1.\" 2.\" Copyright (c) 2012 The FreeBSD Foundation 3.\" 4.\" This documentation was written by Pawel Jakub Dawidek under sponsorship 5.\" the FreeBSD Foundation. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd March 9, 2023 29.Dt CAP_FCNTLS_LIMIT 2 30.Os 31.Sh NAME 32.Nm cap_fcntls_limit , 33.Nm cap_fcntls_get 34.Nd manage allowed fcntl commands 35.Sh LIBRARY 36.Lb libc 37.Sh SYNOPSIS 38.In sys/capsicum.h 39.Ft int 40.Fn cap_fcntls_limit "int fd" "uint32_t fcntlrights" 41.Ft int 42.Fn cap_fcntls_get "int fd" "uint32_t *fcntlrightsp" 43.Sh DESCRIPTION 44If a file descriptor is granted the 45.Dv CAP_FCNTL 46capability right, the list of allowed 47.Xr fcntl 2 48commands can be selectively reduced (but never expanded) with the 49.Fn cap_fcntls_limit 50system call. 51.Pp 52A bitmask of allowed fcntls commands for a given file descriptor can be obtained 53with the 54.Fn cap_fcntls_get 55system call. 56.Sh FLAGS 57The following flags may be specified in the 58.Fa fcntlrights 59argument or returned in the 60.Fa fcntlrightsp 61argument: 62.Bl -tag -width CAP_FCNTL_GETOWN 63.It Dv CAP_FCNTL_GETFL 64Permit 65.Dv F_GETFL 66command. 67.It Dv CAP_FCNTL_SETFL 68Permit 69.Dv F_SETFL 70command. 71.It Dv CAP_FCNTL_GETOWN 72Permit 73.Dv F_GETOWN 74command. 75.It Dv CAP_FCNTL_SETOWN 76Permit 77.Dv F_SETOWN 78command. 79.El 80.Sh RETURN VALUES 81.Rv -std 82.Sh ERRORS 83.Fn cap_fcntls_limit 84succeeds unless: 85.Bl -tag -width Er 86.It Bq Er EBADF 87The 88.Fa fd 89argument is not a valid descriptor. 90.It Bq Er EINVAL 91An invalid flag has been passed in 92.Fa fcntlrights . 93.It Bq Er ENOTCAPABLE 94.Fa fcntlrights 95would expand the list of allowed 96.Xr fcntl 2 97commands. 98.El 99.Pp 100.Fn cap_fcntls_get 101succeeds unless: 102.Bl -tag -width Er 103.It Bq Er EBADF 104The 105.Fa fd 106argument is not a valid descriptor. 107.It Bq Er EFAULT 108The 109.Fa fcntlrightsp 110argument points at an invalid address. 111.It Bq Er ENOSYS 112The running kernel was compiled without 113.Cd "options CAPABILITY_MODE" . 114.El 115.Sh SEE ALSO 116.Xr cap_ioctls_limit 2 , 117.Xr cap_rights_limit 2 , 118.Xr fcntl 2 119.Sh HISTORY 120The 121.Fn cap_fcntls_get 122and 123.Fn cap_fcntls_limit 124system calls first appeared in 125.Fx 8.3 . 126Support for capabilities and capabilities mode was developed as part of the 127.Tn TrustedBSD 128Project. 129.Sh AUTHORS 130This function was created by 131.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net 132under sponsorship of the FreeBSD Foundation. 133