CAPSICUM_HELPERS(3)    FreeBSD Library Functions Manual    CAPSICUM_HELPERS(3)

NAME
     caph_limit_stream, caph_limit_stdin, caph_limit_stderr,
     caph_limit_stdout, caph_limit_stdio, caph_stream_rights,
     caph_cache_tzdata, caph_cache_catpages, caph_enter, caph_enter_casper,
     caph_rights_limit, caph_ioctls_limit, caph_fcntls_limit - set of the
     capsicum helpers, part of the libcapsicum

LIBRARY
     library "libcapsicum"

SYNOPSIS
     #include <capsicum_helpers.h>

     int
     caph_enter(void);

     int
     caph_enter_casper(void);

     int
     caph_rights_limit(int fd, const cap_rights_t *rights);

     int
     caph_ioctls_limit(int fd, const unsigned long *cmds, size_t ncmds);

     int
     caph_fcntls_limit(int fd, uint32_t fcntlrights);

     int
     caph_limit_stream(int fd, int flags);

     int
     caph_limit_stdin(void);

     int
     caph_limit_stderr(void);

     int
     caph_limit_stdout(void);

     int
     caph_limit_stdio(void);

     void
     caph_stream_rights(cap_rights_t *, int flags);

     void
     caph_cache_tzdata(void);

     void
     caph_cache_catpages(void);

DESCRIPTION
     The caph_enter, caph_rights_limit, caph_ioctls_limit and
     caph_fcntls_limit are respectively equivalent to cap_enter(2),
     cap_rights_limit(2), cap_ioctls_limit(2) and cap_fcntls_limit(2), it
     returns success when the kernel is built without support of the
     capability mode.

     The caph_enter_casper is equivalent to the caph_enter it returns success
     when the system is built without Casper support.

     The capsicum helpers are a set of a inline functions which simplify
     modifying programs to use Capsicum.  The goal is to reduce duplicated
     code patterns.  The capsicum helpers are part of libcapsicum but there is
     no need to link to the library.

     caph_limit_stream() restricts capabilities on fd to only those needed by
     POSIX stream objects (that is, FILEs).

     These flags can be provided:

           CAPH_IGNORE_EBADF  Do not return an error if file descriptor is
                              invalid.
           CAPH_READ          Set CAP_READ on limited descriptor.
           CAPH_WRITE         Set CAP_WRITE on limited descriptor.

     caph_limit_stdin(), caph_limit_stderr() and caph_limit_stdout() limit
     standard descriptors using the caph_limit_stream function.

     caph_limit_stdio() limits stdin, stderr and stdout.

     caph_stream_rights may be used to initialize rights with the same rights
     that a stream would be limited to, as if caph_limit_stream() had been
     invoked using the same flags.

     caph_cache_tzdata() precaches all timezone data needed to use libc local
     time functions.

     caph_cache_catpages() caches Native Language Support (NLS) data.  NLS
     data is used for localized error printing by strerror(3) and err(3),
     among others.

SEE ALSO
     cap_enter(2), cap_rights_limit(2), rights(4)

FreeBSD 13.1-RELEASE-p6         January 2, 2020        FreeBSD 13.1-RELEASE-p6