PERFORCE change 148032 for review
Robert Watson
rwatson at FreeBSD.org
Thu Aug 21 19:24:48 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=148032
Change 148032 by rwatson at rwatson_freebsd_capabilities on 2008/08/21 19:24:28
Various changes to cap_new(2):
Fix CAP_CONNECT definition.
Clarify CAP_BIND definition.
Add CAP_LOOKUP, CAP_SEM_POST, CAP_SEM_WAIT, CAP_SEM_GETVALUE.
Update cross-references.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#3 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#3 (text+ko) ====
@@ -241,7 +241,7 @@
.It Dv CAP_ACCEPT
Permit
.Xr accept 2 .
-.It Dv CAP_CONNECt
+.It Dv CAP_CONNECT
Permit
.Xr connect 2 ;
also required for
@@ -250,11 +250,13 @@
.It Dv CAP_BIND
Permit
.Xr bind 2 .
-Note that sockets can also become bound as a result of
+Note that sockets can also become bound implicitly as a result of
.Xr connect 2
or
.Xr send 2 ,
-but not to an explicitly selected socket address.
+and that socket options set with
+.Xr setsockopt 2
+may also affect binding behavior.
.It Dv CAP_GETSOCKOPT
Permit
.Xr getsockopt 2 .
@@ -275,6 +277,28 @@
.It Dv CAP_PEELOFF
Permit
.Xr sctp_peeloff 2 .
+.It Dv CAP_LOOKUP
+Permit the file descriptor to be used as a starting directory for calls such
+as
+.Xr linkat 2 ,
+.Xr openat 2 ,
+and
+.Xr unlinkat 2 .
+Note that these calls are not available in capability mode as they manipulate
+a global name space; see
+.Xr cap_enter 2
+for details.
+.It Dv CAP_SEM_POST
+Permit
+.Xr sem_post .
+.It Dv CAP_SEM_WAIT
+Permit
+.Xr sem_wait 2
+and
+.Xr sem_trywait 2 .
+.It Dv CAP_SEM_GETVALUE
+Permit
+.Xr sem_getvalue .
.El
.Sh CAVEAT
The
@@ -357,20 +381,20 @@
.Xr fsync 2 ,
.Xr ftruncate 2 ,
.Xr futimes 2 ,
-.Xr getdents 2 ,
-.Xr getdirents 2 ,
.Xr getpeername 2 ,
.Xr getsockname 2 ,
.Xr getsockopt 2 ,
.Xr ioctl 2 ,
.Xr kevent 2 ,
.Xr kqueue 2 ,
+.Xr linkat 2 ,
.Xr listen 2 ,
.Xr mac_get_fd 2 ,
.Xr mac_set_fd 2 ,
.Xr mmap 2 ,
.Xr mq_open 2 ,
.Xr open 2 ,
+.Xr openat 2 ,
.Xr pipe 2 ,
.Xr poll 2 ,
.Xr pread 2 ,
@@ -389,7 +413,12 @@
.Xr shutdown 2 ,
.Xr socket 2 ,
.Xr socketpair 2 ,
-.Xr write 2
+.Xr unlinkat 2 ,
+.Xr write 2 ,
+.Xr sem_post 3 ,
+.Xr sem_wait 3 ,
+.Xr sem_trywait 3 ,
+.Xr sem_getvalue 3
.Sh HISTORY
Support for capabilities and capabilities mode was developed as part of the
.Tn TrustedBSD
More information about the p4-projects
mailing list