freebsd-nq/sbin/casperd/casperd.8

.\" Copyright (c) 2013 The FreeBSD Foundation
.\" All rights reserved.
.\"
.\" This documentation was written by Pawel Jakub Dawidek under sponsorship
.\" from the FreeBSD Foundation.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd October 26, 2013
.Dt CASPERD 8
.Os
.Sh NAME
.Nm casperd
.Nd "Capability Services friendly daemon"
.Sh SYNOPSIS
.Nm
.Op Fl Fhv
.Op Fl l Ar listenqueue
.Op Fl D Ar servconfdir
.Op Fl P Ar pidfile
.Op Fl S Ar sockpath
.Sh DESCRIPTION
The
.Nm
daemon hosts various services that can be accessed through
libcapsicum's capabilities by programs running in sandboxes.
For example it is prohibited to send UDP packets to arbitrary destinations
when operating in capability mode, which makes DNS resolution impossible.
To make it possible the
.Nm
daemon provides the
.Nm system.dns
service that proxies DNS resolution requests through a dedicated,
non-sandboxed process provided by
.Nm .
.Pp
The
.Nm
daemon can be started with the following command line arguments:
.Bl -tag -width ".Fl D Ar servconfdir"
.It Fl D Ar servconfdir
Specify alternative location of the service configuration directory.
The default location is
.Pa /etc/casper/ .
.It Fl F
Start the
.Nm
daemon in the foreground.
By default
.Nm
starts in the background.
.It Fl h
Print the
.Nm
usage message.
.It Fl l Ar listenqueue
Specify depth of socket listen queue for the
.Nm
daemon.
The default queue length is
.Pa SOMAXCONN .
.It Fl P Ar pidfile
Specify alternative location of a file where main process PID will be
stored.
The default location is
.Pa /var/run/casperd.pid .
.It Fl S Ar sockpath
Specify alternative location of the
.Xr unix 4
domain socket used to connect to the
.Nm
daemon.
The default location is
.Pa /var/run/casper .
.It Fl v
Print or log verbose/debugging information.
This option can be specified multiple times to raise the verbosity
level.
.El
.Sh FILES
.Bl -tag -width ".Pa /var/run/casperd.pid" -compact
.It Pa /etc/casper/
The configuration directory for
.Nm
services.
.It Pa /var/run/casper
.Xr unix 4
domain socket used to connect to the
.Nm
daemon.
.It Pa /var/run/casperd.pid
The default location of the
.Nm
PID file.
.El
.Sh EXIT STATUS
The
.Nm
daemon exits 0 on success, and >0 if an error occurs.
.Sh SEE ALSO
.Xr cap_enter 2 ,
.Xr libcapsicum 3 ,
.Xr pidfile 3 ,
.Xr capsicum 4 ,
.Xr unix 4
.Sh AUTHORS
The
.Nm
was implemented by
.An Pawel Jakub Dawidek Aq Mt pawel@dawidek.net
under sponsorship from the FreeBSD Foundation.