PERFORCE change 148091 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=148091

Change 148091 by rwatson at rwatson_freebsd_capabilities on 2008/08/22 09:33:21

	Update and refresh cap_enter(2) documentation in various ways.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#2 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#2 (text+ko) ====

@@ -41,21 +41,23 @@
 .Ft int
 .Fn cap_getmode "u_int *modep"
 .Sh DESCRIPTION
-Capability mode is a mode of execution in which processes may issue only
-selected system calls consisting of file descriptor-based operations and
-selected system calls for inspecting (but not generally modifying) global
-system state.
-Combined with capabilities created with
-.Xr cap_new 2 ,
 .Fn cap_enter
-may be used to create kernel-enforced sandboxes in which to run
-appropriately-crafted applications or application components.
+places the current process into capability mode, a mode of execution in which
+processes may only issue system calls operating on file descriptors or
+reading limited global system state.
+Access to global name spaces, such as file system or IPC name spaces, is
+prevented.
+If the process is already in a capability mode sandbox, the system call is a
+no-op.
+Future process descendents create with
+.Xr fork 2
+will be placed in capability mode from inception.
 .Pp
+When combined with capabilities created with
+.Xr cap_new 2 ,
 .Fn cap_enter
-places the current process into a capability mode sandbox, restricting
-further system calls that may be made by the process.
-If the process is already in a capability mode sandbox, this sytem call is
-a no-op.
+may be used to create kernel-enforced sandboxes in which
+appropriately-crafted applications or application components may be run.
 .Pp
 .Fn cap_getmode
 returns a flag indicating whether or not the process is in a capability mode