16f62d278SPawel Jakub Dawidek.\" 26f62d278SPawel Jakub Dawidek.\" Copyright (c) 2008-2010 Robert N. M. Watson 36f62d278SPawel Jakub Dawidek.\" Copyright (c) 2012-2013 The FreeBSD Foundation 46f62d278SPawel Jakub Dawidek.\" All rights reserved. 56f62d278SPawel Jakub Dawidek.\" 66f62d278SPawel Jakub Dawidek.\" This software was developed at the University of Cambridge Computer 76f62d278SPawel Jakub Dawidek.\" Laboratory with support from a grant from Google, Inc. 86f62d278SPawel Jakub Dawidek.\" 96f62d278SPawel Jakub Dawidek.\" Portions of this documentation were written by Pawel Jakub Dawidek 106f62d278SPawel Jakub Dawidek.\" under sponsorship from the FreeBSD Foundation. 116f62d278SPawel Jakub Dawidek.\" 126f62d278SPawel Jakub Dawidek.\" Redistribution and use in source and binary forms, with or without 136f62d278SPawel Jakub Dawidek.\" modification, are permitted provided that the following conditions 146f62d278SPawel Jakub Dawidek.\" are met: 156f62d278SPawel Jakub Dawidek.\" 1. Redistributions of source code must retain the above copyright 166f62d278SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer. 176f62d278SPawel Jakub Dawidek.\" 2. Redistributions in binary form must reproduce the above copyright 186f62d278SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer in the 196f62d278SPawel Jakub Dawidek.\" documentation and/or other materials provided with the distribution. 206f62d278SPawel Jakub Dawidek.\" 216f62d278SPawel Jakub Dawidek.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 226f62d278SPawel Jakub Dawidek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 236f62d278SPawel Jakub Dawidek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 246f62d278SPawel Jakub Dawidek.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 256f62d278SPawel Jakub Dawidek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 266f62d278SPawel Jakub Dawidek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 276f62d278SPawel Jakub Dawidek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 286f62d278SPawel Jakub Dawidek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 296f62d278SPawel Jakub Dawidek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 306f62d278SPawel Jakub Dawidek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 316f62d278SPawel Jakub Dawidek.\" SUCH DAMAGE. 326f62d278SPawel Jakub Dawidek.\" 33*b165e9e3SEdward Tomasz Napierala.Dd May 1, 2024 346f62d278SPawel Jakub Dawidek.Dt RIGHTS 4 356f62d278SPawel Jakub Dawidek.Os 366f62d278SPawel Jakub Dawidek.Sh NAME 376f62d278SPawel Jakub Dawidek.Nm Capability rights 386f62d278SPawel Jakub Dawidek.Nd Capsicum capability rights for file descriptors 396f62d278SPawel Jakub Dawidek.Sh DESCRIPTION 406f62d278SPawel Jakub DawidekWhen a file descriptor is created by a function such as 416f62d278SPawel Jakub Dawidek.Xr fhopen 2 , 426f62d278SPawel Jakub Dawidek.Xr kqueue 2 , 436f62d278SPawel Jakub Dawidek.Xr mq_open 2 , 446f62d278SPawel Jakub Dawidek.Xr open 2 , 456f62d278SPawel Jakub Dawidek.Xr pdfork 2 , 466f62d278SPawel Jakub Dawidek.Xr pipe 2 , 476f62d278SPawel Jakub Dawidek.Xr shm_open 2 , 486f62d278SPawel Jakub Dawidek.Xr socket 2 496f62d278SPawel Jakub Dawidekor 506f62d278SPawel Jakub Dawidek.Xr socketpair 2 , 51d2893828SCismonXit is assigned all capability rights; for 52d2893828SCismonX.Xr accept 2 , 53d2893828SCismonX.Xr accept4 2 54d2893828SCismonXor 55d2893828SCismonX.Xr openat 2 , 56d2893828SCismonXit inherits capability rights from the "parent" file descriptor. 576f62d278SPawel Jakub DawidekThose rights can be reduced (but never expanded) by using the 586f62d278SPawel Jakub Dawidek.Xr cap_rights_limit 2 , 596f62d278SPawel Jakub Dawidek.Xr cap_fcntls_limit 2 and 606f62d278SPawel Jakub Dawidek.Xr cap_ioctls_limit 2 616f62d278SPawel Jakub Dawideksystem calls. 626f62d278SPawel Jakub DawidekOnce capability rights are reduced, operations on the file descriptor will be 636f62d278SPawel Jakub Dawideklimited to those permitted by rights. 646f62d278SPawel Jakub Dawidek.Pp 656f62d278SPawel Jakub DawidekThe complete list of capability rights is provided below. 666f62d278SPawel Jakub DawidekThe 676f62d278SPawel Jakub Dawidek.Vt cap_rights_t 686f62d278SPawel Jakub Dawidektype is used to store list of capability rights. 696f62d278SPawel Jakub DawidekThe 706f62d278SPawel Jakub Dawidek.Xr cap_rights_init 3 716f62d278SPawel Jakub Dawidekfamily of functions should be used to manage the structure. 726f62d278SPawel Jakub Dawidek.Sh RIGHTS 73537bdafbSEd MasteNote that rights are not simple bitmasks (and cannot be bitwise-ORed together). 74537bdafbSEd MasteSee 75537bdafbSEd Maste.Xr cap_rights_init 3 76537bdafbSEd Mastefor details. 77537bdafbSEd Maste.Pp 78537bdafbSEd MasteThe following rights are available: 79bc1ace0bSEd Schouten.Bl -tag -width CAP_RENAMEAT_SOURCE 806f62d278SPawel Jakub Dawidek.It Dv CAP_ACCEPT 816f62d278SPawel Jakub DawidekPermit 826f62d278SPawel Jakub Dawidek.Xr accept 2 836f62d278SPawel Jakub Dawidekand 846f62d278SPawel Jakub Dawidek.Xr accept4 2 . 856f62d278SPawel Jakub Dawidek.It Dv CAP_ACL_CHECK 866f62d278SPawel Jakub DawidekPermit 876f62d278SPawel Jakub Dawidek.Xr acl_valid_fd_np 3 . 886f62d278SPawel Jakub Dawidek.It Dv CAP_ACL_DELETE 896f62d278SPawel Jakub DawidekPermit 906f62d278SPawel Jakub Dawidek.Xr acl_delete_fd_np 3 . 916f62d278SPawel Jakub Dawidek.It Dv CAP_ACL_GET 926f62d278SPawel Jakub DawidekPermit 936f62d278SPawel Jakub Dawidek.Xr acl_get_fd 3 946f62d278SPawel Jakub Dawidekand 956f62d278SPawel Jakub Dawidek.Xr acl_get_fd_np 3 . 966f62d278SPawel Jakub Dawidek.It Dv CAP_ACL_SET 976f62d278SPawel Jakub DawidekPermit 986f62d278SPawel Jakub Dawidek.Xr acl_set_fd 3 996f62d278SPawel Jakub Dawidekand 1006f62d278SPawel Jakub Dawidek.Xr acl_set_fd_np 3 . 1016f62d278SPawel Jakub Dawidek.It Dv CAP_BIND 1022216c693SEd MasteWhen not in capabilities mode, permit 1032216c693SEd Maste.Xr bind 2 1042216c693SEd Masteand 1052216c693SEd Maste.Xr bindat 2 1062216c693SEd Mastewith special value 1072216c693SEd Maste.Dv AT_FDCWD 1082216c693SEd Mastein the 1092216c693SEd Maste.Fa fd 1102216c693SEd Masteparameter. 1116f62d278SPawel Jakub DawidekNote that sockets can also become bound implicitly as a result of 1126f62d278SPawel Jakub Dawidek.Xr connect 2 1136f62d278SPawel Jakub Dawidekor 1146f62d278SPawel Jakub Dawidek.Xr send 2 , 1156f62d278SPawel Jakub Dawidekand that socket options set with 1166f62d278SPawel Jakub Dawidek.Xr setsockopt 2 1176f62d278SPawel Jakub Dawidekmay also affect binding behavior. 1186f62d278SPawel Jakub Dawidek.It Dv CAP_BINDAT 1196f62d278SPawel Jakub DawidekPermit 1206f62d278SPawel Jakub Dawidek.Xr bindat 2 . 1216f62d278SPawel Jakub DawidekThis right has to be present on the directory descriptor. 1226f62d278SPawel Jakub DawidekThis right includes the 1236f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 1246f62d278SPawel Jakub Dawidekright. 1256f62d278SPawel Jakub Dawidek.It Dv CAP_CHFLAGSAT 1266f62d278SPawel Jakub DawidekAn alias to 1276f62d278SPawel Jakub Dawidek.Dv CAP_FCHFLAGS 1286f62d278SPawel Jakub Dawidekand 1296f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP . 1306f62d278SPawel Jakub Dawidek.It Dv CAP_CONNECT 1312216c693SEd MasteWhen not in capabilities mode, permit 1322216c693SEd Maste.Xr connect 2 1332216c693SEd Masteand 1342216c693SEd Maste.Xr connectat 2 1352216c693SEd Mastewith special value 1362216c693SEd Maste.Dv AT_FDCWD 1372216c693SEd Mastein the 1382216c693SEd Maste.Fa fd 1392216c693SEd Masteparameter. 1402216c693SEd MasteThis right is also required for 1416f62d278SPawel Jakub Dawidek.Xr sendto 2 1426f62d278SPawel Jakub Dawidekwith a non-NULL destination address. 1436f62d278SPawel Jakub Dawidek.It Dv CAP_CONNECTAT 1446f62d278SPawel Jakub DawidekPermit 1456f62d278SPawel Jakub Dawidek.Xr connectat 2 . 1466f62d278SPawel Jakub DawidekThis right has to be present on the directory descriptor. 1476f62d278SPawel Jakub DawidekThis right includes the 1486f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 1496f62d278SPawel Jakub Dawidekright. 1506f62d278SPawel Jakub Dawidek.It Dv CAP_CREATE 1516f62d278SPawel Jakub DawidekPermit 1526f62d278SPawel Jakub Dawidek.Xr openat 2 1536f62d278SPawel Jakub Dawidekwith the 1546f62d278SPawel Jakub Dawidek.Dv O_CREAT 1556f62d278SPawel Jakub Dawidekflag. 1566f62d278SPawel Jakub Dawidek.It Dv CAP_EVENT 1576f62d278SPawel Jakub DawidekPermit 1586f62d278SPawel Jakub Dawidek.Xr select 2 , 1596f62d278SPawel Jakub Dawidek.Xr poll 2 , 1606f62d278SPawel Jakub Dawidekand 1616f62d278SPawel Jakub Dawidek.Xr kevent 2 1626f62d278SPawel Jakub Dawidekto be used in monitoring the file descriptor for events. 1636f62d278SPawel Jakub Dawidek.It Dv CAP_EXTATTR_DELETE 1646f62d278SPawel Jakub DawidekPermit 1656f62d278SPawel Jakub Dawidek.Xr extattr_delete_fd 2 . 1666f62d278SPawel Jakub Dawidek.It Dv CAP_EXTATTR_GET 1676f62d278SPawel Jakub DawidekPermit 1686f62d278SPawel Jakub Dawidek.Xr extattr_get_fd 2 . 1696f62d278SPawel Jakub Dawidek.It Dv CAP_EXTATTR_LIST 1706f62d278SPawel Jakub DawidekPermit 1716f62d278SPawel Jakub Dawidek.Xr extattr_list_fd 2 . 1726f62d278SPawel Jakub Dawidek.It Dv CAP_EXTATTR_SET 1736f62d278SPawel Jakub DawidekPermit 1746f62d278SPawel Jakub Dawidek.Xr extattr_set_fd 2 . 1756f62d278SPawel Jakub Dawidek.It Dv CAP_FCHDIR 1766f62d278SPawel Jakub DawidekPermit 1776f62d278SPawel Jakub Dawidek.Xr fchdir 2 . 1786f62d278SPawel Jakub Dawidek.It Dv CAP_FCHFLAGS 1796f62d278SPawel Jakub DawidekPermit 1806f62d278SPawel Jakub Dawidek.Xr fchflags 2 1816f62d278SPawel Jakub Dawidekand 1826f62d278SPawel Jakub Dawidek.Xr chflagsat 2 1836f62d278SPawel Jakub Dawidekif the 1846f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 1856f62d278SPawel Jakub Dawidekright is also present. 1866f62d278SPawel Jakub Dawidek.It Dv CAP_FCHMOD 1876f62d278SPawel Jakub DawidekPermit 1886f62d278SPawel Jakub Dawidek.Xr fchmod 2 1896f62d278SPawel Jakub Dawidekand 1906f62d278SPawel Jakub Dawidek.Xr fchmodat 2 1916f62d278SPawel Jakub Dawidekif the 1926f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 1936f62d278SPawel Jakub Dawidekright is also present. 1946f62d278SPawel Jakub Dawidek.It Dv CAP_FCHMODAT 1956f62d278SPawel Jakub DawidekAn alias to 1966f62d278SPawel Jakub Dawidek.Dv CAP_FCHMOD 1976f62d278SPawel Jakub Dawidekand 1986f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP . 1996f62d278SPawel Jakub Dawidek.It Dv CAP_FCHOWN 2006f62d278SPawel Jakub DawidekPermit 2016f62d278SPawel Jakub Dawidek.Xr fchown 2 2026f62d278SPawel Jakub Dawidekand 2036f62d278SPawel Jakub Dawidek.Xr fchownat 2 2046f62d278SPawel Jakub Dawidekif the 2056f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 2066f62d278SPawel Jakub Dawidekright is also present. 2076f62d278SPawel Jakub Dawidek.It Dv CAP_FCHOWNAT 2086f62d278SPawel Jakub DawidekAn alias to 2096f62d278SPawel Jakub Dawidek.Dv CAP_FCHOWN 2106f62d278SPawel Jakub Dawidekand 2116f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP . 212*b165e9e3SEdward Tomasz Napierala.It Dv CAP_FCHROOT 213*b165e9e3SEdward Tomasz NapieralaPermit 214*b165e9e3SEdward Tomasz Napierala.Xr fchroot 2 . 2156f62d278SPawel Jakub Dawidek.It Dv CAP_FCNTL 2166f62d278SPawel Jakub DawidekPermit 2176f62d278SPawel Jakub Dawidek.Xr fcntl 2 . 2186f62d278SPawel Jakub DawidekNote that only the 2196f62d278SPawel Jakub Dawidek.Dv F_GETFL , 2206f62d278SPawel Jakub Dawidek.Dv F_SETFL , 2216f62d278SPawel Jakub Dawidek.Dv F_GETOWN 2226f62d278SPawel Jakub Dawidekand 2236f62d278SPawel Jakub Dawidek.Dv F_SETOWN 2246f62d278SPawel Jakub Dawidekcommands require this capability right. 2256f62d278SPawel Jakub DawidekAlso note that the list of permitted commands can be further limited with the 2266f62d278SPawel Jakub Dawidek.Xr cap_fcntls_limit 2 2276f62d278SPawel Jakub Dawideksystem call. 2286f62d278SPawel Jakub Dawidek.It Dv CAP_FEXECVE 2296f62d278SPawel Jakub DawidekPermit 2306f62d278SPawel Jakub Dawidek.Xr fexecve 2 2316f62d278SPawel Jakub Dawidekand 2326f62d278SPawel Jakub Dawidek.Xr openat 2 2336f62d278SPawel Jakub Dawidekwith the 2346f62d278SPawel Jakub Dawidek.Dv O_EXEC 2356f62d278SPawel Jakub Dawidekflag; 2366f62d278SPawel Jakub Dawidek.Dv CAP_READ 237556a0cb0SMark Johnstonis also required. 2386f62d278SPawel Jakub Dawidek.It Dv CAP_FLOCK 2396f62d278SPawel Jakub DawidekPermit 2406f62d278SPawel Jakub Dawidek.Xr flock 2 , 2416f62d278SPawel Jakub Dawidek.Xr fcntl 2 2426f62d278SPawel Jakub Dawidek(with 2436f62d278SPawel Jakub Dawidek.Dv F_GETLK , 2446f62d278SPawel Jakub Dawidek.Dv F_SETLK , 2456f62d278SPawel Jakub Dawidek.Dv F_SETLKW 2466f62d278SPawel Jakub Dawidekor 2476f62d278SPawel Jakub Dawidek.Dv F_SETLK_REMOTE 2486f62d278SPawel Jakub Dawidekflag) and 2496f62d278SPawel Jakub Dawidek.Xr openat 2 2506f62d278SPawel Jakub Dawidek(with 2516f62d278SPawel Jakub Dawidek.Dv O_EXLOCK 2526f62d278SPawel Jakub Dawidekor 2536f62d278SPawel Jakub Dawidek.Dv O_SHLOCK 2546f62d278SPawel Jakub Dawidekflag). 2556f62d278SPawel Jakub Dawidek.It Dv CAP_FPATHCONF 2566f62d278SPawel Jakub DawidekPermit 2576f62d278SPawel Jakub Dawidek.Xr fpathconf 2 . 2586f62d278SPawel Jakub Dawidek.It Dv CAP_FSCK 2596f62d278SPawel Jakub DawidekPermit UFS background-fsck operations on the descriptor. 2606f62d278SPawel Jakub Dawidek.It Dv CAP_FSTAT 2616f62d278SPawel Jakub DawidekPermit 2626f62d278SPawel Jakub Dawidek.Xr fstat 2 2636f62d278SPawel Jakub Dawidekand 2646f62d278SPawel Jakub Dawidek.Xr fstatat 2 2656f62d278SPawel Jakub Dawidekif the 2666f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 2676f62d278SPawel Jakub Dawidekright is also present. 2686f62d278SPawel Jakub Dawidek.It Dv CAP_FSTATAT 2696f62d278SPawel Jakub DawidekAn alias to 2706f62d278SPawel Jakub Dawidek.Dv CAP_FSTAT 2716f62d278SPawel Jakub Dawidekand 2726f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP . 2736f62d278SPawel Jakub Dawidek.It Dv CAP_FSTATFS 2746f62d278SPawel Jakub DawidekPermit 2756f62d278SPawel Jakub Dawidek.Xr fstatfs 2 . 2766f62d278SPawel Jakub Dawidek.It Dv CAP_FSYNC 2776f62d278SPawel Jakub DawidekPermit 2786f62d278SPawel Jakub Dawidek.Xr aio_fsync 2 , 2798de7cb10SJilles Tjoelker.Xr fdatasync 2 , 2806f62d278SPawel Jakub Dawidek.Xr fsync 2 2816f62d278SPawel Jakub Dawidekand 2826f62d278SPawel Jakub Dawidek.Xr openat 2 2836f62d278SPawel Jakub Dawidekwith 2846f62d278SPawel Jakub Dawidek.Dv O_FSYNC 2856f62d278SPawel Jakub Dawidekor 2866f62d278SPawel Jakub Dawidek.Dv O_SYNC 2876f62d278SPawel Jakub Dawidekflag. 2886f62d278SPawel Jakub Dawidek.It Dv CAP_FTRUNCATE 2896f62d278SPawel Jakub DawidekPermit 2906f62d278SPawel Jakub Dawidek.Xr ftruncate 2 2916f62d278SPawel Jakub Dawidekand 2926f62d278SPawel Jakub Dawidek.Xr openat 2 2936f62d278SPawel Jakub Dawidekwith the 2946f62d278SPawel Jakub Dawidek.Dv O_TRUNC 2956f62d278SPawel Jakub Dawidekflag. 2966f62d278SPawel Jakub Dawidek.It Dv CAP_FUTIMES 2976f62d278SPawel Jakub DawidekPermit 2982205e0d1SJilles Tjoelker.Xr futimens 2 2996f62d278SPawel Jakub Dawidekand 3002205e0d1SJilles Tjoelker.Xr futimes 2 , 3012205e0d1SJilles Tjoelkerand permit 3026f62d278SPawel Jakub Dawidek.Xr futimesat 2 3032205e0d1SJilles Tjoelkerand 3042205e0d1SJilles Tjoelker.Xr utimensat 2 3056f62d278SPawel Jakub Dawidekif the 3066f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 3076f62d278SPawel Jakub Dawidekright is also present. 3086f62d278SPawel Jakub Dawidek.It Dv CAP_FUTIMESAT 3096f62d278SPawel Jakub DawidekAn alias to 3106f62d278SPawel Jakub Dawidek.Dv CAP_FUTIMES 3116f62d278SPawel Jakub Dawidekand 3126f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP . 3136f62d278SPawel Jakub Dawidek.It Dv CAP_GETPEERNAME 3146f62d278SPawel Jakub DawidekPermit 3156f62d278SPawel Jakub Dawidek.Xr getpeername 2 . 3166f62d278SPawel Jakub Dawidek.It Dv CAP_GETSOCKNAME 3176f62d278SPawel Jakub DawidekPermit 3186f62d278SPawel Jakub Dawidek.Xr getsockname 2 . 3196f62d278SPawel Jakub Dawidek.It Dv CAP_GETSOCKOPT 3206f62d278SPawel Jakub DawidekPermit 3216f62d278SPawel Jakub Dawidek.Xr getsockopt 2 . 3226f62d278SPawel Jakub Dawidek.It Dv CAP_IOCTL 3236f62d278SPawel Jakub DawidekPermit 3246f62d278SPawel Jakub Dawidek.Xr ioctl 2 . 3256f62d278SPawel Jakub DawidekBe aware that this system call has enormous scope, including potentially 3266f62d278SPawel Jakub Dawidekglobal scope for some objects. 3276f62d278SPawel Jakub DawidekThe list of permitted ioctl commands can be further limited with the 3286f62d278SPawel Jakub Dawidek.Xr cap_ioctls_limit 2 3296f62d278SPawel Jakub Dawideksystem call. 3306f62d278SPawel Jakub Dawidek.It Dv CAP_KQUEUE 3316f62d278SPawel Jakub DawidekAn alias to 3326f62d278SPawel Jakub Dawidek.Dv CAP_KQUEUE_CHANGE 3336f62d278SPawel Jakub Dawidekand 3346f62d278SPawel Jakub Dawidek.Dv CAP_KQUEUE_EVENT . 33538ec4caaSPawel Jakub Dawidek.It Dv CAP_KQUEUE_CHANGE 3366f62d278SPawel Jakub DawidekPermit 3376f62d278SPawel Jakub Dawidek.Xr kevent 2 3386f62d278SPawel Jakub Dawidekon a 3396f62d278SPawel Jakub Dawidek.Xr kqueue 2 3406f62d278SPawel Jakub Dawidekdescriptor that modifies list of monitored events (the 3416f62d278SPawel Jakub Dawidek.Fa changelist 3426f62d278SPawel Jakub Dawidekargument is non-NULL). 34338ec4caaSPawel Jakub Dawidek.It Dv CAP_KQUEUE_EVENT 3446f62d278SPawel Jakub DawidekPermit 3456f62d278SPawel Jakub Dawidek.Xr kevent 2 3466f62d278SPawel Jakub Dawidekon a 3476f62d278SPawel Jakub Dawidek.Xr kqueue 2 3486f62d278SPawel Jakub Dawidekdescriptor that monitors events (the 3496f62d278SPawel Jakub Dawidek.Fa eventlist 3506f62d278SPawel Jakub Dawidekargument is non-NULL). 3516f62d278SPawel Jakub Dawidek.Dv CAP_EVENT 3526f62d278SPawel Jakub Dawidekis also required on file descriptors that will be monitored using 3536f62d278SPawel Jakub Dawidek.Xr kevent 2 . 354bc1ace0bSEd Schouten.It Dv CAP_LINKAT_SOURCE 3556f62d278SPawel Jakub DawidekPermit 3566f62d278SPawel Jakub Dawidek.Xr linkat 2 357bc1ace0bSEd Schoutenon the source directory descriptor. 358bc1ace0bSEd SchoutenThis right includes the 359bc1ace0bSEd Schouten.Dv CAP_LOOKUP 360bc1ace0bSEd Schoutenright. 361bc1ace0bSEd Schouten.Pp 362bc1ace0bSEd SchoutenWarning: 363bc1ace0bSEd Schouten.Dv CAP_LINKAT_SOURCE 364bc1ace0bSEd Schoutenmakes it possible to link files in a directory for which file 365bc1ace0bSEd Schoutendescriptors exist that have additional rights. 366bc1ace0bSEd SchoutenFor example, 367bc1ace0bSEd Schoutena file stored in a directory that does not allow 368bc1ace0bSEd Schouten.Dv CAP_READ 369bc1ace0bSEd Schoutenmay be linked in another directory that does allow 370bc1ace0bSEd Schouten.Dv CAP_READ , 371bc1ace0bSEd Schoutenthereby granting read access to a file that is otherwise unreadable. 372bc1ace0bSEd Schouten.It Dv CAP_LINKAT_TARGET 373bc1ace0bSEd SchoutenPermit 374bc1ace0bSEd Schouten.Xr linkat 2 375bc1ace0bSEd Schoutenon the target directory descriptor. 3766f62d278SPawel Jakub DawidekThis right includes the 3776f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 3786f62d278SPawel Jakub Dawidekright. 3796f62d278SPawel Jakub Dawidek.It Dv CAP_LISTEN 3806f62d278SPawel Jakub DawidekPermit 3816f62d278SPawel Jakub Dawidek.Xr listen 2 ; 3826f62d278SPawel Jakub Dawideknot much use (generally) without 3836f62d278SPawel Jakub Dawidek.Dv CAP_BIND . 3846f62d278SPawel Jakub Dawidek.It Dv CAP_LOOKUP 3856f62d278SPawel Jakub DawidekPermit the file descriptor to be used as a starting directory for calls such as 3866f62d278SPawel Jakub Dawidek.Xr linkat 2 , 3876f62d278SPawel Jakub Dawidek.Xr openat 2 , 3886f62d278SPawel Jakub Dawidekand 3896f62d278SPawel Jakub Dawidek.Xr unlinkat 2 . 3906f62d278SPawel Jakub Dawidek.It Dv CAP_MAC_GET 3916f62d278SPawel Jakub DawidekPermit 3926f62d278SPawel Jakub Dawidek.Xr mac_get_fd 3 . 3936f62d278SPawel Jakub Dawidek.It Dv CAP_MAC_SET 3946f62d278SPawel Jakub DawidekPermit 3956f62d278SPawel Jakub Dawidek.Xr mac_set_fd 3 . 3966f62d278SPawel Jakub Dawidek.It Dv CAP_MKDIRAT 3976f62d278SPawel Jakub DawidekPermit 3986f62d278SPawel Jakub Dawidek.Xr mkdirat 2 . 3996f62d278SPawel Jakub DawidekThis right includes the 4006f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 4016f62d278SPawel Jakub Dawidekright. 4026f62d278SPawel Jakub Dawidek.It Dv CAP_MKFIFOAT 4036f62d278SPawel Jakub DawidekPermit 4046f62d278SPawel Jakub Dawidek.Xr mkfifoat 2 . 4056f62d278SPawel Jakub DawidekThis right includes the 4066f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 4076f62d278SPawel Jakub Dawidekright. 4086f62d278SPawel Jakub Dawidek.It Dv CAP_MKNODAT 4096f62d278SPawel Jakub DawidekPermit 4106f62d278SPawel Jakub Dawidek.Xr mknodat 2 . 4116f62d278SPawel Jakub DawidekThis right includes the 4126f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 4136f62d278SPawel Jakub Dawidekright. 4146f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP 4156f62d278SPawel Jakub DawidekPermit 4166f62d278SPawel Jakub Dawidek.Xr mmap 2 4176f62d278SPawel Jakub Dawidekwith the 4186f62d278SPawel Jakub Dawidek.Dv PROT_NONE 4196f62d278SPawel Jakub Dawidekprotection. 4206f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_R 4216f62d278SPawel Jakub DawidekPermit 4226f62d278SPawel Jakub Dawidek.Xr mmap 2 4236f62d278SPawel Jakub Dawidekwith the 4246f62d278SPawel Jakub Dawidek.Dv PROT_READ 4256f62d278SPawel Jakub Dawidekprotection. 4266f62d278SPawel Jakub DawidekThis right includes the 4276f62d278SPawel Jakub Dawidek.Dv CAP_READ 4286f62d278SPawel Jakub Dawidekand 4296f62d278SPawel Jakub Dawidek.Dv CAP_SEEK 4306f62d278SPawel Jakub Dawidekrights. 4316f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_RW 4326f62d278SPawel Jakub DawidekAn alias to 4336f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_R 4346f62d278SPawel Jakub Dawidekand 4356f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_W . 4366f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_RWX 4376f62d278SPawel Jakub DawidekAn alias to 4386f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_R , 4396f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_W 4406f62d278SPawel Jakub Dawidekand 4416f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_X . 4426f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_RX 4436f62d278SPawel Jakub DawidekAn alias to 4446f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_R 4456f62d278SPawel Jakub Dawidekand 4466f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_X . 4476f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_W 4486f62d278SPawel Jakub DawidekPermit 4496f62d278SPawel Jakub Dawidek.Xr mmap 2 4506f62d278SPawel Jakub Dawidekwith the 4516f62d278SPawel Jakub Dawidek.Dv PROT_WRITE 4526f62d278SPawel Jakub Dawidekprotection. 4536f62d278SPawel Jakub DawidekThis right includes the 4546f62d278SPawel Jakub Dawidek.Dv CAP_WRITE 4556f62d278SPawel Jakub Dawidekand 4566f62d278SPawel Jakub Dawidek.Dv CAP_SEEK 4576f62d278SPawel Jakub Dawidekrights. 4586f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_WX 4596f62d278SPawel Jakub DawidekAn alias to 4606f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_W 4616f62d278SPawel Jakub Dawidekand 4626f62d278SPawel Jakub Dawidek.Dv CAP_MMAP_X . 4636f62d278SPawel Jakub Dawidek.It Dv CAP_MMAP_X 4646f62d278SPawel Jakub DawidekPermit 4656f62d278SPawel Jakub Dawidek.Xr mmap 2 4666f62d278SPawel Jakub Dawidekwith the 4676f62d278SPawel Jakub Dawidek.Dv PROT_EXEC 4686f62d278SPawel Jakub Dawidekprotection. 4696f62d278SPawel Jakub DawidekThis right includes the 4706f62d278SPawel Jakub Dawidek.Dv CAP_SEEK 4716f62d278SPawel Jakub Dawidekright. 4726f62d278SPawel Jakub Dawidek.It Dv CAP_PDGETPID 4736f62d278SPawel Jakub DawidekPermit 4746f62d278SPawel Jakub Dawidek.Xr pdgetpid 2 . 4756f62d278SPawel Jakub Dawidek.It Dv CAP_PDKILL 4766f62d278SPawel Jakub DawidekPermit 4776f62d278SPawel Jakub Dawidek.Xr pdkill 2 . 4786f62d278SPawel Jakub Dawidek.It Dv CAP_PEELOFF 4796f62d278SPawel Jakub DawidekPermit 4806f62d278SPawel Jakub Dawidek.Xr sctp_peeloff 2 . 4816f62d278SPawel Jakub Dawidek.It Dv CAP_PREAD 4826f62d278SPawel Jakub DawidekAn alias to 4836f62d278SPawel Jakub Dawidek.Dv CAP_READ 4846f62d278SPawel Jakub Dawidekand 4856f62d278SPawel Jakub Dawidek.Dv CAP_SEEK . 4866f62d278SPawel Jakub Dawidek.It Dv CAP_PWRITE 4876f62d278SPawel Jakub DawidekAn alias to 4886f62d278SPawel Jakub Dawidek.Dv CAP_SEEK 4896f62d278SPawel Jakub Dawidekand 4906f62d278SPawel Jakub Dawidek.Dv CAP_WRITE . 4916f62d278SPawel Jakub Dawidek.It Dv CAP_READ 4926f62d278SPawel Jakub DawidekPermit 4936f62d278SPawel Jakub Dawidek.Xr aio_read 2 4946f62d278SPawel Jakub Dawidek.Dv ( CAP_SEEK 4956f62d278SPawel Jakub Dawidekis also required), 4966f62d278SPawel Jakub Dawidek.Xr openat 2 4976f62d278SPawel Jakub Dawidekwith the 4986f62d278SPawel Jakub Dawidek.Dv O_RDONLY flag, 4996f62d278SPawel Jakub Dawidek.Xr read 2 , 5006f62d278SPawel Jakub Dawidek.Xr readv 2 , 5016f62d278SPawel Jakub Dawidek.Xr recv 2 , 5026f62d278SPawel Jakub Dawidek.Xr recvfrom 2 , 5036f62d278SPawel Jakub Dawidek.Xr recvmsg 2 , 5046f62d278SPawel Jakub Dawidek.Xr pread 2 5056f62d278SPawel Jakub Dawidek.Dv ( CAP_SEEK 5066f62d278SPawel Jakub Dawidekis also required), 5076f62d278SPawel Jakub Dawidek.Xr preadv 2 5086f62d278SPawel Jakub Dawidek.Dv ( CAP_SEEK 509d2893828SCismonXis also required), 510d2893828SCismonX.Xr getdents 2 , 511d2893828SCismonX.Xr getdirentries 2 , 512d2893828SCismonXand related system calls. 5136f62d278SPawel Jakub Dawidek.It Dv CAP_RECV 5146f62d278SPawel Jakub DawidekAn alias to 5156f62d278SPawel Jakub Dawidek.Dv CAP_READ . 516bc1ace0bSEd Schouten.It Dv CAP_RENAMEAT_SOURCE 5176f62d278SPawel Jakub DawidekPermit 518bc1ace0bSEd Schouten.Xr renameat 2 519bc1ace0bSEd Schoutenon the source directory descriptor. 520bc1ace0bSEd SchoutenThis right includes the 521bc1ace0bSEd Schouten.Dv CAP_LOOKUP 522bc1ace0bSEd Schoutenright. 523bc1ace0bSEd Schouten.Pp 524bc1ace0bSEd SchoutenWarning: 525bc1ace0bSEd Schouten.Dv CAP_RENAMEAT_SOURCE 526bc1ace0bSEd Schoutenmakes it possible to move files to a directory for which file 527bc1ace0bSEd Schoutendescriptors exist that have additional rights. 528bc1ace0bSEd SchoutenFor example, 529bc1ace0bSEd Schoutena file stored in a directory that does not allow 530bc1ace0bSEd Schouten.Dv CAP_READ 531bc1ace0bSEd Schoutenmay be moved to another directory that does allow 532bc1ace0bSEd Schouten.Dv CAP_READ , 533bc1ace0bSEd Schoutenthereby granting read access to a file that is otherwise unreadable. 534bc1ace0bSEd Schouten.It Dv CAP_RENAMEAT_TARGET 535bc1ace0bSEd SchoutenPermit 536bc1ace0bSEd Schouten.Xr renameat 2 537bc1ace0bSEd Schoutenon the target directory descriptor. 5386f62d278SPawel Jakub DawidekThis right includes the 5396f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 5406f62d278SPawel Jakub Dawidekright. 5416f62d278SPawel Jakub Dawidek.It Dv CAP_SEEK 5426f62d278SPawel Jakub DawidekPermit operations that seek on the file descriptor, such as 5436f62d278SPawel Jakub Dawidek.Xr lseek 2 , 5446f62d278SPawel Jakub Dawidekbut also required for I/O system calls that can read or write at any position 5456f62d278SPawel Jakub Dawidekin the file, such as 5466f62d278SPawel Jakub Dawidek.Xr pread 2 5476f62d278SPawel Jakub Dawidekand 5486f62d278SPawel Jakub Dawidek.Xr pwrite 2 . 5496f62d278SPawel Jakub Dawidek.It Dv CAP_SEM_GETVALUE 5506f62d278SPawel Jakub DawidekPermit 5516f62d278SPawel Jakub Dawidek.Xr sem_getvalue 3 . 5526f62d278SPawel Jakub Dawidek.It Dv CAP_SEM_POST 5536f62d278SPawel Jakub DawidekPermit 5546f62d278SPawel Jakub Dawidek.Xr sem_post 3 . 5556f62d278SPawel Jakub Dawidek.It Dv CAP_SEM_WAIT 5566f62d278SPawel Jakub DawidekPermit 5576f62d278SPawel Jakub Dawidek.Xr sem_wait 3 5586f62d278SPawel Jakub Dawidekand 5596f62d278SPawel Jakub Dawidek.Xr sem_trywait 3 . 5606f62d278SPawel Jakub Dawidek.It Dv CAP_SEND 5616f62d278SPawel Jakub DawidekAn alias to 5626f62d278SPawel Jakub Dawidek.Dv CAP_WRITE . 5636f62d278SPawel Jakub Dawidek.It Dv CAP_SETSOCKOPT 5646f62d278SPawel Jakub DawidekPermit 5656f62d278SPawel Jakub Dawidek.Xr setsockopt 2 ; 5666f62d278SPawel Jakub Dawidekthis controls various aspects of socket behavior and may affect binding, 5676f62d278SPawel Jakub Dawidekconnecting, and other behaviors with global scope. 5686f62d278SPawel Jakub Dawidek.It Dv CAP_SHUTDOWN 5696f62d278SPawel Jakub DawidekPermit explicit 5706f62d278SPawel Jakub Dawidek.Xr shutdown 2 ; 5716f62d278SPawel Jakub Dawidekclosing the socket will also generally shut down any connections on it. 5726f62d278SPawel Jakub Dawidek.It Dv CAP_SYMLINKAT 5736f62d278SPawel Jakub DawidekPermit 5746f62d278SPawel Jakub Dawidek.Xr symlinkat 2 . 5756f62d278SPawel Jakub DawidekThis right includes the 5766f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 5776f62d278SPawel Jakub Dawidekright. 5786f62d278SPawel Jakub Dawidek.It Dv CAP_TTYHOOK 5796f62d278SPawel Jakub DawidekAllow configuration of TTY hooks, such as 5806f62d278SPawel Jakub Dawidek.Xr snp 4 , 5816f62d278SPawel Jakub Dawidekon the file descriptor. 5826f62d278SPawel Jakub Dawidek.It Dv CAP_UNLINKAT 5836f62d278SPawel Jakub DawidekPermit 5846f62d278SPawel Jakub Dawidek.Xr unlinkat 2 5856f62d278SPawel Jakub Dawidekand 5866f62d278SPawel Jakub Dawidek.Xr renameat 2 . 5876f62d278SPawel Jakub DawidekThis right is only required for 5886f62d278SPawel Jakub Dawidek.Xr renameat 2 5896f62d278SPawel Jakub Dawidekon the destination directory descriptor if the destination object already 5906f62d278SPawel Jakub Dawidekexists and will be removed by the rename. 5916f62d278SPawel Jakub DawidekThis right includes the 5926f62d278SPawel Jakub Dawidek.Dv CAP_LOOKUP 5936f62d278SPawel Jakub Dawidekright. 5946f62d278SPawel Jakub Dawidek.It Dv CAP_WRITE 5956f62d278SPawel Jakub DawidekAllow 5966f62d278SPawel Jakub Dawidek.Xr aio_write 2 , 5976f62d278SPawel Jakub Dawidek.Xr openat 2 5986f62d278SPawel Jakub Dawidekwith 5996f62d278SPawel Jakub Dawidek.Dv O_WRONLY 6006f62d278SPawel Jakub Dawidekand 6016f62d278SPawel Jakub Dawidek.Dv O_APPEND 6026f62d278SPawel Jakub Dawidekflags set, 6036f62d278SPawel Jakub Dawidek.Xr send 2 , 6046f62d278SPawel Jakub Dawidek.Xr sendmsg 2 , 6056f62d278SPawel Jakub Dawidek.Xr sendto 2 , 6066f62d278SPawel Jakub Dawidek.Xr write 2 , 6076f62d278SPawel Jakub Dawidek.Xr writev 2 , 6086f62d278SPawel Jakub Dawidek.Xr pwrite 2 , 6096f62d278SPawel Jakub Dawidek.Xr pwritev 2 6106f62d278SPawel Jakub Dawidekand related system calls. 6116f62d278SPawel Jakub DawidekFor 6126f62d278SPawel Jakub Dawidek.Xr sendto 2 6136f62d278SPawel Jakub Dawidekwith a non-NULL connection address, 6146f62d278SPawel Jakub Dawidek.Dv CAP_CONNECT 6156f62d278SPawel Jakub Dawidekis also required. 6166f62d278SPawel Jakub DawidekFor 6176f62d278SPawel Jakub Dawidek.Xr openat 2 6186f62d278SPawel Jakub Dawidekwith the 6196f62d278SPawel Jakub Dawidek.Dv O_WRONLY 6206f62d278SPawel Jakub Dawidekflag, but without the 6216f62d278SPawel Jakub Dawidek.Dv O_APPEND 622d2893828SCismonXor 623d2893828SCismonX.Dv O_TRUNC 6246f62d278SPawel Jakub Dawidekflag, 6256f62d278SPawel Jakub Dawidek.Dv CAP_SEEK 6266f62d278SPawel Jakub Dawidekis also required. 6276f62d278SPawel Jakub DawidekFor 6286f62d278SPawel Jakub Dawidek.Xr aio_write 2 , 6296f62d278SPawel Jakub Dawidek.Xr pwrite 2 6306f62d278SPawel Jakub Dawidekand 6316f62d278SPawel Jakub Dawidek.Xr pwritev 2 6326f62d278SPawel Jakub Dawidek.Dv CAP_SEEK 6336f62d278SPawel Jakub Dawidekis also required. 6346f62d278SPawel Jakub Dawidek.El 6356f62d278SPawel Jakub Dawidek.Sh SEE ALSO 6366f62d278SPawel Jakub Dawidek.Xr accept 2 , 6376f62d278SPawel Jakub Dawidek.Xr accept4 2 , 6386f62d278SPawel Jakub Dawidek.Xr aio_fsync 2 , 6396f62d278SPawel Jakub Dawidek.Xr aio_read 2 , 6406f62d278SPawel Jakub Dawidek.Xr aio_write 2 , 6416f62d278SPawel Jakub Dawidek.Xr bind 2 , 6426f62d278SPawel Jakub Dawidek.Xr bindat 2 , 6436f62d278SPawel Jakub Dawidek.Xr cap_enter 2 , 6446f62d278SPawel Jakub Dawidek.Xr cap_fcntls_limit 2 , 6456f62d278SPawel Jakub Dawidek.Xr cap_ioctls_limit 2 , 6466f62d278SPawel Jakub Dawidek.Xr cap_rights_limit 2 , 6476f62d278SPawel Jakub Dawidek.Xr chflagsat 2 , 6486f62d278SPawel Jakub Dawidek.Xr connect 2 , 6496f62d278SPawel Jakub Dawidek.Xr connectat 2 , 6506f62d278SPawel Jakub Dawidek.Xr extattr_delete_fd 2 , 6516f62d278SPawel Jakub Dawidek.Xr extattr_get_fd 2 , 6526f62d278SPawel Jakub Dawidek.Xr extattr_list_fd 2 , 6536f62d278SPawel Jakub Dawidek.Xr extattr_set_fd 2 , 6546f62d278SPawel Jakub Dawidek.Xr fchflags 2 , 6556f62d278SPawel Jakub Dawidek.Xr fchmod 2 , 6566f62d278SPawel Jakub Dawidek.Xr fchmodat 2 , 6576f62d278SPawel Jakub Dawidek.Xr fchown 2 , 6586f62d278SPawel Jakub Dawidek.Xr fchownat 2 , 6596f62d278SPawel Jakub Dawidek.Xr fcntl 2 , 6606f62d278SPawel Jakub Dawidek.Xr fexecve 2 , 6616f62d278SPawel Jakub Dawidek.Xr fhopen 2 , 6626f62d278SPawel Jakub Dawidek.Xr flock 2 , 6636f62d278SPawel Jakub Dawidek.Xr fpathconf 2 , 6646f62d278SPawel Jakub Dawidek.Xr fstat 2 , 6656f62d278SPawel Jakub Dawidek.Xr fstatat 2 , 6666f62d278SPawel Jakub Dawidek.Xr fstatfs 2 , 6676f62d278SPawel Jakub Dawidek.Xr fsync 2 , 6686f62d278SPawel Jakub Dawidek.Xr ftruncate 2 , 6696f62d278SPawel Jakub Dawidek.Xr futimes 2 , 670d2893828SCismonX.Xr getdents 2 , 671d2893828SCismonX.Xr getdirentries 2 , 6726f62d278SPawel Jakub Dawidek.Xr getpeername 2 , 6736f62d278SPawel Jakub Dawidek.Xr getsockname 2 , 6746f62d278SPawel Jakub Dawidek.Xr getsockopt 2 , 6756f62d278SPawel Jakub Dawidek.Xr ioctl 2 , 6766f62d278SPawel Jakub Dawidek.Xr kevent 2 , 6776f62d278SPawel Jakub Dawidek.Xr kqueue 2 , 6786f62d278SPawel Jakub Dawidek.Xr linkat 2 , 6796f62d278SPawel Jakub Dawidek.Xr listen 2 , 6806f62d278SPawel Jakub Dawidek.Xr mmap 2 , 6816f62d278SPawel Jakub Dawidek.Xr mq_open 2 , 6826f62d278SPawel Jakub Dawidek.Xr open 2 , 6836f62d278SPawel Jakub Dawidek.Xr openat 2 , 6846f62d278SPawel Jakub Dawidek.Xr pdfork 2 , 6856f62d278SPawel Jakub Dawidek.Xr pdgetpid 2 , 6866f62d278SPawel Jakub Dawidek.Xr pdkill 2 , 6876f62d278SPawel Jakub Dawidek.Xr pdwait4 2 , 6886f62d278SPawel Jakub Dawidek.Xr pipe 2 , 6896f62d278SPawel Jakub Dawidek.Xr poll 2 , 6906f62d278SPawel Jakub Dawidek.Xr pread 2 , 6916f62d278SPawel Jakub Dawidek.Xr preadv 2 , 6926f62d278SPawel Jakub Dawidek.Xr pwrite 2 , 6936f62d278SPawel Jakub Dawidek.Xr pwritev 2 , 6946f62d278SPawel Jakub Dawidek.Xr read 2 , 6956f62d278SPawel Jakub Dawidek.Xr readv 2 , 6966f62d278SPawel Jakub Dawidek.Xr recv 2 , 6976f62d278SPawel Jakub Dawidek.Xr recvfrom 2 , 6986f62d278SPawel Jakub Dawidek.Xr recvmsg 2 , 6996f62d278SPawel Jakub Dawidek.Xr renameat 2 , 7006f62d278SPawel Jakub Dawidek.Xr sctp_peeloff 2 , 7016f62d278SPawel Jakub Dawidek.Xr select 2 , 7026f62d278SPawel Jakub Dawidek.Xr send 2 , 7036f62d278SPawel Jakub Dawidek.Xr sendmsg 2 , 7046f62d278SPawel Jakub Dawidek.Xr sendto 2 , 7056f62d278SPawel Jakub Dawidek.Xr setsockopt 2 , 7066f62d278SPawel Jakub Dawidek.Xr shm_open 2 , 7076f62d278SPawel Jakub Dawidek.Xr shutdown 2 , 7086f62d278SPawel Jakub Dawidek.Xr socket 2 , 7096f62d278SPawel Jakub Dawidek.Xr socketpair 2 , 7106f62d278SPawel Jakub Dawidek.Xr symlinkat 2 , 7116f62d278SPawel Jakub Dawidek.Xr unlinkat 2 , 7126f62d278SPawel Jakub Dawidek.Xr write 2 , 7136f62d278SPawel Jakub Dawidek.Xr writev 2 , 7146f62d278SPawel Jakub Dawidek.Xr acl_delete_fd_np 3 , 7156f62d278SPawel Jakub Dawidek.Xr acl_get_fd 3 , 7166f62d278SPawel Jakub Dawidek.Xr acl_get_fd_np 3 , 7176f62d278SPawel Jakub Dawidek.Xr acl_set_fd 3 , 7186f62d278SPawel Jakub Dawidek.Xr acl_set_fd_np 3 , 7196f62d278SPawel Jakub Dawidek.Xr acl_valid_fd_np 3 , 7206f62d278SPawel Jakub Dawidek.Xr mac_get_fd 3 , 7216f62d278SPawel Jakub Dawidek.Xr mac_set_fd 3 , 7226f62d278SPawel Jakub Dawidek.Xr sem_getvalue 3 , 7236f62d278SPawel Jakub Dawidek.Xr sem_post 3 , 7246f62d278SPawel Jakub Dawidek.Xr sem_trywait 3 , 7256f62d278SPawel Jakub Dawidek.Xr sem_wait 3 , 7266f62d278SPawel Jakub Dawidek.Xr capsicum 4 , 7276f62d278SPawel Jakub Dawidek.Xr snp 4 7286f62d278SPawel Jakub Dawidek.Sh HISTORY 7296f62d278SPawel Jakub DawidekSupport for capabilities and capabilities mode was developed as part of the 7306f62d278SPawel Jakub Dawidek.Tn TrustedBSD 7316f62d278SPawel Jakub DawidekProject. 7326f62d278SPawel Jakub Dawidek.Sh AUTHORS 7334bbfc29eSSergey Kandaurov.An -nosplit 7346f62d278SPawel Jakub DawidekThis manual page was created by 7356c899950SBaptiste Daroussin.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net 736a5fc0326SJoel Dahlunder sponsorship from the FreeBSD Foundation based on the 7376f62d278SPawel Jakub Dawidek.Xr cap_new 2 7386f62d278SPawel Jakub Dawidekmanual page by 7396c899950SBaptiste Daroussin.An Robert Watson Aq Mt rwatson@FreeBSD.org . 740