|TAME(2)||System Calls Manual||TAME(2)|
tame — restrict
The current process is forced into a restricted-service operating mode. A few subsets are available, roughly described as computation, memory management, read-write operations on file descriptors, opening of files, networking. In general, these modes were selected by studying the operation of many programs using libc and other such interfaces.
tame() in an application will
require at least some study and understanding of the interfaces called.
Subsequent calls to
tame() can reduce
abilities further, but abilities can never be regained.
A process which attempts a restricted operation is killed with
set, then a non-blockable
SIGABRT is delivered
instead, possibly resulting in a
A flags value of 0 restricts the process to the _exit(2) system call. This can be used for pure computation operating on memory shared with another process.
TAME_* options below (with the
TAME_ABORT) permit the following system
Calls allowed with restrictions include:
The flags are specified as a bitwise OR of the following values:
poll(2), kevent(2), kqueue(2), select(2), close(2), dup(2), dup2(2), dup3(2), closefrom(2), shutdown(2), read(2), readv(2), pread(2), preadv(2), write(2), writev(2), pwrite(2), pwritev(2), ftruncate(2), lseek(2), utimes(2), futimes(2), utimensat(2), futimens(2), fcntl(2), fsync(2), pipe(2), pipe2(2), socketpair(2), getdents(2), sendto(2), sendmsg(2), recvmsg(2), recvfrom(2), fstat(2).
TAME_RW. As a result, all functionalities of libc stdio works.
setsockopt(2) has been reduced in functionality substantially.
SIGABRTupon violation instead of
Upon successful completion, the value 0 is returned; otherwise the value -1 is returned and the global variable errno is set to indicate the error.
tame() will fail if:
tame() system call appeared in
|July 28, 2015||OpenBSD-5.8|