From owner-p4-projects@FreeBSD.ORG Thu Jun 11 07:12:02 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id B72371065674; Thu, 11 Jun 2009 07:12:01 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77C611065672 for ; Thu, 11 Jun 2009 07:12:01 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 6457E8FC08 for ; Thu, 11 Jun 2009 07:12:01 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5B7C1gS061249 for ; Thu, 11 Jun 2009 07:12:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5B7C1Ux061243 for perforce@freebsd.org; Thu, 11 Jun 2009 07:12:01 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 11 Jun 2009 07:12:01 GMT Message-Id: <200906110712.n5B7C1Ux061243@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164072 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2009 07:12:02 -0000 http://perforce.freebsd.org/chv.cgi?CH=164072 Change 164072 by rwatson@rwatson_freebsd_capabilities on 2009/06/11 07:11:08 Document lch_start_flags(). Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#11 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libcapability/libcapability.3#11 (text+ko) ==== @@ -48,6 +48,8 @@ .Fn lc_limitfd "int fd" "cap_rights_t rights" .Ft int .Fn lch_start "const char *sandbox" "char *const argv[]" "struct lc_sandbox **lcsp" +.Ft int +.Fn lch_start_flags "const char *sandbox" "char *const argv[]" "u_int flags" "struct lc_sandbox **lcsp" .Ft void .Fn lch_stop "struct lc_sandbox *lcsp" .Ft int @@ -85,13 +87,31 @@ .Dt "struct lc_sandbox" , which is returned by .Fn lch_start +and +.Fn lch_start_flags for successfully started sandboxes, and passed into other APIs to indicate which sandbox should be acted on. -.Fn lch_start -creates a new executing sandbox, given the name of the sandbox binary via -.Va sandbox . -Executing sandboxes may be stopped (and state freed) using +Both calls create new executing sandboxes, given the name of the sandbox +binary via +.Va sandbox , +and command line arguments +.Va argv . +.Pp +.Fn lch_start_flags +accepts an optional flags field to fine-tune aspects of sandbox operation; +the only currently defined flag is +.Dv LCH_PERMIT_STDERR , +which allows the sandbox to write to the current process's +.Dv stderr . +By default, this is not permitted. +.Pp +Executing sandboxes may be stopped (and all state freed) using .Fn lch_stop . +Following a call to +.Fn lch_stop , +the +.Va lchp +argument will no longer be valid. .Pp Properties of the sandbox, such as the socket used to communicate with it, the proces descriptor for the sandbox process, and the pid, may be queried