From owner-svn-src-all@freebsd.org Sun Mar 18 15:24:46 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77438F5C699; Sun, 18 Mar 2018 15:24:46 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 18A17766B4; Sun, 18 Mar 2018 15:24:46 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EE18822365; Sun, 18 Mar 2018 15:24:45 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2IFOjBk030379; Sun, 18 Mar 2018 15:24:45 GMT (envelope-from oshogbo@FreeBSD.org) Received: (from oshogbo@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2IFOj9O030378; Sun, 18 Mar 2018 15:24:45 GMT (envelope-from oshogbo@FreeBSD.org) Message-Id: <201803181524.w2IFOj9O030378@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: oshogbo set sender to oshogbo@FreeBSD.org using -f From: Mariusz Zaborski Date: Sun, 18 Mar 2018 15:24:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r331121 - head/lib/libcasper/libcasper X-SVN-Group: head X-SVN-Commit-Author: oshogbo X-SVN-Commit-Paths: head/lib/libcasper/libcasper X-SVN-Commit-Revision: 331121 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Mar 2018 15:24:46 -0000 Author: oshogbo Date: Sun Mar 18 15:24:45 2018 New Revision: 331121 URL: https://svnweb.freebsd.org/changeset/base/331121 Log: Update libcasper references to all new man pages. Remove obsolete example. All services has they own example. This example also show old type of limiting method which is not recommended to use. Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14607 Modified: head/lib/libcasper/libcasper/libcasper.3 Modified: head/lib/libcasper/libcasper/libcasper.3 ============================================================================== --- head/lib/libcasper/libcasper/libcasper.3 Sun Mar 18 15:16:47 2018 (r331120) +++ head/lib/libcasper/libcasper/libcasper.3 Sun Mar 18 15:24:45 2018 (r331121) @@ -1,4 +1,5 @@ .\" Copyright (c) 2013 The FreeBSD Foundation +.\" Copyright (c) 2018 Mariusz Zaborski .\" All rights reserved. .\" .\" This documentation was written by Pawel Jakub Dawidek under sponsorship @@ -27,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 26, 2018 +.Dd March 6, 2018 .Dt LIBCASPER 3 .Os .Sh NAME @@ -252,63 +253,18 @@ The and .Fn cap_unwrap functions always succeed. -.Sh EXAMPLES -The following example first opens capability to the casper then using this -capability creates new capability to the -.Nm system.dns -casper service and uses the latter capability to resolve IP address. -.Bd -literal -cap_channel_t *capcas, *capdns; -nvlist_t *limits; -const char *ipstr = "127.0.0.1"; -struct in_addr ip; -struct hostent *hp; - -/* Open capability to the Casper. */ -capcas = cap_init(); -if (capcas == NULL) - err(1, "Unable to contact Casper"); - -/* Enter capability mode sandbox. */ -if (cap_enter() < 0 && errno != ENOSYS) - err(1, "Unable to enter capability mode"); - -/* Use Casper capability to create capability to the system.dns service. */ -capdns = cap_service_open(capcas, "system.dns"); -if (capdns == NULL) - err(1, "Unable to open system.dns service"); - -/* Close Casper capability, we don't need it anymore. */ -cap_close(capcas); - -/* Limit system.dns to reverse DNS lookups and IPv4 addresses. */ -limits = nvlist_create(0); -nvlist_add_string(limits, "type", "ADDR"); -nvlist_add_number(limits, "family", (uint64_t)AF_INET); -if (cap_limit_set(capdns, limits) < 0) - err(1, "Unable to limit access to the system.dns service"); - -/* Convert IP address in C-string to in_addr. */ -if (!inet_aton(ipstr, &ip)) - errx(1, "Unable to parse IP address %s.", ipstr); - -/* Find hostname for the given IP address. */ -hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET); -if (hp == NULL) - errx(1, "No name associated with %s.", ipstr); - -printf("Name associated with %s is %s.\\n", ipstr, hp->h_name); -.Ed .Sh SEE ALSO -.Xr cap_enter 2 , +.Xr errno 2 , .Xr execve 2 , .Xr kevent 2 , .Xr poll 2 , .Xr select 2 , -.Xr cap_gethostbyaddr 3 , -.Xr err 3 , -.Xr gethostbyaddr 3 , -.Xr inet_aton 3 , +.Xr cap_dns 3 , +.Xr cap_grp 3 , +.Xr cap_pwd 3 , +.Xr cap_ranodm 3 , +.Xr cap_sysctl 3 , +.Xr cap_syslog 3 , .Xr capsicum 4 , .Xr unix 4 , .Xr nv 9