Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 26 Apr 2022 00:54:52 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 364a69a529b2 - stable/13 - capsicum: briefly describe capabilities in man page
Message-ID:  <202204260054.23Q0sq0X082325@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=364a69a529b215d72357e2957bf45f2c3652ae4f

commit 364a69a529b215d72357e2957bf45f2c3652ae4f
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-04-19 19:44:46 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-26 00:54:38 +0000

    capsicum: briefly describe capabilities in man page
    
    Provide a very brief introduction to capabilities, using a couple of
    sentences from David Chisnall's mailing list response[1] to a question
    about Linux capabilities and Capsicum.
    
    Mailing list subject (in case the archive URL changes) was
    Re: Linux capabilities to Capsicum
    
    [1] https://lists.freebsd.org/archives/freebsd-hackers/2022-April/001032.html
    
    Reviewed by:    oshogbo
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D34945
    
    (cherry picked from commit 1f568792c6156988d357ea31a36d77ed11cc9a2d)
---
 share/man/man4/capsicum.4 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/share/man/man4/capsicum.4 b/share/man/man4/capsicum.4
index 0dbd3067e0ea..d9ff9c489fd0 100644
--- a/share/man/man4/capsicum.4
+++ b/share/man/man4/capsicum.4
@@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 18, 2017
+.Dd April 19, 2022
 .Dt CAPSICUM 4
 .Os
 .Sh NAME
@@ -39,6 +39,11 @@
 .Nm
 is a lightweight OS capability and sandbox framework implementing a hybrid
 capability system model.
+Capabilities are unforgeable tokens of authority that can be delegated and must
+be presented to perform an action.
+.Nm
+makes file descriptors into capabilities.
+.Pp
 .Nm
 can be used for application and library compartmentalisation, the
 decomposition of larger bodies of software into isolated (sandboxed)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204260054.23Q0sq0X082325>