Provide cap_sandboxed(3) function, which is a wrapper around cap_getmode(2)

system call, which has a nice property - it never fails, so it is a bit easier to use. If there is no support for capability mode in the kernel the function will return false (not in a sandbox). If the kernel is compiled with the support for capability mode, the function will return true or false depending if the calling process is in the capability mode sandbox or not respectively. Sponsored by: The FreeBSD Foundation
author: pjd <pjd@FreeBSD.org> 2013-03-02 00:11:27 +0000
committer: pjd <pjd@FreeBSD.org> 2013-03-02 00:11:27 +0000
commit: 24853370053f911de81d645be20801b842a3dda9 (patch)
tree: 9d80e9daf2d81c1841914be005090b2875ad59a1 /lib/libc/sys/cap_enter.2
parent: 3e4a1731aa17cbd6fdf9c9def3c5eb9b47353aa1 (diff)
download: FreeBSD-src-24853370053f911de81d645be20801b842a3dda9.zip
FreeBSD-src-24853370053f911de81d645be20801b842a3dda9.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/libc/sys/cap_enter.2 b/lib/libc/sys/cap_enter.2
index 5454ec9..c3cefe8 100644
--- a/lib/libc/sys/cap_enter.2
+++ b/lib/libc/sys/cap_enter.2
@@ -90,6 +90,7 @@ acquired rights as possible.
 .Sh SEE ALSO
 .Xr cap_new 2 ,
 .Xr fexecve 2 ,
+.Xr cap_sandboxed 3 ,
 .Xr capsicum 4
 .Sh HISTORY
 Support for capabilities and capabilities mode was developed as part of the
author	pjd <pjd@FreeBSD.org>	2013-03-02 00:11:27 +0000
committer	pjd <pjd@FreeBSD.org>	2013-03-02 00:11:27 +0000
commit	24853370053f911de81d645be20801b842a3dda9 (patch)
tree	9d80e9daf2d81c1841914be005090b2875ad59a1 /lib/libc/sys/cap_enter.2
parent	3e4a1731aa17cbd6fdf9c9def3c5eb9b47353aa1 (diff)
download	FreeBSD-src-24853370053f911de81d645be20801b842a3dda9.zip FreeBSD-src-24853370053f911de81d645be20801b842a3dda9.tar.gz