Date: Thu, 21 Aug 2008 19:24:46 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148032 for review Message-ID: <200808211924.m7LJOkpB092888@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148032 Change 148032 by rwatson@rwatson_freebsd_capabilities on 2008/08/21 19:24:28 Various changes to cap_new(2): Fix CAP_CONNECT definition. Clarify CAP_BIND definition. Add CAP_LOOKUP, CAP_SEM_POST, CAP_SEM_WAIT, CAP_SEM_GETVALUE. Update cross-references. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#3 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#3 (text+ko) ==== @@ -241,7 +241,7 @@ .It Dv CAP_ACCEPT Permit .Xr accept 2 . -.It Dv CAP_CONNECt +.It Dv CAP_CONNECT Permit .Xr connect 2 ; also required for @@ -250,11 +250,13 @@ .It Dv CAP_BIND Permit .Xr bind 2 . -Note that sockets can also become bound as a result of +Note that sockets can also become bound implicitly as a result of .Xr connect 2 or .Xr send 2 , -but not to an explicitly selected socket address. +and that socket options set with +.Xr setsockopt 2 +may also affect binding behavior. .It Dv CAP_GETSOCKOPT Permit .Xr getsockopt 2 . @@ -275,6 +277,28 @@ .It Dv CAP_PEELOFF Permit .Xr sctp_peeloff 2 . +.It Dv CAP_LOOKUP +Permit the file descriptor to be used as a starting directory for calls such +as +.Xr linkat 2 , +.Xr openat 2 , +and +.Xr unlinkat 2 . +Note that these calls are not available in capability mode as they manipulate +a global name space; see +.Xr cap_enter 2 +for details. +.It Dv CAP_SEM_POST +Permit +.Xr sem_post . +.It Dv CAP_SEM_WAIT +Permit +.Xr sem_wait 2 +and +.Xr sem_trywait 2 . +.It Dv CAP_SEM_GETVALUE +Permit +.Xr sem_getvalue . .El .Sh CAVEAT The @@ -357,20 +381,20 @@ .Xr fsync 2 , .Xr ftruncate 2 , .Xr futimes 2 , -.Xr getdents 2 , -.Xr getdirents 2 , .Xr getpeername 2 , .Xr getsockname 2 , .Xr getsockopt 2 , .Xr ioctl 2 , .Xr kevent 2 , .Xr kqueue 2 , +.Xr linkat 2 , .Xr listen 2 , .Xr mac_get_fd 2 , .Xr mac_set_fd 2 , .Xr mmap 2 , .Xr mq_open 2 , .Xr open 2 , +.Xr openat 2 , .Xr pipe 2 , .Xr poll 2 , .Xr pread 2 , @@ -389,7 +413,12 @@ .Xr shutdown 2 , .Xr socket 2 , .Xr socketpair 2 , -.Xr write 2 +.Xr unlinkat 2 , +.Xr write 2 , +.Xr sem_post 3 , +.Xr sem_wait 3 , +.Xr sem_trywait 3 , +.Xr sem_getvalue 3 .Sh HISTORY Support for capabilities and capabilities mode was developed as part of the .Tn TrustedBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808211924.m7LJOkpB092888>