||FreeBSD System Calls Manual
limit capability rights
Standard C Library (libc, -lc)
When a file descriptor is created by a function such as
it is assigned all capability rights. Those rights can be reduced (but never
expanded) by using the
fd, const cap_rights_t
cap_rights_limit() system call.
Once capability rights are reduced, operations on the file descriptor will be
limited to those permitted by rights.
The rights argument should be prepared using
family of functions.
Capability rights assigned to a file descriptor can be obtained
The complete list of the capability rights can be found in the
Upon successful completion, the value 0 is returned; otherwise the
value -1 is returned and the global variable
errno is set to indicate the error.
The following example demonstrates how to limit file descriptor capability
rights to allow reading only.
fd = open("/tmp/foo", O_RDWR);
if (fd < 0)
err(1, "open() failed");
if (cap_enter() < 0)
err(1, "cap_enter() failed");
if (cap_rights_limit(fd, &setrights) < 0)
err(1, "cap_rights_limit() failed");
buf = 'X';
if (write(fd, buf, sizeof(buf)) > 0)
errx(1, "write() succeeded!");
if (read(fd, buf, sizeof(buf)) < 0)
err(1, "read() failed");
cap_rights_limit() succeeds unless:
- The fd argument is not a valid active
- An invalid right has been requested in rights.
- The rights argument contains capability rights not
present for the given file descriptor. Capability rights list can only be
reduced, never expanded.
cap_rights_limit() function first appeared in
FreeBSD 8.3. Support for capabilities and capabilities
mode was developed as part of the TrustedBSD Project.
This function was created by Pawel Jakub Dawidek
under sponsorship of the FreeBSD Foundation.
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.