mirror of
https://github.com/opnsense/src.git
synced 2026-02-17 09:39:26 -05:00
990beb037d
The goal here is to make it so applications can take the rights one would
normally get by calling caph_limit_stream() on a descriptor and build on
them as needed.
The tentatively planned use-case is an application that takes a socket and
hooks it up to std{err,out,in} for a fork()d child. It may be feasible to
apply limitations to such descriptors as long as it's a superset of those
normally applied to stdio.
Reviewed by: markj, oshobo (prior version; sans manpage addition)
Differential Revision: https://reviews.freebsd.org/D22993
|
||
|---|---|---|
| .. | ||
| capsicum_helpers.3 | ||
| capsicum_helpers.h | ||
| Makefile | ||
| Makefile.depend | ||