PERFORCE change 174024 for review

Sun Jan 31 15:17:36 UTC 2010

http://p4web.freebsd.org/chv.cgi?CH=174024

Change 174024 by rwatson at rwatson_vimage_client on 2010/01/31 15:16:42

	Add a rough draft man page for the libcapsicum fdlist API.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/Makefile#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.3#2 edit
.. //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.3#1 add

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/Makefile#2 (text+ko) ====

@@ -21,9 +21,17 @@
 WARNS?=	6
 
 MAN=	libcapsicum.3
+MAN+=	libcapsicum_fdlist.3
 MAN+=	libcapsicum_host.3
 MAN+=	libcapsicum_sandbox.3
 MLINKS=	libcapsicum.3 lc_limitfd.3		\
+	libcapsicum_fdlist.3 lc_fdlist_new.3	\
+	libcapsicum_fdlist.3 lc_fdlist_global.3	\
+	libcapsicum_fdlist.3 lc_fdlist_dup.3	\
+	libcapsicum_fdlist.3 lc_fdlist_free.3	\
+	libcapsicum_fdlist.3 lc_fdlist_add.3	\
+	libcapsicum_fdlist.3 lc_fdlist_addcap.3	\
+	libcapsicum_fdlist.3 lc_fdlist_lookup.3	\
 	libcapsicum_host.3 lch_autosandbox_isenabled.3	\
 	libcapsicum_host.3 lch_start.3	\
 	libcapsicum_host.3 lch_startfd.3	\

==== //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.3#2 (text+ko) ====

@@ -1,5 +1,5 @@
 .\"
-.\" Copyright (c) 2009 Robert N. M. Watson
+.\" Copyright (c) 2009-2010 Robert N. M. Watson
 .\" All rights reserved.
 .\"
 .\" WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED
@@ -82,6 +82,13 @@
 .Xr libcapsicum_sandbox 3 .
 Sandboxed processes themselves may launch software components in further
 sandboxes, so a single program may use both host and sandbox APIs.
+.Pp
+In addition, the
+.Nm
+file descriptor list API, described in
+.Xr libcapsicum_fdlist 3 ,
+may be used to manage the delegation of file descriptors/capabilities to
+sandboxes using a namespace.
 .Sh CAPABILITY API
 .Fn lc_limitfd
 is a wrapper around
@@ -99,6 +106,7 @@
 .Xr cap_new 2 ,
 .Xr close 2 ,
 .Xr dup2 2 ,
+.Xr libcapsicum_fdlist 3 ,
 .Xr libcapsicum_host 3 ,
 .Xr libcapsicum_sandbox 3 ,
 .Xr unix 4
@@ -111,6 +119,9 @@
 PRODUCTION SYSTEMS.  IT WILL BREAK YOUR SOFTWARE IN NEW AND UNEXPECTED WAYS.
 .Sh AUTHORS
 These functions and the capability facility were created by
+.An -nosplit
 .An "Robert N. M. Watson"
+and
+.An "Jonathan Anderson"
 at the University of Cambridge Computer Laboratory with support from a grant
 from Google, Inc.
