborski <oshogbo@FreeBSD.org> 2c3eed03dSMariusz Zaborski.\" All rights reserved. 3c3eed03dSMariusz Zaborski.\" 4c3eed03dSMariusz Zaborski.\" Redistribution and use in source and binary forms, with or without 5c3eed03dSMariusz Zaborski.\" modification, are permitted provided that the following conditions 6c3eed03dSMariusz Zaborski.\" are met: 7c3eed03dSMariusz Zaborski.\" 1. Redistributions of source code must retain the above copyright 8c3eed03dSMariusz Zaborski.\" notice, this list of conditions and the following disclaimer. 9c3eed03dSMariusz Zaborski.\" 2. Redistributions in binary form must reproduce the above copyright 10c3eed03dSMariusz Zaborski.\" notice, this list of conditions and the following disclaimer in the 11c3eed03dSMariusz Zaborski.\" documentation and/or other materials provided with the distribution. 12c3eed03dSMariusz Zaborski.\" 13c3eed03dSMariusz Zaborski.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14c3eed03dSMariusz Zaborski.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15c3eed03dSMariusz Zaborski.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16c3eed03dSMariusz Zaborski.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17c3eed03dSMariusz Zaborski.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18c3eed03dSMariusz Zaborski.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19c3eed03dSMariusz Zaborski.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20c3eed03dSMariusz Zaborski.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21c3eed03dSMariusz Zaborski.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22c3eed03dSMariusz Zaborski.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23c3eed03dSMariusz Zaborski.\" SUCH DAMAGE. 24c3eed03dSMariusz Zaborski.\" 25*3cb6c6c9SMariusz Zaborski.Dd May 16, 2024 26c3eed03dSMariusz Zaborski.Dt CAPSICUM_HELPERS 3 27c3eed03dSMariusz Zaborski.Os 28c3eed03dSMariusz Zaborski.Sh NAME 29c3eed03dSMariusz Zaborski.Nm caph_limit_stream , 30c3eed03dSMariusz Zaborski.Nm caph_limit_stdin , 31c3eed03dSMariusz Zaborski.Nm caph_limit_stderr , 32c3eed03dSMariusz Zaborski.Nm caph_limit_stdout , 33c3eed03dSMariusz Zaborski.Nm caph_limit_stdio , 34990beb03SKyle Evans.Nm caph_stream_rights , 35c3eed03dSMariusz Zaborski.Nm caph_cache_tzdata , 365a453d5fSMariusz Zaborski.Nm caph_cache_catpages , 375a453d5fSMariusz Zaborski.Nm caph_enter , 385a453d5fSMariusz Zaborski.Nm caph_enter_casper , 395a453d5fSMariusz Zaborski.Nm caph_rights_limit , 405a453d5fSMariusz Zaborski.Nm caph_ioctls_limit , 415a453d5fSMariusz Zaborski.Nm caph_fcntls_limit 42a304238bSMariusz Zaborski.Nd "set of the capsicum helpers, part of the libcapsicum" 43c3eed03dSMariusz Zaborski.Sh LIBRARY 44c3eed03dSMariusz Zaborski.Lb libcapsicum 45c3eed03dSMariusz Zaborski.Sh SYNOPSIS 46c3eed03dSMariusz Zaborski.In capsicum_helpers.h 47c3eed03dSMariusz Zaborski.Ft int 48cfb13e0aSMariusz Zaborski.Fn caph_enter "void" 49cfb13e0aSMariusz Zaborski.Ft int 50cfb13e0aSMariusz Zaborski.Fn caph_enter_casper "void" 51cfb13e0aSMariusz Zaborski.Ft int 52990beb03SKyle Evans.Fn caph_rights_limit "int fd" "const cap_rights_t *rights" 535a453d5fSMariusz Zaborski.Ft int 54504b5801SMark Johnston.Fn caph_ioctls_limit "int fd" "const unsigned long *cmds" "size_t ncmds" 555a453d5fSMariusz Zaborski.Ft int 56504b5801SMark Johnston.Fn caph_fcntls_limit "int fd" "uint32_t fcntlrights" 57504b5801SMark Johnston.Ft int 58504b5801SMark Johnston.Fn caph_limit_stream "int fd" "int flags" 59c3eed03dSMariusz Zaborski.Ft int 60c3eed03dSMariusz Zaborski.Fn caph_limit_stdin "void" 61c3eed03dSMariusz Zaborski.Ft int 62c3eed03dSMariusz Zaborski.Fn caph_limit_stderr "void" 63c3eed03dSMariusz Zaborski.Ft int 64c3eed03dSMariusz Zaborski.Fn caph_limit_stdout "void" 65c3eed03dSMariusz Zaborski.Ft int 66c3eed03dSMariusz Zaborski.Fn caph_limit_stdio "void" 67c3eed03dSMariusz Zaborski.Ft void 68990beb03SKyle Evans.Fn caph_stream_rights "cap_rights_t *" "int flags" 69990beb03SKyle Evans.Ft void 70c3eed03dSMariusz Zaborski.Fn caph_cache_tzdata "void" 71c3eed03dSMariusz Zaborski.Ft void 72c3eed03dSMariusz Zaborski.Fn caph_cache_catpages "void" 73c3eed03dSMariusz Zaborski.Sh DESCRIPTION 74c3eed03dSMariusz ZaborskiThe 755a453d5fSMariusz Zaborski.Nm caph_enter , 765a453d5fSMariusz Zaborski.Nm caph_rights_limit , 775a453d5fSMariusz Zaborski.Nm caph_ioctls_limit 785a453d5fSMariusz Zaborskiand 795a453d5fSMariusz Zaborski.Nm caph_fcntls_limit 805a453d5fSMariusz Zaborskiare respectively equivalent to 815a453d5fSMariusz Zaborski.Xr cap_enter 2 , 825a453d5fSMariusz Zaborski.Xr cap_rights_limit 2 , 835a453d5fSMariusz Zaborski.Xr cap_ioctls_limit 2 845a453d5fSMariusz Zaborskiand 855a453d5fSMariusz Zaborski.Xr cap_fcntls_limit 2 , 86cfb13e0aSMariusz Zaborskiit returns success when the kernel is built without support of the capability 87cfb13e0aSMariusz Zaborskimode. 88cfb13e0aSMariusz Zaborski.Pp 89cfb13e0aSMariusz ZaborskiThe 90cfb13e0aSMariusz Zaborski.Nm caph_enter_casper 91cfb13e0aSMariusz Zaborskiis equivalent to the 92cfb13e0aSMariusz Zaborski.Nm caph_enter 93cfb13e0aSMariusz Zaborskiit returns success when the system is built without Casper support. 94cfb13e0aSMariusz Zaborski.Pp 95cfb13e0aSMariusz ZaborskiThe 96c3eed03dSMariusz Zaborski.Nm capsicum helpers 97afc7ee85SMariusz Zaborskiare a set of a inline functions which simplify modifying programs to use 98afc7ee85SMariusz ZaborskiCapsicum. 99c3eed03dSMariusz ZaborskiThe goal is to reduce duplicated code patterns. 100c3eed03dSMariusz ZaborskiThe 101c3eed03dSMariusz Zaborski.Nm capsicum helpers 102c3eed03dSMariusz Zaborskiare part of 103c3eed03dSMariusz Zaborski.Nm libcapsicum 104c3eed03dSMariusz Zaborskibut there is no need to link to the library. 105c3eed03dSMariusz Zaborski.Pp 106c3eed03dSMariusz Zaborski.Fn caph_limit_stream 107c3eed03dSMariusz Zaborskirestricts capabilities on 108c3eed03dSMariusz Zaborski.Fa fd 109c3eed03dSMariusz Zaborskito only those needed by POSIX stream objects (that is, FILEs). 110c3eed03dSMariusz Zaborski.Pp 111afc7ee85SMariusz ZaborskiThese flags can be provided: 112c3eed03dSMariusz Zaborski.Pp 113c3eed03dSMariusz Zaborski.Bl -tag -width "CAPH_IGNORE_EBADF" -compact -offset indent 114c3eed03dSMariusz Zaborski.It Dv CAPH_IGNORE_EBADF 115c3eed03dSMariusz ZaborskiDo not return an error if file descriptor is invalid. 116c3eed03dSMariusz Zaborski.It Dv CAPH_READ 117c3eed03dSMariusz ZaborskiSet CAP_READ on limited descriptor. 118c3eed03dSMariusz Zaborski.It Dv CAPH_WRITE 119c3eed03dSMariusz ZaborskiSet CAP_WRITE on limited descriptor. 120c3eed03dSMariusz Zaborski.El 121c3eed03dSMariusz Zaborski.Pp 122c3eed03dSMariusz Zaborski.Fn caph_limit_stdin , 123c3eed03dSMariusz Zaborski.Fn caph_limit_stderr 124c3eed03dSMariusz Zaborskiand 125c3eed03dSMariusz Zaborski.Fn caph_limit_stdout 126c3eed03dSMariusz Zaborskilimit standard descriptors using the 127c3eed03dSMariusz Zaborski.Nm caph_limit_stream 128c3eed03dSMariusz Zaborskifunction. 129c3eed03dSMariusz Zaborski.Pp 130c3eed03dSMariusz Zaborski.Fn caph_limit_stdio 131c3eed03dSMariusz Zaborskilimits stdin, stderr and stdout. 132c3eed03dSMariusz Zaborski.Pp 133990beb03SKyle Evans.Nm caph_stream_rights 134990beb03SKyle Evansmay be used to initialize 135990beb03SKyle Evans.Fa rights 136990beb03SKyle Evanswith the same rights that a stream would be limited to, as if 137990beb03SKyle Evans.Fn caph_limit_stream 138990beb03SKyle Evanshad been invoked using the same 139990beb03SKyle Evans.Fa flags . 140990beb03SKyle Evans.Pp 141c3eed03dSMariusz Zaborski.Fn caph_cache_tzdata 142c3eed03dSMariusz Zaborskiprecaches all timezone data needed to use 143c3eed03dSMariusz Zaborski.Li libc 144c3eed03dSMariusz Zaborskilocal time functions. 145c3eed03dSMariusz Zaborski.Pp 146c3eed03dSMariusz Zaborski.Fn caph_cache_catpages 147c3eed03dSMariusz Zaborskicaches Native Language Support (NLS) data. 148c3eed03dSMariusz ZaborskiNLS data is used for localized error printing by 149c3eed03dSMariusz Zaborski.Xr strerror 3 150c3eed03dSMariusz Zaborskiand 151c3eed03dSMariusz Zaborski.Xr err 3 , 152c3eed03dSMariusz Zaborskiamong others. 153*3cb6c6c9SMariusz Zaborski.Sh RETURN VALUES 154*3cb6c6c9SMariusz ZaborskiUpon successful completion, 155*3cb6c6c9SMariusz Zaborski.Fn caph_enter , 156*3cb6c6c9SMariusz Zaborski.Fn caph_enter_casper , 157*3cb6c6c9SMariusz Zaborski.Fn caph_rights_limit , 158*3cb6c6c9SMariusz Zaborski.Fn caph_ioctls_limit , 159*3cb6c6c9SMariusz Zaborski.Fn caph_fcntls_limit , 160*3cb6c6c9SMariusz Zaborski.Fn caph_limit_stream , 161*3cb6c6c9SMariusz Zaborski.Fn caph_limit_stdin , 162*3cb6c6c9SMariusz Zaborski.Fn caph_limit_stderr , 163*3cb6c6c9SMariusz Zaborski.Fn caph_limit_stdout , 164*3cb6c6c9SMariusz Zaborskiand 165*3cb6c6c9SMariusz Zaborski.Fn caph_limit_stdio 166*3cb6c6c9SMariusz Zaborskireturn a value 167*3cb6c6c9SMariusz Zaborskiof 0. 168*3cb6c6c9SMariusz ZaborskiOtherwise, a value of -1 is returned and the global variable 169*3cb6c6c9SMariusz Zaborski.Va errno 170*3cb6c6c9SMariusz Zaborskiis set to indicate the error. 171*3cb6c6c9SMariusz Zaborski.Pp 172*3cb6c6c9SMariusz ZaborskiFunctions 173*3cb6c6c9SMariusz Zaborski.Fn caph_stream_rights , 174*3cb6c6c9SMariusz Zaborski.Fn caph_cache_tzdata , 175*3cb6c6c9SMariusz Zaborskiand 176*3cb6c6c9SMariusz Zaborski.Fn caph_cache_catpages 177*3cb6c6c9SMariusz Zaborskican not fail. 178c3eed03dSMariusz Zaborski.Sh SEE ALSO 179c3eed03dSMariusz Zaborski.Xr cap_enter 2 , 1805a453d5fSMariusz Zaborski.Xr cap_rights_limit 2 , 181c3eed03dSMariusz Zaborski.Xr rights 4 182