From owner-svn-src-projects@FreeBSD.ORG Sat Mar 2 22:34:37 2013 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0446C123; Sat, 2 Mar 2013 22:34:37 +0000 (UTC) (envelope-from mav@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id E8638756; Sat, 2 Mar 2013 22:34:36 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r22MYanp071039; Sat, 2 Mar 2013 22:34:36 GMT (envelope-from mav@svn.freebsd.org) Received: (from mav@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r22MYYrX071018; Sat, 2 Mar 2013 22:34:34 GMT (envelope-from mav@svn.freebsd.org) Message-Id: <201303022234.r22MYYrX071018@svn.freebsd.org> From: Alexander Motin Date: Sat, 2 Mar 2013 22:34:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r247674 - in projects/calloutng: . contrib/openbsm/etc etc lib/libc/gen lib/libc/include lib/libc/sys lib/libprocstat lib/libstand sbin/ipfw sbin/mount_hpfs sbin/mount_ntfs share/exampl... X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Mar 2013 22:34:37 -0000 Author: mav Date: Sat Mar 2 22:34:33 2013 New Revision: 247674 URL: http://svnweb.freebsd.org/changeset/base/247674 Log: MFC @r247673 Added: projects/calloutng/lib/libc/gen/cap_sandboxed.3 - copied unchanged from r247673, head/lib/libc/gen/cap_sandboxed.3 projects/calloutng/lib/libc/gen/cap_sandboxed.c - copied unchanged from r247673, head/lib/libc/gen/cap_sandboxed.c projects/calloutng/lib/libc/sys/bindat.2 - copied unchanged from r247673, head/lib/libc/sys/bindat.2 projects/calloutng/lib/libc/sys/cap_fcntls_limit.2 - copied unchanged from r247673, head/lib/libc/sys/cap_fcntls_limit.2 projects/calloutng/lib/libc/sys/cap_ioctls_limit.2 - copied unchanged from r247673, head/lib/libc/sys/cap_ioctls_limit.2 projects/calloutng/lib/libc/sys/cap_rights_limit.2 - copied unchanged from r247673, head/lib/libc/sys/cap_rights_limit.2 projects/calloutng/lib/libc/sys/connectat.2 - copied unchanged from r247673, head/lib/libc/sys/connectat.2 projects/calloutng/tools/regression/capsicum/ - copied from r247673, head/tools/regression/capsicum/ Deleted: projects/calloutng/lib/libc/sys/cap_new.2 projects/calloutng/lib/libprocstat/ntfs.c projects/calloutng/sbin/mount_hpfs/ projects/calloutng/sbin/mount_ntfs/ projects/calloutng/share/examples/portal/ projects/calloutng/share/man/man4/coda.4 projects/calloutng/share/man/man5/xfs.5 projects/calloutng/sys/fs/coda/ projects/calloutng/sys/fs/hpfs/ projects/calloutng/sys/fs/ntfs/ projects/calloutng/sys/fs/portalfs/ projects/calloutng/sys/gnu/fs/xfs/ projects/calloutng/sys/modules/coda/ projects/calloutng/sys/modules/coda5/ projects/calloutng/sys/modules/hpfs/ projects/calloutng/sys/modules/ntfs/ projects/calloutng/sys/modules/ntfs_iconv/ projects/calloutng/sys/modules/portalfs/ projects/calloutng/sys/modules/xfs/ projects/calloutng/usr.sbin/mount_portalfs/ Modified: projects/calloutng/ObsoleteFiles.inc projects/calloutng/UPDATING projects/calloutng/contrib/openbsm/etc/audit_event projects/calloutng/etc/devd.conf projects/calloutng/lib/libc/gen/Makefile.inc projects/calloutng/lib/libc/include/compat.h projects/calloutng/lib/libc/sys/Makefile.inc projects/calloutng/lib/libc/sys/Symbol.map projects/calloutng/lib/libc/sys/cap_enter.2 projects/calloutng/lib/libc/sys/dup.2 projects/calloutng/lib/libprocstat/libprocstat.c projects/calloutng/lib/libprocstat/libprocstat.h projects/calloutng/lib/libstand/nandfs.c projects/calloutng/sbin/ipfw/ipfw2.c projects/calloutng/sys/amd64/amd64/pmap.c projects/calloutng/sys/amd64/conf/GENERIC projects/calloutng/sys/amd64/include/pmap.h projects/calloutng/sys/arm/arm/locore.S projects/calloutng/sys/arm/conf/RPI-B projects/calloutng/sys/arm/include/vmparam.h projects/calloutng/sys/bsm/audit_kevents.h projects/calloutng/sys/cddl/compat/opensolaris/sys/file.h projects/calloutng/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ioctl.c projects/calloutng/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_onexit.c projects/calloutng/sys/compat/freebsd32/freebsd32_proto.h projects/calloutng/sys/compat/freebsd32/freebsd32_syscall.h projects/calloutng/sys/compat/freebsd32/freebsd32_syscalls.c projects/calloutng/sys/compat/freebsd32/freebsd32_sysent.c projects/calloutng/sys/compat/freebsd32/freebsd32_systrace_args.c projects/calloutng/sys/compat/freebsd32/syscalls.master projects/calloutng/sys/compat/linux/linux_file.c projects/calloutng/sys/compat/svr4/svr4_fcntl.c projects/calloutng/sys/compat/svr4/svr4_filio.c projects/calloutng/sys/compat/svr4/svr4_misc.c projects/calloutng/sys/compat/svr4/svr4_stream.c projects/calloutng/sys/conf/options.sparc64 projects/calloutng/sys/dev/iscsi/initiator/iscsi.c projects/calloutng/sys/dev/pci/pci.c projects/calloutng/sys/fs/fdescfs/fdesc_vfsops.c projects/calloutng/sys/fs/fdescfs/fdesc_vnops.c projects/calloutng/sys/fs/nfs/nfsdport.h projects/calloutng/sys/fs/nfsclient/nfs_clport.c projects/calloutng/sys/fs/nfsserver/nfs_nfsdport.c projects/calloutng/sys/fs/nullfs/null_vfsops.c projects/calloutng/sys/geom/label/g_label_ntfs.c projects/calloutng/sys/i386/conf/GENERIC projects/calloutng/sys/i386/i386/pmap.c projects/calloutng/sys/i386/ibcs2/ibcs2_misc.c projects/calloutng/sys/i386/include/pmap.h projects/calloutng/sys/kern/capabilities.conf projects/calloutng/sys/kern/init_sysent.c projects/calloutng/sys/kern/kern_descrip.c projects/calloutng/sys/kern/kern_exec.c projects/calloutng/sys/kern/kern_exit.c projects/calloutng/sys/kern/kern_fork.c projects/calloutng/sys/kern/sys_capability.c projects/calloutng/sys/kern/sys_generic.c projects/calloutng/sys/kern/syscalls.c projects/calloutng/sys/kern/syscalls.master projects/calloutng/sys/kern/systrace_args.c projects/calloutng/sys/kern/tty.c projects/calloutng/sys/kern/uipc_domain.c projects/calloutng/sys/kern/uipc_mqueue.c projects/calloutng/sys/kern/uipc_sem.c projects/calloutng/sys/kern/uipc_shm.c projects/calloutng/sys/kern/uipc_socket.c projects/calloutng/sys/kern/uipc_syscalls.c projects/calloutng/sys/kern/uipc_usrreq.c projects/calloutng/sys/kern/vfs_aio.c projects/calloutng/sys/kern/vfs_lookup.c projects/calloutng/sys/kern/vfs_syscalls.c projects/calloutng/sys/netpfil/ipfw/ip_fw_dynamic.c projects/calloutng/sys/netsmb/smb_dev.c projects/calloutng/sys/nfsserver/nfs_srvkrpc.c projects/calloutng/sys/ofed/include/linux/file.h projects/calloutng/sys/ofed/include/linux/timer.h projects/calloutng/sys/security/audit/audit.h projects/calloutng/sys/security/audit/audit_arg.c projects/calloutng/sys/security/audit/audit_bsm.c projects/calloutng/sys/security/audit/audit_private.h projects/calloutng/sys/sparc64/pci/psycho.c projects/calloutng/sys/sparc64/sbus/sbus.c projects/calloutng/sys/sys/capability.h projects/calloutng/sys/sys/file.h projects/calloutng/sys/sys/filedesc.h projects/calloutng/sys/sys/namei.h projects/calloutng/sys/sys/protosw.h projects/calloutng/sys/sys/socket.h projects/calloutng/sys/sys/socketvar.h projects/calloutng/sys/sys/syscall.h projects/calloutng/sys/sys/syscall.mk projects/calloutng/sys/sys/sysproto.h projects/calloutng/sys/sys/time.h projects/calloutng/sys/sys/user.h projects/calloutng/sys/vm/vm_mmap.c projects/calloutng/sys/vm/vm_object.c projects/calloutng/tools/regression/pjdfstest/Makefile projects/calloutng/tools/regression/pjdfstest/pjdfstest.c projects/calloutng/tools/regression/security/cap_test/cap_test_capabilities.c projects/calloutng/tools/regression/security/cap_test/cap_test_relative.c projects/calloutng/usr.bin/kdump/kdump.c projects/calloutng/usr.bin/kdump/mksubr projects/calloutng/usr.bin/procstat/procstat_files.c Directory Properties: projects/calloutng/ (props changed) projects/calloutng/contrib/openbsm/ (props changed) projects/calloutng/lib/libc/ (props changed) projects/calloutng/sbin/ (props changed) projects/calloutng/sbin/ipfw/ (props changed) projects/calloutng/share/man/man4/ (props changed) projects/calloutng/sys/ (props changed) projects/calloutng/sys/cddl/contrib/opensolaris/ (props changed) projects/calloutng/sys/conf/ (props changed) projects/calloutng/usr.bin/procstat/ (props changed) Modified: projects/calloutng/ObsoleteFiles.inc ============================================================================== --- projects/calloutng/ObsoleteFiles.inc Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/ObsoleteFiles.inc Sat Mar 2 22:34:33 2013 (r247674) @@ -38,6 +38,27 @@ # xargs -n1 | sort | uniq -d; # done +# 20130302: NTFS support removed +OLD_FILES+=usr/include/fs/ntfs/ntfs.h +OLD_FILES+=usr/include/fs/ntfs/ntfs_compr.h +OLD_FILES+=usr/include/fs/ntfs/ntfs_ihash.h +OLD_FILES+=usr/include/fs/ntfs/ntfs_inode.h +OLD_FILES+=usr/include/fs/ntfs/ntfs_subr.h +OLD_FILES+=usr/include/fs/ntfs/ntfs_vfsops.h +OLD_FILES+=usr/include/fs/ntfs/ntfsmount.h +OLD_DIRS+=usr/include/fs/ntfs +OLD_FILES+=usr/share/man/man8/mount_ntfs.8.gz +# 20130302: PORTALFS support removed +OLD_FILES+=usr/include/fs/portalfs/portal.h +OLD_DIRS+=usr/include/fs/portalfs +OLD_FILES+=usr/share/examples/portal/README +OLD_FILES+=usr/share/examples/portal/portal.conf +OLD_DIRS+=usr/share/examples/portal +OLD_FILES+=usr/share/man/man8/mount_portalfs.8.gz +# 20130302: CODAFS support removed +OLD_FILES+=usr/share/man/man4/coda.4.gz +# 20130302: XFS support removed +OLD_FILES+=usr/share/man/man5/xfs.5.gz # 20130116: removed long unused directories for .1aout section manpages OLD_FILES+=usr/share/man/en.ISO8859-1/man1aout OLD_FILES+=usr/share/man/en.UTF-8/man1aout Modified: projects/calloutng/UPDATING ============================================================================== --- projects/calloutng/UPDATING Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/UPDATING Sat Mar 2 22:34:33 2013 (r247674) @@ -26,6 +26,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10 disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20130301: + The ctl device has been disabled in GENERIC for i386 and amd64. + This was done due to the extra memory being allocated at system + initialisation time by the ctl driver which was only used if + a CAM target device was created. This makes a FreeBSD system + unusable on 128MB or less of RAM. + 20130208: A new compression method (lz4) has been merged to -HEAD. Please refer to zpool-features(7) for more information. Modified: projects/calloutng/contrib/openbsm/etc/audit_event ============================================================================== --- projects/calloutng/contrib/openbsm/etc/audit_event Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/contrib/openbsm/etc/audit_event Sat Mar 2 22:34:33 2013 (r247674) @@ -548,7 +548,7 @@ 43184:AUE_OPENAT:openat(2) - attr only:fa 43185:AUE_POSIX_OPENPT:posix_openpt(2):ip 43186:AUE_CAP_NEW:cap_new(2):fm -43187:AUE_CAP_GETRIGHTS:cap_getrights(2):fm +43187:AUE_CAP_RIGHTS_GET:cap_rights_get(2):fm 43188:AUE_CAP_ENTER:cap_enter(2):pc 43189:AUE_CAP_GETMODE:cap_getmode(2):pc 43190:AUE_POSIX_SPAWN:posix_spawn(2):pc @@ -563,6 +563,13 @@ 43199:AUE_PDGETPID:pdgetpid(2):pc 43200:AUE_PDWAIT:pdwait(2):pc 43201:AUE_WAIT6:wait6(2):pc +43202:AUE_CAP_RIGHTS_LIMIT:cap_rights_limit(2):fm +43203:AUE_CAP_IOCTLS_LIMIT:cap_ioctls_limit(2):fm +43204:AUE_CAP_IOCTLS_GET:cap_ioctls_get(2):fm +43205:AUE_CAP_FCNTLS_LIMIT:cap_fcntls_limit(2):fm +43206:AUE_CAP_FCNTLS_GET:cap_fcntls_get(2):fm +43207:AUE_BINDAT:bindat(2):nt +43208:AUE_CONNECTAT:connectat(2):nt # # Solaris userspace events. # Modified: projects/calloutng/etc/devd.conf ============================================================================== --- projects/calloutng/etc/devd.conf Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/etc/devd.conf Sat Mar 2 22:34:33 2013 (r247674) @@ -34,7 +34,7 @@ options { # NB: DETACH events are ignored; the kernel should handle all cleanup # (routes, arp cache). Beware of races against immediate create # of a device with the same name; e.g. -# ifconfig bridge0 destroy; ifconfig bridge0 create +# ifconfig bridge0 destroy; ifconfig bridge0 create # notify 0 { match "system" "IFNET"; @@ -165,7 +165,7 @@ notify 100 { }; # -# Rescan scsi device-names on attach, but not detach. However, it is +# Rescan SCSI device-names on attach, but not detach. However, it is # disabled by default due to reports of problems. # attach 0 { @@ -305,13 +305,13 @@ detach 10 { # events. See the ACPI specification for more information about # notifies. Here is the information returned for each subsystem: # -# ACAD: AC line state (0 is offline, 1 is online) -# Button: Button pressed (0 for power, 1 for sleep) -# CMBAT: ACPI battery events -# Lid: Lid state (0 is closed, 1 is open) -# RCTL: Resource limits +# ACAD: AC line state (0 is offline, 1 is online) +# Button: Button pressed (0 for power, 1 for sleep) +# CMBAT: ACPI battery events +# Lid: Lid state (0 is closed, 1 is open) +# RCTL: Resource limits # Suspend, Resume: Suspend and resume notification -# Thermal: ACPI thermal zone events +# Thermal: ACPI thermal zone events # # This example calls a script when the AC state changes, passing the # notify value as the first argument. If the state is 0x00, it might Modified: projects/calloutng/lib/libc/gen/Makefile.inc ============================================================================== --- projects/calloutng/lib/libc/gen/Makefile.inc Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/lib/libc/gen/Makefile.inc Sat Mar 2 22:34:33 2013 (r247674) @@ -16,6 +16,7 @@ SRCS+= __getosreldate.c \ assert.c \ auxv.c \ basename.c \ + cap_sandboxed.c \ check_utility_compat.c \ clock.c \ clock_getcpuclockid.c \ @@ -168,6 +169,7 @@ SYM_MAPS+=${.CURDIR}/gen/Symbol.map MAN+= alarm.3 \ arc4random.3 \ basename.3 \ + cap_sandboxed.3 \ check_utility_compat.3 \ clock.3 \ clock_getcpuclockid.3 \ Copied: projects/calloutng/lib/libc/gen/cap_sandboxed.3 (from r247673, head/lib/libc/gen/cap_sandboxed.3) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/calloutng/lib/libc/gen/cap_sandboxed.3 Sat Mar 2 22:34:33 2013 (r247674, copy of r247673, head/lib/libc/gen/cap_sandboxed.3) @@ -0,0 +1,70 @@ +.\" Copyright (c) 2012 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" This documentation was written by Pawel Jakub Dawidek under sponsorship +.\" from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd September 18, 2012 +.Dt CAP_SANDBOXED 3 +.Os +.Sh NAME +.Nm cap_sandboxed +.Nd Check if in a capability mode sandbox +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.In stdbool.h +.Ft bool +.Fn cap_sandboxed "void" +.Sh DESCRIPTION +.Fn cap_sandboxed +returns +.Va true +if the process is in a capability mode sandbox or +.Va false +if it is not. +This function is a more handy alternative to the +.Xr cap_getmode 2 +system call as it always succeeds, so there is no need for error checking. +If the support for capability mode is not compiled into the kernel, +.Fn cap_sandboxed +will always return +.Va false . +.Sh RETURN VALUES +Function +.Fn cap_sandboxed +is always successful and will return either +.Va true +or +.Va false . +.Sh SEE ALSO +.Xr cap_enter 2 , +.Xr capsicum 4 +.Sh AUTHORS +This function was implemented and manual page was written by +.An Pawel Jakub Dawidek Aq pawel@dawidek.net +under sponsorship of the FreeBSD Foundation. Copied: projects/calloutng/lib/libc/gen/cap_sandboxed.c (from r247673, head/lib/libc/gen/cap_sandboxed.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/calloutng/lib/libc/gen/cap_sandboxed.c Sat Mar 2 22:34:33 2013 (r247674, copy of r247673, head/lib/libc/gen/cap_sandboxed.c) @@ -0,0 +1,50 @@ +/*- + * Copyright (c) 2012 The FreeBSD Foundation + * All rights reserved. + * + * This software was developed by Pawel Jakub Dawidek under sponsorship from + * the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include + +#include +#include +#include + +bool +cap_sandboxed(void) +{ + u_int mode; + + if (cap_getmode(&mode) != 0) { + assert(errno == ENOSYS); + return (false); + } + assert(mode == 0 || mode == 1); + return (mode == 1); +} Modified: projects/calloutng/lib/libc/include/compat.h ============================================================================== --- projects/calloutng/lib/libc/include/compat.h Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/lib/libc/include/compat.h Sat Mar 2 22:34:33 2013 (r247674) @@ -42,6 +42,8 @@ __sym_compat(__semctl, freebsd7___semctl __sym_compat(msgctl, freebsd7_msgctl, FBSD_1.0); __sym_compat(shmctl, freebsd7_shmctl, FBSD_1.0); +__sym_compat(cap_getrights, cap_rights_get, FBSD_1.2); + #undef __sym_compat #endif /* __LIBC_COMPAT_H__ */ Modified: projects/calloutng/lib/libc/sys/Makefile.inc ============================================================================== --- projects/calloutng/lib/libc/sys/Makefile.inc Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/lib/libc/sys/Makefile.inc Sat Mar 2 22:34:33 2013 (r247674) @@ -91,9 +91,12 @@ MAN+= abort2.2 \ aio_waitcomplete.2 \ aio_write.2 \ bind.2 \ + bindat.2 \ brk.2 \ cap_enter.2 \ - cap_new.2 \ + cap_fcntls_limit.2 \ + cap_ioctls_limit.2 \ + cap_rights_limit.2 \ chdir.2 \ chflags.2 \ chmod.2 \ @@ -103,6 +106,7 @@ MAN+= abort2.2 \ close.2 \ closefrom.2 \ connect.2 \ + connectat.2 \ cpuset.2 \ cpuset_getaffinity.2 \ dup.2 \ @@ -270,7 +274,9 @@ MLINKS+=access.2 eaccess.2 \ access.2 faccessat.2 MLINKS+=brk.2 sbrk.2 MLINKS+=cap_enter.2 cap_getmode.2 -MLINKS+=cap_new.2 cap_getrights.2 +MLINKS+=cap_fcntls_limit.2 cap_fcntls_get.2 +MLINKS+=cap_ioctls_limit.2 cap_ioctls_get.2 +MLINKS+=cap_rights_limit.2 cap_rights_get.2 MLINKS+=chdir.2 fchdir.2 MLINKS+=chflags.2 fchflags.2 \ chflags.2 lchflags.2 Modified: projects/calloutng/lib/libc/sys/Symbol.map ============================================================================== --- projects/calloutng/lib/libc/sys/Symbol.map Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/lib/libc/sys/Symbol.map Sat Mar 2 22:34:33 2013 (r247674) @@ -364,7 +364,6 @@ FBSD_1.2 { cap_enter; cap_getmode; cap_new; - cap_getrights; getloginclass; pdfork; pdgetpid; @@ -379,7 +378,16 @@ FBSD_1.2 { }; FBSD_1.3 { + bindat; + cap_fcntls_get; + cap_fcntls_limit; + cap_ioctls_get; + cap_ioctls_limit; + cap_rights_get; + cap_rights_limit; + cap_sandboxed; clock_getcpuclockid2; + connectat; ffclock_getcounter; ffclock_getestimate; ffclock_setestimate; Copied: projects/calloutng/lib/libc/sys/bindat.2 (from r247673, head/lib/libc/sys/bindat.2) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/calloutng/lib/libc/sys/bindat.2 Sat Mar 2 22:34:33 2013 (r247674, copy of r247673, head/lib/libc/sys/bindat.2) @@ -0,0 +1,109 @@ +.\" Copyright (c) 2013 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" This documentation was written by Pawel Jakub Dawidek under sponsorship from +.\" the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd February 13, 2013 +.Dt BINDAT 2 +.Os +.Sh NAME +.Nm bindat +.Nd assign a local protocol address to a socket +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/socket.h +.Pp +.In fcntl.h +.Ft int +.Fn bindat "int fd" "int s" "const struct sockaddr *addr" "socklen_t addrlen" +.Sh DESCRIPTION +The +.Fn bindat +system call assigns the local protocol address to a socket. +It works just like the +.Xr bind 2 +system call with two exceptions: +.Pp +.Bl -enum -offset indent -compact +.It +It is limited to sockets in the PF_LOCAL domain. +.Pp +.It +If the file path stored in the +.Fa sun_path +field of the sockaddr_un structure is a relative path, it is located relative +to the directory associated with the file descriptor +.Fa fd . +If +.Fn bindat +is passed the special value +.Dv AT_FDCWD +in the +.Fa fd +parameter, the current working directory is used and the behavior is identical +to a call to +.Xr bind 2 . +.El +.Sh RETURN VALUES +.Rv -std bindat +.Sh ERRORS +The +.Fn bindat +system call may fail with the same errors as the +.Xr bind 2 +system call for a UNIX domain socket or with the following errors: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa sun_path +field does not specify an absolute path and the +.Fa fd +argument is neither +.Dv AT_FDCWD +nor a valid file descriptor. +.It Bq Er ENOTDIR +The +.Fa sun_path +field is not an absolute path and +.Fa fd +is neither +.Dv AT_FDCWD +nor a file descriptor associated with a directory. +.El +.Sh SEE ALSO +.Xr bind 2 , +.Xr connectat 2 , +.Xr socket 2 , +.Xr unix 4 +.Sh AUTHORS +The +.Nm +was developed by +.An Pawel Jakub Dawidek Aq pawel@dawidek.net +under sponsorship from the FreeBSD Foundation. Modified: projects/calloutng/lib/libc/sys/cap_enter.2 ============================================================================== --- projects/calloutng/lib/libc/sys/cap_enter.2 Sat Mar 2 22:28:20 2013 (r247673) +++ projects/calloutng/lib/libc/sys/cap_enter.2 Sat Mar 2 22:34:33 2013 (r247674) @@ -58,8 +58,10 @@ or .Xr pdfork 2 will be placed in capability mode from inception. .Pp -When combined with capabilities created with -.Xr cap_new 2 , +When combined with +.Xr cap_rights_limit 2 , +.Xr cap_ioctls_limit 2 , +.Xr cap_fcntls_limit 2 , .Fn cap_enter may be used to create kernel-enforced sandboxes in which appropriately-crafted applications or application components may be run. @@ -71,11 +73,6 @@ sandbox. Creating effective process sandboxes is a tricky process that involves identifying the least possible rights required by the process and then passing those rights into the process in a safe manner. -See the CAVEAT -section of -.Xr cap_new 2 -for why this is particularly tricky with UNIX file descriptors as the -canonical representation of a right. Consumers of .Fn cap_enter should also be aware of other inherited rights, such as access to VM @@ -87,9 +84,35 @@ to create a runtime environment inside t acquired rights as possible. .Sh RETURN VALUES .Rv -std cap_enter cap_getmode +.Sh ERRORS +The +.Fn cap_enter +and +.Fn cap_getmode +system calls +will fail if: +.Bl -tag -width Er +.It Bq Er ENOSYS +The kernel is compiled without: +.Pp +.Cd "options CAPABILITY_MODE" +.El +.Pp +The +.Fn cap_getmode +system call may also return the following error: +.Bl -tag -width Er +.It Bq Er EFAULT +Pointer +.Fa modep +points outside the process's allocated address space. +.El .Sh SEE ALSO -.Xr cap_new 2 , +.Xr cap_fcntls_limit 2 , +.Xr cap_ioctls_limit 2 , +.Xr cap_rights_limit 2 , .Xr fexecve 2 , +.Xr cap_sandboxed 3 , .Xr capsicum 4 .Sh HISTORY Support for capabilities and capabilities mode was developed as part of the Copied: projects/calloutng/lib/libc/sys/cap_fcntls_limit.2 (from r247673, head/lib/libc/sys/cap_fcntls_limit.2) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/calloutng/lib/libc/sys/cap_fcntls_limit.2 Sat Mar 2 22:34:33 2013 (r247674, copy of r247673, head/lib/libc/sys/cap_fcntls_limit.2) @@ -0,0 +1,126 @@ +.\" +.\" Copyright (c) 2012 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" This documentation was written by Pawel Jakub Dawidek under sponsorship +.\" the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd September 20, 2012 +.Dt CAP_FCNTLS_LIMIT 2 +.Os +.Sh NAME +.Nm cap_fcntls_limit , +.Nm cap_fcntls_get +.Nd manage allowed fcntl commands +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.Ft int +.Fn cap_fcntls_limit "int fd" "uint32_t fcntlrights" +.Ft int +.Fn cap_fcntls_get "int fd" "uint32_t *fcntlrightsp" +.Sh DESCRIPTION +If a file descriptor is granted the +.Dv CAP_FCNTL +capability right, the list of allowed +.Xr fcntl 2 +commands can be selectively reduced (but never expanded) with the +.Fn cap_fcntls_limit +system call. +.Pp +A bitmask of allowed fcntls commands for a given file descriptor can be obtained +with the +.Fn cap_fcntls_get +system call. +.Sh FLAGS +The following flags may be specified in the +.Fa fcntlrights +argument or returned in the +.Fa fcntlrightsp +argument: +.Bl -tag -width CAP_FCNTL_GETOWN +.It Dv CAP_FCNTL_GETFL +Permit +.Dv F_GETFL +command. +.It Dv CAP_FCNTL_SETFL +Permit +.Dv F_SETFL +command. +.It Dv CAP_FCNTL_GETOWN +Permit +.Dv F_GETOWN +command. +.It Dv CAP_FCNTL_SETOWN +Permit +.Dv F_SETOWN +command. +.El +.Sh RETURN VALUES +.Rv -std +.Sh ERRORS +.Fn cap_fcntls_limit +succeeds unless: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid descriptor. +.It Bq Er EINVAL +An invalid flag has been passed in +.Fa fcntlrights . +.It Bq Er ENOTCAPABLE +.Fa fcntlrights +would expand the list of allowed +.Xr fcntl 2 +commands. +.El +.Pp +.Fn cap_fcntls_get +succeeds unless: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid descriptor. +.It Bq Er EFAULT +The +.Fa fcntlrightsp +argument points at an invalid address. +.El +.Sh SEE ALSO +.Xr cap_ioctls_limit 2 , +.Xr cap_rights_limit 2 , +.Xr fcntl 2 +.Sh HISTORY +Support for capabilities and capabilities mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +This function was created by +.An Pawel Jakub Dawidek Aq pawel@dawidek.net +under sponsorship of the FreeBSD Foundation. Copied: projects/calloutng/lib/libc/sys/cap_ioctls_limit.2 (from r247673, head/lib/libc/sys/cap_ioctls_limit.2) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/calloutng/lib/libc/sys/cap_ioctls_limit.2 Sat Mar 2 22:34:33 2013 (r247674, copy of r247673, head/lib/libc/sys/cap_ioctls_limit.2) @@ -0,0 +1,157 @@ +.\" +.\" Copyright (c) 2012 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" This documentation was written by Pawel Jakub Dawidek under sponsorship +.\" the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd September 20, 2012 +.Dt CAP_IOCTLS_LIMIT 2 +.Os +.Sh NAME +.Nm cap_ioctls_limit , +.Nm cap_ioctls_get +.Nd manage allowed ioctl commands +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.Ft int +.Fn cap_ioctls_limit "int fd" "const unsigned long *cmds" "size_t ncmds" +.Ft ssize_t +.Fn cap_ioctls_get "int fd" "unsigned long *cmds" "size_t maxcmds" +.Sh DESCRIPTION +If a file descriptor is granted the +.Dv CAP_IOCTL +capability right, the list of allowed +.Xr ioctl 2 +commands can be selectively reduced (but never expanded) with the +.Fn cap_ioctls_limit +system call. +The +.Fa cmds +argument is an array of +.Xr ioctl 2 +commands and the +.Fa ncmds +argument specifies the number of elements in the array. +There might be up to +.Va 256 +elements in the array. +.Pp +The list of allowed ioctl commands for a given file descriptor can be obtained +with the +.Fn cap_ioctls_get +system call. +The +.Fa cmds +argument points at memory that can hold up to +.Fa maxcmds +values. +The function populates the provided buffer with up to +.Fa maxcmds +elements, but always returns the total number of ioctl commands allowed for the +given file descriptor. +The total number of ioctls commands for the given file descriptor can be +obtained by passing +.Dv NULL as the +.Fa cmds +argument and +.Va 0 +as the +.Fa maxcmds +argument. +If all ioctl commands are allowed +.Dv ( CAP_IOCTL +capability right is assigned to the file descriptor and the +.Fn cap_ioctls_limit +system call was never called for this file descriptor), the +.Fn cap_ioctls_get +system call will return +.Dv CAP_IOCTLS_ALL +and won't modify the buffer pointed out by the +.Fa cmds +argument. +.Sh RETURN VALUES +.Rv -std cap_ioctls_limit +.Pp +The +.Fn cap_ioctls_limit +function, if successfull, returns the total number of allowed ioctl commands or +the value +.Dv INT_MAX +if all ioctls commands are allowed. +On failure the value +.Va -1 +is returned and the global variable errno is set to indicate the error. +.Sh ERRORS +.Fn cap_ioctls_limit +succeeds unless: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid descriptor. +.It Bq Er EFAULT +The +.Fa cmds +argument points at an invalid address. +.It Bq Er EINVAL +The +.Fa ncmds +argument is greater than +.Va 256 . +.It Bq Er ENOTCAPABLE +.Fa cmds +would expand the list of allowed +.Xr ioctl 2 +commands. +.El +.Pp +.Fn cap_ioctls_get +succeeds unless: +.Bl -tag -width Er +.It Bq Er EBADF +The +.Fa fd +argument is not a valid descriptor. +.It Bq Er EFAULT +The +.Fa cmds +argument points at invalid address. +.El +.Sh SEE ALSO +.Xr cap_fcntls_limit 2 , +.Xr cap_rights_limit 2 , +.Xr ioctl 2 +.Sh HISTORY +Support for capabilities and capabilities mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh AUTHORS +This function was created by +.An Pawel Jakub Dawidek Aq pawel@dawidek.net +under sponsorship of the FreeBSD Foundation. Copied: projects/calloutng/lib/libc/sys/cap_rights_limit.2 (from r247673, head/lib/libc/sys/cap_rights_limit.2) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/calloutng/lib/libc/sys/cap_rights_limit.2 Sat Mar 2 22:34:33 2013 (r247674, copy of r247673, head/lib/libc/sys/cap_rights_limit.2) @@ -0,0 +1,612 @@ +.\" +.\" Copyright (c) 2008-2010 Robert N. M. Watson +.\" Copyright (c) 2012-2013 The FreeBSD Foundation +.\" All rights reserved. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" +.\" Portions of this documentation were written by Pawel Jakub Dawidek +.\" under sponsorship from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd February 23, 2013 +.Dt CAP_RIGHTS_LIMIT 2 +.Os +.Sh NAME +.Nm cap_rights_limit , +.Nm cap_rights_get +.Nd manage capability rights +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/capability.h +.Ft int +.Fn cap_rights_limit "int fd" "cap_rights_t rights" +.Ft int +.Fn cap_rights_get "int fd" "cap_rights_t *rightsp" +.Sh DESCRIPTION +When a file descriptor is created by a function such as +.Xr fhopen 2 , +.Xr kqueue 2 , +.Xr mq_open 2 , +.Xr open 2 , +.Xr openat 2 , +.Xr pdfork 2 , +.Xr pipe 2 , +.Xr shm_open 2 , +.Xr socket 2 , +or +.Xr socketpair 2 , +it is assigned all capability rights. +Those rights can be reduced (but never expanded) by using the +.Fn cap_rights_limit +system call. +Once capability rights are reduced, operations on the file descriptor will be +limited to those permitted by +.Fa rights . +.Pp +A bitmask of capability rights assigned to a file descriptor can be obtained with +the +.Fn cap_rights_get +system call. +.Sh RIGHTS +The following rights may be specified in a rights mask: +.Bl -tag -width CAP_EXTATTR_DELETE +.It Dv CAP_ACCEPT +Permit +.Xr accept 2 . +.It Dv CAP_ACL_CHECK +Permit checking of an ACL on a file descriptor; there is no cross-reference +for this system call. +.It Dv CAP_ACL_DELETE +Permit +.Xr acl_delete_fd_np 3 . +.It Dv CAP_ACL_GET +Permit +.Xr acl_get_fd 3 +and +.Xr acl_get_fd_np 3 . +.It Dv CAP_ACL_SET +Permit +.Xr acl_set_fd 3 +and +.Xr acl_set_fd_np 3 . +.It Dv CAP_BIND +Permit +.Xr bind 2 . +Note that sockets can also become bound implicitly as a result of +.Xr connect 2 +or +.Xr send 2 , +and that socket options set with +.Xr setsockopt 2 +may also affect binding behavior. +.It Dv CAP_BINDAT +Permit +.Xr bindat 2 . +This right has to be present on the directory descriptor. +.It Dv CAP_CONNECT +Permit +.Xr connect 2 ; +also required for +.Xr sendto 2 +with a non-NULL destination address. +.It Dv CAP_CONNECTAT +Permit +.Xr connectat 2 . +This right has to be present on the directory descriptor. +.It Dv CAP_CREATE +Permit +.Xr openat 2 +with the +.Dv O_CREAT +flag. +.\" XXXPJD: Doesn't exist anymore. +.It Dv CAP_EVENT +Permit +.Xr select 2 , +.Xr poll 2 , +and +.Xr kevent 2 +to be used in monitoring the file descriptor for events. +.It Dv CAP_FEXECVE +Permit +.Xr fexecve 2 +and +.Xr openat 2 +with the +.Dv O_EXEC +flag; +.Dv CAP_READ +will also be required. +.It Dv CAP_EXTATTR_DELETE +Permit +.Xr extattr_delete_fd 2 . +.It Dv CAP_EXTATTR_GET +Permit +.Xr extattr_get_fd 2 . +.It Dv CAP_EXTATTR_LIST +Permit +.Xr extattr_list_fd 2 . +.It Dv CAP_EXTATTR_SET +Permit +.Xr extattr_set_fd 2 . +.It Dv CAP_FCHDIR +Permit +.Xr fchdir 2 . +.It Dv CAP_FCHFLAGS +Permit +.Xr fchflags 2 . +.It Dv CAP_FCHMOD +Permit +.Xr fchmod 2 +and +.Xr fchmodat 2 . +.It Dv CAP_FCHMODAT +An alias to +.Dv CAP_FCHMOD . +.It Dv CAP_FCHOWN +Permit +.Xr fchown 2 +and +.Xr fchownat 2 . +.It Dv CAP_FCHOWNAT +An alias to +.Dv CAP_FCHOWN . +.It Dv CAP_FCNTL +Permit +.Xr fcntl 2 . +Note that only the +.Dv F_GETFL , +.Dv F_SETFL , +.Dv F_GETOWN +and +.Dv F_SETOWN +commands require this capability right. +Also note that the list of permitted commands can be further limited with the +.Xr cap_fcntls_limit 2 +system call. +.It Dv CAP_FLOCK +Permit +.Xr flock 2 , +.Xr fcntl 2 +(with +.Dv F_GETLK , +.Dv F_SETLK +or +.Dv F_SETLKW +flag) and +.Xr openat 2 +(with +.Dv O_EXLOCK *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***