Manual Pages — CAP_FCNTLS_LIMIT

NAME

cap_fcntls_limit, cap_fcntls_get – manage allowed fcntl commands

LIBRARY
SYNOPSIS
DESCRIPTION
FLAGS
RETURN VALUES
ERRORS
SEE ALSO
HISTORY
AUTHORS

LIBRARY

SYNOPSIS

#include <sys/capsicum.h>

int
cap_fcntls_limit(int fd, uint32_t fcntlrights);

int
cap_fcntls_get(int fd, uint32_t *fcntlrightsp);

DESCRIPTION

If a file descriptor is granted the CAP_FCNTL capability right, the list of allowed fcntl(2) commands can be selectively reduced (but never expanded) with the cap_fcntls_limit() system call.

A bitmask of allowed fcntls commands for a given file descriptor can be obtained with the cap_fcntls_get() system call.

FLAGS

The following flags may be specified in the fcntlrights argument or returned in the fcntlrightsp argument:

`CAP_FCNTL_GETFL`	Permit `F_GETFL` command.
`CAP_FCNTL_SETFL`	Permit `F_SETFL` command.
`CAP_FCNTL_GETOWN`
	Permit `F_GETOWN` command.
`CAP_FCNTL_SETOWN`
	Permit `F_SETOWN` command.

RETURN VALUES

Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

ERRORS

cap_fcntls_limit() succeeds unless:

[`EBADF`]
	The fd argument is not a valid descriptor.
[`EINVAL`]
	An invalid flag has been passed in fcntlrights.
[`ENOTCAPABLE`]
	fcntlrights would expand the list of allowed fcntl(2) commands.

cap_fcntls_get() succeeds unless:

[EBADF]

The fd argument is not a valid descriptor.

[EFAULT]

The fcntlrightsp argument points at an invalid address.