diff options
author | chris <chris@FreeBSD.org> | 2001-12-23 00:19:48 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2001-12-23 00:19:48 +0000 |
commit | 8e7a4ca8a0253ebd426d4c12adfcf4b30e76a8d3 (patch) | |
tree | 87d56be7b0230bd44fee7fafd3cd474c88dfcecb /lib/libc/posix1e | |
parent | 45093b4f56780dd2852dac2d7dfeb54e78706467 (diff) | |
download | FreeBSD-src-8e7a4ca8a0253ebd426d4c12adfcf4b30e76a8d3.zip FreeBSD-src-8e7a4ca8a0253ebd426d4c12adfcf4b30e76a8d3.tar.gz |
o Change the layout of the tagged lists to be like those in acl(3).
o Document the following capabilities: CAP_NET_ADMIN, CAP_SYS_RAWIO,
CAP_SYS_ADMIN, and CAP_SYS_TTY_CONFIG.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'lib/libc/posix1e')
-rw-r--r-- | lib/libc/posix1e/cap.3 | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/libc/posix1e/cap.3 b/lib/libc/posix1e/cap.3 index 088d3f7..4bd0fd9 100644 --- a/lib/libc/posix1e/cap.3 +++ b/lib/libc/posix1e/cap.3 @@ -47,7 +47,7 @@ state for use, if permitted. .Pp A variety of functions are provided for manipulating and managing process capability state and working store state: -.Bl -tag -width cap_from_textXX +.Bl -tag -width indent .It Fn cap_init This function is described in .Xr cap_init 3 , @@ -100,7 +100,7 @@ a particular aspect of the system policy. Each capability in a capability set has three flags, indicating the status of the capability with respect to the file or process it is associated with. -.Bl -tag -width CAP_INHERITABLEXX +.Bl -tag -width indent .It Dv CAP_EFFECTIVE If true, the capability will be used as necessary during accesses by the process. @@ -137,7 +137,7 @@ X represents a global bounding set, currently un-implemented. The following capabilities are defined and implemented in .Fx 5.0 : .Pp -.Bl -tag -width CAP_MAC_RELABEL_SUBJ +.Bl -tag -width indent .It Dv CAP_CHOWN This capability overrides the restriction that a process cannot change the user ID of a file it owns, and the restriction that the group ID supplied in @@ -240,6 +240,8 @@ For example, this capability, when effective, can be used by a process to bind a port number below 1024 in the IPv4 or IPv6 port spaces. .It Dv CAP_NET_BROADCAST .It Dv CAP_NET_ADMIN +This capability overrides the restriction that a process cannot +modify network interface data. .It Dv CAP_NET_RAW This capability overrides the restriction that a process cannot create a raw socket. @@ -249,6 +251,9 @@ raw socket. This capability overrides the restriction that a process cannot load or unload kernel modules. .It Dv CAP_SYS_RAWIO +This capability overrides the restriction that a process cannot +read or write directly to +.Pa /dev/mem . .It Dv CAP_SYS_CHROOT This capability overrides the restriction that a process cannot invoke the .Xr chroot 2 @@ -265,6 +270,8 @@ real and effective user IDs. This capability overrides the restriction that a process cannot enable, configure, or disable system process accounting. .It Dv CAP_SYS_ADMIN +This capability overrides the restriction that a process cannot +perform system administrative tasks. .It Dv CAP_SYS_BOOT This capability overrides the restriction that a process cannot invoke the @@ -282,6 +289,8 @@ soft and hard resource limits. This capability overrides the restriction that a process may not modify the system date and time. .It Dv CAP_SYS_TTY_CONFIG +This capability overrides the restriction that a process may not +modify TTY configuration settings. .It Dv CAP_MKNOD This capability overrides the restriction that a process may not create device nodes. |