capsicum: briefly describe capabilities in man page

Provide a very brief introduction to capabilities, using a couple of sentences from David Chisnall's mailing list response[1] to a question about Linux capabilities and Capsicum. Mailing list subject (in case the archive URL changes) was Re: Linux capabilities to Capsicum [1] https://lists.freebsd.org/archives/freebsd-hackers/2022-April/001032.html Reviewed by: oshogbo MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D34945
2022-04-19 15:44:46 -04:00 · 2022-04-19 15:44:46 -04:00 · 1f568792c6
commit 1f568792c6
parent 89c6aba7cf
1 changed files with 6 additions and 1 deletions
--- a/share/man/man4/capsicum.4
+++ b/share/man/man4/capsicum.4
@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd May 18, 2017
+.Dd April 19, 2022
 .Dt CAPSICUM 4
 .Os
 .Sh NAME
@ -39,6 +39,11 @@
 .Nm
 is a lightweight OS capability and sandbox framework implementing a hybrid
 capability system model.
+Capabilities are unforgeable tokens of authority that can be delegated and must
+be presented to perform an action.
+.Nm
+makes file descriptors into capabilities.
+.Pp
 .Nm
 can be used for application and library compartmentalisation, the
 decomposition of larger bodies of software into isolated (sandboxed)