cap_fcntls_limit(2) manage allowed fcntl commands

Other Alias

cap_fcntls_get

LIBRARY

Lb libc

SYNOPSIS

In sys/capability.h Ft int Fn cap_fcntls_limit int fd uint32_t fcntlrights Ft int Fn cap_fcntls_get int fd uint32_t *fcntlrightsp

DESCRIPTION

If a file descriptor is granted the CAP_FCNTL capability right, the list of allowed fcntl(2) commands can be selectively reduced (but never expanded) with the Fn cap_fcntls_limit system call.

A bitmask of allowed fcntls commands for a given file descriptor can be obtained with the Fn cap_fcntls_get system call.

FLAGS

The following flags may be specified in the Fa fcntlrights argument or returned in the Fa fcntlrightsp argument:

CAP_FCNTL_GETFL
Permit F_GETFL command.
CAP_FCNTL_SETFL
Permit F_SETFL command.
CAP_FCNTL_GETOWN
Permit F_GETOWN command.
CAP_FCNTL_SETOWN
Permit F_SETOWN command.

RETURN VALUES

Rv -std

ERRORS

Fn cap_fcntls_limit succeeds unless:

Bq Er EBADF
The Fa fd argument is not a valid descriptor.
Bq Er EINVAL
An invalid flag has been passed in Fa fcntlrights .
Bq Er ENOTCAPABLE
Fa fcntlrights would expand the list of allowed fcntl(2) commands.

Fn cap_fcntls_get succeeds unless:

Bq Er EBADF
The Fa fd argument is not a valid descriptor.
Bq Er EFAULT
The Fa fcntlrightsp argument points at an invalid address.

HISTORY

Support for capabilities and capabilities mode was developed as part of the TrustedBSD Project.

AUTHORS

This function was created by An Pawel Jakub Dawidek Aq [email protected] under sponsorship of the FreeBSD Foundation.