Manual Page Search Parameters
CAP_SYSLOG(3) Library Functions Manual CAP_SYSLOG(3)

cap_syslog, cap_vsyslog, cap_openlog, cap_closelog, cap_setlogmasklibrary for syslog in capability mode

library “libcap_syslog”

#include <libcasper.h>
#include <casper/cap_syslog.h>

void
cap_syslog(cap_channel_t *chan, int pri, const char *fmt, ...);

void
cap_vsyslog(cap_channel_t *chan, int priority, const char *fmt, va_list ap);

void
cap_openlog(cap_channel_t *chan, const char *ident, int logopt, int facility);

void
cap_closelog(cap_channel_t *chan);

int
cap_setlogmask(cap_channel_t *chan, int maskpri);

The functions () () () () () are respectively equivalent to syslog(3), vsyslog(3), openlog(3), closelog(3), setlogmask(3) except that the connection to the system.syslog service needs to be provided.

All of these functions are reentrant but not thread-safe. That is, they may be called from separate threads only with different cap_channel_t arguments or with synchronization.

The following example first opens a capability to casper and then uses this capability to create the system.syslog casper service to log messages.

cap_channel_t *capcas, *capsyslog;

/* Open capability to Casper. */
capcas = cap_init();
if (capcas == NULL)
	err(1, "Unable to contact Casper");

/* Enter capability mode sandbox. */
if (cap_enter() < 0 && errno != ENOSYS)
	err(1, "Unable to enter capability mode");

/* Use Casper capability to create capability to the system.syslog service. */
capsyslog = cap_service_open(capcas, "system.syslog");
if (capsyslog == NULL)
	err(1, "Unable to open system.syslog service");

/* Close Casper capability, we don't need it anymore. */
cap_close(capcas);

/* Let's log something. */
cap_syslog(capsyslog, LOG_NOTICE, "System logs from capability mode.");

cap_enter(2), closelog(3), err(3), openlog(3), setlogmask(3), syslog(3), vsyslog(3), capsicum(4), nv(9)

The cap_syslog service first appeared in FreeBSD 10.3.

Mariusz Zaborski <oshogbo@FreeBSD.org>

December 6, 2023 dev