PERFORCE change 148091 for review
Robert Watson
rwatson at FreeBSD.org
Fri Aug 22 09:33:23 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=148091
Change 148091 by rwatson at rwatson_freebsd_capabilities on 2008/08/22 09:33:21
Update and refresh cap_enter(2) documentation in various ways.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#2 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#2 (text+ko) ====
@@ -41,21 +41,23 @@
.Ft int
.Fn cap_getmode "u_int *modep"
.Sh DESCRIPTION
-Capability mode is a mode of execution in which processes may issue only
-selected system calls consisting of file descriptor-based operations and
-selected system calls for inspecting (but not generally modifying) global
-system state.
-Combined with capabilities created with
-.Xr cap_new 2 ,
.Fn cap_enter
-may be used to create kernel-enforced sandboxes in which to run
-appropriately-crafted applications or application components.
+places the current process into capability mode, a mode of execution in which
+processes may only issue system calls operating on file descriptors or
+reading limited global system state.
+Access to global name spaces, such as file system or IPC name spaces, is
+prevented.
+If the process is already in a capability mode sandbox, the system call is a
+no-op.
+Future process descendents create with
+.Xr fork 2
+will be placed in capability mode from inception.
.Pp
+When combined with capabilities created with
+.Xr cap_new 2 ,
.Fn cap_enter
-places the current process into a capability mode sandbox, restricting
-further system calls that may be made by the process.
-If the process is already in a capability mode sandbox, this sytem call is
-a no-op.
+may be used to create kernel-enforced sandboxes in which
+appropriately-crafted applications or application components may be run.
.Pp
.Fn cap_getmode
returns a flag indicating whether or not the process is in a capability mode
More information about the p4-projects
mailing list