1#ifndef __CAPSICUM_FREEBSD_H__
2#define __CAPSICUM_FREEBSD_H__
3#ifdef __FreeBSD__
4/************************************************************
5 * FreeBSD Capsicum Functionality.
6 ************************************************************/
7
8#ifdef __cplusplus
9extern "C" {
10#endif
11
12/* FreeBSD definitions. */
13#include <errno.h>
14#include <sys/param.h>
15#if __FreeBSD_version >= 1100014 || \
16    (__FreeBSD_version >= 1001511 && __FreeBSD_version < 1100000)
17#include <sys/capsicum.h>
18#else
19#include <sys/capability.h>
20#endif
21#include <sys/procdesc.h>
22
23#if __FreeBSD_version >= 1000000
24#define AT_SYSCALLS_IN_CAPMODE
25#define HAVE_CAP_RIGHTS_GET
26#define HAVE_CAP_RIGHTS_LIMIT
27#define HAVE_PROCDESC_FSTAT
28#define HAVE_CAP_FCNTLS_LIMIT
29// fcntl(2) takes int, cap_fcntls_limit(2) takes uint32_t.
30typedef uint32_t cap_fcntl_t;
31#define HAVE_CAP_IOCTLS_LIMIT
32// ioctl(2) and cap_ioctls_limit(2) take unsigned long.
33typedef unsigned long cap_ioctl_t;
34
35#if __FreeBSD_version >= 1101000
36#define HAVE_OPENAT_INTERMEDIATE_DOTDOT
37#endif
38
39#endif
40
41#ifdef __cplusplus
42}
43#endif
44
45// Use fexecve_() in tests to allow Linux variant to bypass glibc version.
46#define fexecve_(F, A, E) fexecve(F, A, E)
47
48#ifdef ENOTBENEATH
49#define E_NO_TRAVERSE_CAPABILITY ENOTBENEATH
50#define E_NO_TRAVERSE_O_BENEATH ENOTBENEATH
51#else
52#define E_NO_TRAVERSE_CAPABILITY ENOTCAPABLE
53#define E_NO_TRAVERSE_O_BENEATH ENOTCAPABLE
54#endif
55
56// FreeBSD limits the number of ioctls in cap_ioctls_limit to 256
57#define CAP_IOCTLS_LIMIT_MAX 256
58
59// Too many links
60#define E_TOO_MANY_LINKS EMLINK
61
62// TODO(FreeBSD): uncomment if/when FreeBSD propagates rights on accept.
63// FreeBSD does not generate a capability from accept(cap_fd,...).
64// https://bugs.freebsd.org/201052
65// #define CAP_FROM_ACCEPT
66// TODO(FreeBSD): uncomment if/when FreeBSD propagates rights on sctp_peeloff.
67// FreeBSD does not generate a capability from sctp_peeloff(cap_fd,...).
68// https://bugs.freebsd.org/201052
69// #define CAP_FROM_PEELOFF
70
71#endif  /* __FreeBSD__ */
72
73#endif /*__CAPSICUM_FREEBSD_H__*/
74