forked from freebsd/freebsd-src
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update libcasper references to all new man pages.
Remove obsolete example. All services has they own example. This example also show old type of limiting method which is not recommended to use. Reviewed by: bcr@ Differential Revision: https://reviews.freebsd.org/D14607
- Loading branch information
Showing
1 changed file
with
9 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,5 @@ | ||
| .\" Copyright (c) 2013 The FreeBSD Foundation | ||
| .\" Copyright (c) 2018 Mariusz Zaborski <[email protected]> | ||
| .\" All rights reserved. | ||
| .\" | ||
| .\" This documentation was written by Pawel Jakub Dawidek under sponsorship | ||
|
|
@@ -27,7 +28,7 @@ | |
| .\" | ||
| .\" $FreeBSD$ | ||
| .\" | ||
| .Dd February 26, 2018 | ||
| .Dd March 6, 2018 | ||
| .Dt LIBCASPER 3 | ||
| .Os | ||
| .Sh NAME | ||
|
|
@@ -252,63 +253,18 @@ The | |
| and | ||
| .Fn cap_unwrap | ||
| functions always succeed. | ||
| .Sh EXAMPLES | ||
| The following example first opens capability to the casper then using this | ||
| capability creates new capability to the | ||
| .Nm system.dns | ||
| casper service and uses the latter capability to resolve IP address. | ||
| .Bd -literal | ||
| cap_channel_t *capcas, *capdns; | ||
| nvlist_t *limits; | ||
| const char *ipstr = "127.0.0.1"; | ||
| struct in_addr ip; | ||
| struct hostent *hp; | ||
|
|
||
| /* Open capability to the Casper. */ | ||
| capcas = cap_init(); | ||
| if (capcas == NULL) | ||
| err(1, "Unable to contact Casper"); | ||
|
|
||
| /* Enter capability mode sandbox. */ | ||
| if (cap_enter() < 0 && errno != ENOSYS) | ||
| err(1, "Unable to enter capability mode"); | ||
|
|
||
| /* Use Casper capability to create capability to the system.dns service. */ | ||
| capdns = cap_service_open(capcas, "system.dns"); | ||
| if (capdns == NULL) | ||
| err(1, "Unable to open system.dns service"); | ||
|
|
||
| /* Close Casper capability, we don't need it anymore. */ | ||
| cap_close(capcas); | ||
|
|
||
| /* Limit system.dns to reverse DNS lookups and IPv4 addresses. */ | ||
| limits = nvlist_create(0); | ||
| nvlist_add_string(limits, "type", "ADDR"); | ||
| nvlist_add_number(limits, "family", (uint64_t)AF_INET); | ||
| if (cap_limit_set(capdns, limits) < 0) | ||
| err(1, "Unable to limit access to the system.dns service"); | ||
|
|
||
| /* Convert IP address in C-string to in_addr. */ | ||
| if (!inet_aton(ipstr, &ip)) | ||
| errx(1, "Unable to parse IP address %s.", ipstr); | ||
|
|
||
| /* Find hostname for the given IP address. */ | ||
| hp = cap_gethostbyaddr(capdns, (const void *)&ip, sizeof(ip), AF_INET); | ||
| if (hp == NULL) | ||
| errx(1, "No name associated with %s.", ipstr); | ||
|
|
||
| printf("Name associated with %s is %s.\\n", ipstr, hp->h_name); | ||
| .Ed | ||
| .Sh SEE ALSO | ||
| .Xr cap_enter 2 , | ||
| .Xr errno 2 , | ||
| .Xr execve 2 , | ||
| .Xr kevent 2 , | ||
| .Xr poll 2 , | ||
| .Xr select 2 , | ||
| .Xr cap_gethostbyaddr 3 , | ||
| .Xr err 3 , | ||
| .Xr gethostbyaddr 3 , | ||
| .Xr inet_aton 3 , | ||
| .Xr cap_dns 3 , | ||
| .Xr cap_grp 3 , | ||
| .Xr cap_pwd 3 , | ||
| .Xr cap_ranodm 3 , | ||
| .Xr cap_sysctl 3 , | ||
| .Xr cap_syslog 3 , | ||
| .Xr capsicum 4 , | ||
| .Xr unix 4 , | ||
| .Xr nv 9 | ||
|
|
||