diff options
| author | jonathan <jonathan@FreeBSD.org> | 2011-07-15 18:26:19 +0000 |
|---|---|---|
| committer | jonathan <jonathan@FreeBSD.org> | 2011-07-15 18:26:19 +0000 |
| commit | 4ec3aaddb5d1848253bf9cb9b4dfccc67a058d4d (patch) | |
| tree | 240261c2ac1f0d6c197b3869fcd42bcffeab635f /sys/sys/capability.h | |
| parent | 22fe1722a8552b76089b0bbb9265e6d9586a56a0 (diff) | |
| download | FreeBSD-src-4ec3aaddb5d1848253bf9cb9b4dfccc67a058d4d.zip FreeBSD-src-4ec3aaddb5d1848253bf9cb9b4dfccc67a058d4d.tar.gz | |
Add cap_new() and cap_getrights() system calls.
Implement two previously-reserved Capsicum system calls:
- cap_new() creates a capability to wrap an existing file descriptor
- cap_getrights() queries the rights mask of a capability.
Approved by: mentor (rwatson), re (Capsicum blanket)
Sponsored by: Google Inc
Diffstat (limited to 'sys/sys/capability.h')
| -rw-r--r-- | sys/sys/capability.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/sys/capability.h b/sys/sys/capability.h index 5f5c35e..dee2e7a 100644 --- a/sys/sys/capability.h +++ b/sys/sys/capability.h @@ -110,6 +110,18 @@ int cap_enter(void); */ int cap_getmode(u_int* modep); +/* + * cap_new(): Create a new capability derived from an existing file + * descriptor with the specified rights. If the existing file descriptor is + * a capability, then the new rights must be a subset of the existing rights. + */ +int cap_new(int fd, cap_rights_t rights); + +/* + * cap_getrights(): Query the rights on a capability. + */ +int cap_getrights(int fd, cap_rights_t *rightsp); + __END_DECLS #endif /* !_KERNEL */ |
