ref: 6926080a2d7c8a5b61888c18fa88d70f3384409b
parent: e9bb7876e1bd7f9aaef4e1cd0c64c97f411ffde5
author: Jacob Moody <[email protected]>
date: Fri May 27 22:25:56 EDT 2022
add chdev(1)
--- /dev/null
+++ b/rc/bin/chdev
@@ -1,0 +1,18 @@
+#!/bin/rc
+
+fn usage {
+ echo 'usage:' $0 '[ -nr ] devmask' >[1=2]
+ exit usage
+}
+
+op='&'
+while(~ $1 -*){
+ switch($1){
+ case -n; op='~'
+ case -r; op='&~'
+ case *; usage
+ }
+ shift
+}
+
+echo chdev $op $1 >> '#c/drivers'
--- /dev/null
+++ b/sys/man/1/chdev
@@ -1,0 +1,99 @@
+.TH CHDEV 1
+.SH NAME
+chdev \- change kernel driver access
+.SH SYNOPSIS
+.B chdev
+[ -nr ] \f2devmask\fP...
+.SH DESCRIPTION
+.I Chdev
+modifies access to kernel drivers for the current
+process and processes within the same name group
+(see
+.IR fork (2)).
+Access is defined as the ability for a process
+to walk files and directories served by the driver
+through its location within '#'. Existing binds
+of drivers are left unaffected.
+.PP
+Access may only be removed; after a specific
+driver is ejected no further operations can
+permit access again. Access is inherited by
+all children of the name group, regardless if the
+child has elected to receive a clean namespace.
+.PP
+.IR Devmask
+is a string of driver characters. The default
+behavior is to block access to all but the listed
+drivers. Flags provide a way to modify this behavior:
+.TP
+.B -r
+Retain access to all but the specified drivers.
+.TP
+.B -n
+Remove access to all drivers.
+.I Devmask
+is ignored.
+.PP
+Access to some drivers is tied to other
+related process capabilities:
+.TP
+\f2mnt\fP(3)
+.IP
+Ability to perform the
+.IR mount (2)
+system call, and
+to post new services to
+.IR shr (3).
+.TP
+\f2pipe\fP(3)
+.IP
+Ability to perform the
+.IR pipe (2)
+system call.
+.SH EXAMPLES
+Permit access to only
+.IR draw (3),
+.IR rtc (3),
+.IR fs (3),
+and
+.IR srv (3):
+.IP
+.EX
+chdev irks
+.EE
+.PP
+Remove access to
+.IR cons (3),
+.IR rtc (3),
+.IR audio (3),
+and
+.IR proc (3):
+.IP
+.EX
+chdev -r crAp
+.EE
+.PP
+Create a
+.IR pipe (3)
+then remove the ability to create more:
+.IP
+.EX
+bind '#|' /n/pipe
+chdev -r '|'
+.EE
+.SH DIAGNOSTICS
+.I Chdev
+is implemented through writes to
+.BR /dev/drivers ,
+served by
+.IR cons (3).
+.SH SOURCE
+.B /rc/bin/chdev
+.SH "SEE ALSO"
+.B /dev/drivers
+for a list of current drivers.
+.PP
+.IR intro (3),
+.IR cons (3)
+.SH HISTORY
+Chdev first appeared in 9front (May, 2022).