system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-22 10:36:24 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Base: Note in pledge(2) man page which promises are extensions

Browse source 
Also add a little "History" section noting that pledge() is an original
OpenBSD invention and that our implementation differs in many ways.
This commit is contained in:
Andreas Kling 2020-01-23 10:37:58 +01:00
parent 15aac1f9e9
commit 95504b5850
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Base/usr/share/man/man2/pledge.md
View file

@ -27,26 +27,32 @@ If `promises` or `execpromises` is null, the corresponding value is unchanged.
## Promises
* `stdio`: Basic I/O, memory allocation, information about self, various non-destructive syscalls
* `thread`: The POSIX threading API
* `thread`: The POSIX threading API (\*)
* `id`: Ability to change UID/GID
* `tty`: TTY related functionality
* `proc`: Process and scheduling related functionality
* `exec`: The [`exec(2)`](exec.md) syscall
* `unix`: UNIX local domain sockets
* `inet`: IPv4 domain sockets
* `accept`: May use [`accept(2)`](accept.md) to accept incoming socket connections on already listening sockets. It also allows [`getsockopt(2)`](getsockopt.md) with `SOL_SOCKET` and `SO_PEERCRED` on local sockets
* `accept`: May use [`accept(2)`](accept.md) to accept incoming socket connections on already listening sockets. It also allows [`getsockopt(2)`](getsockopt.md) with `SOL_SOCKET` and `SO_PEERCRED` on local sockets (\*)
* `rpath`: "Read" filesystem access
* `wpath`: "Write" filesystem access
* `cpath`: "Create" filesystem access
* `dpath`: Creating new device files
* `chown`: Changing file owner/group
* `fattr`: Changing file attributes/permissions
* `shared_buffer`: Shared memory buffers
* `chroot`: The [`chroot(2)`](chroot.md) syscall
* `shared_buffer`: Shared memory buffers (\*)
* `chroot`: The [`chroot(2)`](chroot.md) syscall (\*)
* `video`: May use [`ioctl(2)`](ioctl.md) and [`mmap(2)`](mmap.md) on framebuffer video devices
Promises marked with an asterisk (\*) are SerenityOS specific extensions not supported by the original OpenBSD `pledge()`.
## Errors
* `EFAULT`: `promises` and/or `execpromises` are not null and not in readable memory.
* `EINVAL`: One or more invalid promises were specified.
* `EPERM`: An attempt to increase capabilities was rejected.
## History
The `pledge()` system call was first introduced by OpenBSD. The implementation in SerenityOS differs in many ways and is by no means final.