From owner-p4-projects@FreeBSD.ORG Thu Jun 11 18:44:16 2009 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8BBA91065675; Thu, 11 Jun 2009 18:44:16 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4937A106566C for ; Thu, 11 Jun 2009 18:44:16 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 35D2E8FC16 for ; Thu, 11 Jun 2009 18:44:16 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n5BIiGpL015433 for ; Thu, 11 Jun 2009 18:44:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n5BIiGmv015431 for perforce@freebsd.org; Thu, 11 Jun 2009 18:44:16 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 11 Jun 2009 18:44:16 GMT Message-Id: <200906111844.n5BIiGmv015431@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 164137 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jun 2009 18:44:17 -0000 http://perforce.freebsd.org/chv.cgi?CH=164137 Change 164137 by rwatson@rwatson_freebsd_capabilities on 2009/06/11 18:43:51 Cross-reference with libcapability.3. Affected files ... .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#4 edit .. //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#9 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_enter.2#4 (text+ko) ==== @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2008 Robert N. M. Watson +.\" Copyright (c) 2008-2009 Robert N. M. Watson .\" All rights reserved. .\" .\" WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -32,7 +32,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 3, 2008 +.Dd June 11, 2009 .Dt CAP_ENTER 2 .Os .Sh NAME @@ -58,6 +58,8 @@ no-op. Future process descendents create with .Xr fork 2 +or +.Xr pdfork 2 will be placed in capability mode from inception. .Pp When combined with capabilities created with @@ -65,6 +67,9 @@ .Fn cap_enter may be used to create kernel-enforced sandboxes in which appropriately-crafted applications or application components may be run. +Most sandboxes will be created and managed using the +.Xr libcapability +library, rather than using system calls directly. .Pp .Fn cap_getmode returns a flag indicating whether or not the process is in a capability mode @@ -91,7 +96,8 @@ .Rv -std cap_enter cap_getmode .Sh SEE ALSO .Xr cap_new 2 , -.Xr fexecve 2 +.Xr fexecve 2 , +.Xr libcapability 3 .Sh HISTORY Support for capabilities and capabilities mode was developed as part of the .Tn TrustedBSD ==== //depot/projects/trustedbsd/capabilities/src/lib/libc/sys/cap_new.2#9 (text+ko) ==== @@ -32,7 +32,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 7, 2009 +.Dd June 11, 2009 .Dt CAP_NEW 2 .Os .Sh NAME @@ -85,6 +85,11 @@ .Xr dup2 2 , many properties are shared between the new capability and the existing file descriptor, including open file flags, blocking disposition, and file offset. +Many applications will prefer to use the +.Xr cap_limitfd 3 +library call, part of +.Xr libcapability 3 , +as it offers a more convenient interface. .Pp .Fn cap_getrights queries the rights associated with the capability referred to by file @@ -449,6 +454,8 @@ .Xr socketpair 2 , .Xr unlinkat 2 , .Xr write 2 , +.Xr cap_limitfd 3 , +.Xr libcapability 3 , .Xr sem_getvalue 3 , .Xr sem_post 3 , .Xr sem_trywait 3 ,