D14607.id40032.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D14607.id40032.diff
View Options

	Index: lib/libcasper/libcasper/libcasper.3
	===================================================================
	--- lib/libcasper/libcasper/libcasper.3
	+++ lib/libcasper/libcasper/libcasper.3
	@@ -1,4 +1,5 @@
	.\" Copyright (c) 2013 The FreeBSD Foundation
	+.\" Copyright (c) 2018 Mariusz Zaborski <oshogbo@FreeBSD.org>
	.\" All rights reserved.
	.\"
	.\" This documentation was written by Pawel Jakub Dawidek under sponsorship
	@@ -27,7 +28,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd February 24, 2018
	+.Dd March 6, 2018
	.Dt LIBCASPER 3
	.Os
	.Sh NAME
	@@ -252,66 +253,21 @@
	and
	.Fn cap_unwrap
	functions always succeed.
	-.Sh EXAMPLES
	-The following example first opens capability to the casper then using this
	-capability creates new capability to the
	-.Nm system.dns
	-casper service and uses the latter capability to resolve IP address.
	-.Bd -literal
	-cap_channel_t capcas, capdns;
	-nvlist_t *limits;
	-const char *ipstr = "127.0.0.1";
	-struct in_addr ip;
	-struct hostent *hp;
	-
	-/* Open capability to the Casper. */
	-capcas = cap_init();
	-if (capcas == NULL)
	- err(1, "Unable to contact Casper");
	-
	-/* Enter capability mode sandbox. */
	-if (cap_enter() < 0 && errno != ENOSYS)
	- err(1, "Unable to enter capability mode");
	-
	-/* Use Casper capability to create capability to the system.dns service. */
	-capdns = cap_service_open(capcas, "system.dns");
	-if (capdns == NULL)
	- err(1, "Unable to open system.dns service");
	-
	-/* Close Casper capability, we don't need it anymore. */
	-cap_close(capcas);
	-
	-/* Limit system.dns to reverse DNS lookups and IPv4 addresses. */
	-limits = nvlist_create(0);
	-nvlist_add_string(limits, "type", "ADDR");
	-nvlist_add_number(limits, "family", (uint64_t)AF_INET);
	-if (cap_limit_set(capdns, limits) < 0)
	- err(1, "Unable to limit access to the system.dns service");
	-
	-/* Convert IP address in C-string to in_addr. */
	-if (!inet_aton(ipstr, &ip))
	- errx(1, "Unable to parse IP address %s.", ipstr);
	-
	-/* Find hostname for the given IP address. */
	-hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET);
	-if (hp == NULL)
	- errx(1, "No name associated with %s.", ipstr);
	-
	-printf("Name associated with %s is %s.\\n", ipstr, hp->h_name);
	-.Ed
	.Sh SEE ALSO
	-.Xr cap_enter 2 ,
	+.Xr errno 2 ,
	.Xr execve 2 ,
	.Xr kevent 2 ,
	.Xr poll 2 ,
	.Xr select 2 ,
	-.Xr cap_gethostbyaddr 3 ,
	-.Xr err 3 ,
	-.Xr gethostbyaddr 3 ,
	-.Xr inet_aton 3 ,
	-.Xr nv 3 ,
	+.Xr cap_dns 3,
	+.Xr cap_grp 3,
	+.Xr cap_pwd 3,
	+.Xr cap_ranodm 3,
	+.Xr cap_sysctl 3,
	+.Xr cap_syslog 3,
	.Xr capsicum 4 ,
	-.Xr unix 4
	+.Xr unix 4 ,
	+.Xr nv 9
	.Sh AUTHORS
	The
	.Nm libcasper

File Metadata

Mime Type: text/plain
Expires: Mon, Feb 9, 9:12 AM (5 h, 44 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28561732
Default Alt Text: D14607.id40032.diff (2 KB)

D14607.id40032.diffNo OneTemporaryActions

D14607.id40032.diffView Options

File Metadata

Event Timeline

D14607.id40032.diff
No OneTemporary
Actions

D14607.id40032.diff
View Options