cap_fcntls_limit (2)
Leading comments
Copyright (c) 2012 The FreeBSD Foundation All rights reserved. This documentation was written by Pawel Jakub Dawidek under sponsorship the FreeBSD Foundation. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above cop...
NAME
cap_fcntls_limit cap_fcntls_get - manage allowed fcntl commandsLIBRARY
Lb libcSYNOPSIS
In sys/capability.h Ft int Fn cap_fcntls_limit int fd uint32_t fcntlrights Ft int Fn cap_fcntls_get int fd uint32_t *fcntlrightspDESCRIPTION
If a file descriptor is granted the CAP_FCNTL capability right, the list of allowed fcntl(2) commands can be selectively reduced (but never expanded) with the Fn cap_fcntls_limit system call.A bitmask of allowed fcntls commands for a given file descriptor can be obtained with the Fn cap_fcntls_get system call.
FLAGS
The following flags may be specified in the Fa fcntlrights argument or returned in the Fa fcntlrightsp argument:- CAP_FCNTL_GETFL
- Permit F_GETFL command.
- CAP_FCNTL_SETFL
- Permit F_SETFL command.
- CAP_FCNTL_GETOWN
- Permit F_GETOWN command.
- CAP_FCNTL_SETOWN
- Permit F_SETOWN command.
RETURN VALUES
Rv -stdERRORS
Fn cap_fcntls_limit succeeds unless:- Bq Er EBADF
- The Fa fd argument is not a valid descriptor.
- Bq Er EINVAL
- An invalid flag has been passed in Fa fcntlrights .
- Bq Er ENOTCAPABLE
- Fa fcntlrights would expand the list of allowed fcntl(2) commands.
Fn cap_fcntls_get succeeds unless:
- Bq Er EBADF
- The Fa fd argument is not a valid descriptor.
- Bq Er EFAULT
- The Fa fcntlrightsp argument points at an invalid address.