diff options
Diffstat (limited to 'lib/libc/sys/cap_ioctls_limit.2')
-rw-r--r-- | lib/libc/sys/cap_ioctls_limit.2 | 165 |
1 files changed, 0 insertions, 165 deletions
diff --git a/lib/libc/sys/cap_ioctls_limit.2 b/lib/libc/sys/cap_ioctls_limit.2 deleted file mode 100644 index 0cf5ea8ca038..000000000000 --- a/lib/libc/sys/cap_ioctls_limit.2 +++ /dev/null @@ -1,165 +0,0 @@ -.\" -.\" Copyright (c) 2012 The FreeBSD Foundation -.\" All rights reserved. -.\" -.\" This documentation was written by Pawel Jakub Dawidek under sponsorship -.\" the FreeBSD Foundation. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd May 5, 2020 -.Dt CAP_IOCTLS_LIMIT 2 -.Os -.Sh NAME -.Nm cap_ioctls_limit , -.Nm cap_ioctls_get -.Nd manage allowed ioctl commands -.Sh LIBRARY -.Lb libc -.Sh SYNOPSIS -.In sys/capsicum.h -.Ft int -.Fn cap_ioctls_limit "int fd" "const unsigned long *cmds" "size_t ncmds" -.Ft ssize_t -.Fn cap_ioctls_get "int fd" "unsigned long *cmds" "size_t maxcmds" -.Sh DESCRIPTION -If a file descriptor is granted the -.Dv CAP_IOCTL -capability right, the list of allowed -.Xr ioctl 2 -commands can be selectively reduced (but never expanded) with the -.Fn cap_ioctls_limit -system call. -The -.Fa cmds -argument is an array of -.Xr ioctl 2 -commands and the -.Fa ncmds -argument specifies the number of elements in the array. -There can be up to -.Va 256 -elements in the array. -Including an element that has been previously revoked will generate an error. -After a successful call only those listed in the array may be used. -.Pp -The list of allowed ioctl commands for a given file descriptor can be obtained -with the -.Fn cap_ioctls_get -system call. -The -.Fa cmds -argument points at memory that can hold up to -.Fa maxcmds -values. -The function populates the provided buffer with up to -.Fa maxcmds -elements, but always returns the total number of ioctl commands allowed for the -given file descriptor. -The total number of ioctls commands for the given file descriptor can be -obtained by passing -.Dv NULL as the -.Fa cmds -argument and -.Va 0 -as the -.Fa maxcmds -argument. -If all ioctl commands are allowed -.Dv ( CAP_IOCTL -capability right is assigned to the file descriptor and the -.Fn cap_ioctls_limit -system call was never called for this file descriptor), the -.Fn cap_ioctls_get -system call will return -.Dv CAP_IOCTLS_ALL -and will not modify the buffer pointed to by the -.Fa cmds -argument. -.Sh RETURN VALUES -.Rv -std cap_ioctls_limit -.Pp -The -.Fn cap_ioctls_get -function, if successful, returns the total number of allowed ioctl commands or -the value -.Dv CAP_IOCTLS_ALL -if all ioctls commands are allowed. -On failure the value -.Va -1 -is returned and the global variable errno is set to indicate the error. -.Sh ERRORS -.Fn cap_ioctls_limit -succeeds unless: -.Bl -tag -width Er -.It Bq Er EBADF -The -.Fa fd -argument is not a valid descriptor. -.It Bq Er EFAULT -The -.Fa cmds -argument points at an invalid address. -.It Bq Er EINVAL -The -.Fa ncmds -argument is greater than -.Va 256 . -.It Bq Er ENOTCAPABLE -.Fa cmds -would expand the list of allowed -.Xr ioctl 2 -commands. -.El -.Pp -.Fn cap_ioctls_get -succeeds unless: -.Bl -tag -width Er -.It Bq Er EBADF -The -.Fa fd -argument is not a valid descriptor. -.It Bq Er EFAULT -The -.Fa cmds -argument points at invalid address. -.El -.Sh SEE ALSO -.Xr cap_fcntls_limit 2 , -.Xr cap_rights_limit 2 , -.Xr ioctl 2 -.Sh HISTORY -The -.Fn cap_ioctls_get -and -.Fn cap_ioctls_limit -system calls first appeared in -.Fx 8.3 . -Support for capabilities and capabilities mode was developed as part of the -.Tn TrustedBSD -Project. -.Sh AUTHORS -This function was created by -.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net -under sponsorship of the FreeBSD Foundation. |