Add new acl vnode op pages

share/man/man9/Makefile

@@ -1,4 +1,4 @@
-#       $NetBSD: Makefile,v 1.461 2022/01/17 19:08:06 christos Exp $
+#       $NetBSD: Makefile,v 1.462 2022/01/17 22:47:43 christos Exp $
 
 #	Makefile for section 9 (kernel function and variable) manual pages.
 
@@ -68,7 +68,8 @@ MAN=	accept_filter.9 accf_data.9 accf_http.9 acl.9 \
 	video.9 vme.9 vnfileops.9 vnode.9 vnodeops.9 vnsubr.9 vmem.9  \
 	wapbl.9 wdc.9 workqueue.9 \
 	wsbell.9 wscons.9 wsdisplay.9 wsfont.9 wskbd.9 wsmouse.9 \
-	xcall.9
+	xcall.9 \
+	VOP_ACLCHECK.9 VOP_GETACL.9 VOP_SETACL.9
 
 MAN+=	atomic_loadstore.9
 MLINKS+=atomic_loadstore.9 atomic_load_acquire.9 \

share/man/man9/VOP_ACLCHECK.9

@@ -0,0 +1,101 @@
+.\" $NetBSD: VOP_ACLCHECK.9,v 1.1 2022/01/17 22:47:43 christos Exp $
+.\"-
+.\" Copyright (c) 1999 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD: head/share/man/man9/VOP_ACLCHECK.9 206622 2010-04-14 19:08:06Z uqs $
+.\"
+.Dd January 17, 2022
+.Dt VOP_ACLCHECK 9
+.Os
+.Sh NAME
+.Nm VOP_ACLCHECK
+.Nd check an access control list for a vnode
+.Sh SYNOPSIS
+.In sys/param.h
+.In sys/vnode.h
+.In sys/acl.h
+.Ft int
+.Fn VOP_ACLCHECK "struct vnode *vp" "acl_type_t type" "struct acl *aclp" "kauth_cred_t cred"
+.Sh DESCRIPTION
+This vnode call may be used to determine the validity of a particular access
+control list (ACL) for a particular file or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Fa vp
+The vnode of the file or directory.
+.It Fa type
+The type of ACL to check.
+.It Fa aclp
+A pointer to an ACL structure from which to retrieve the ACL data.
+.It Fa cred
+The user credentials to use in authorizing the request.
+.El
+.Pp
+The
+.Fa cred
+pointer may be NULL to indicate that access control checks are not to be
+performed, if possible.
+This cred setting might be used to allow the
+kernel to authorize ACL verification that the active process might not be
+permitted to do.
+.Pp
+The vnode ACL interface defines the syntax, and not semantics, of file and
+directory ACL interfaces.
+More information about ACL management in kernel
+may be found in
+.Xr acl 9 .
+.Sh LOCKS
+No locks are required to call this vnode method, and any locks held on
+entry will be held on exit.
+.Sh RETURN VALUES
+If the
+.Fa aclp
+pointer points to a valid ACL of type
+.Fa type
+for the object
+.Fa vp ,
+then zero is returned.
+Otherwise, an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The ACL type passed is invalid for this vnode, or the ACL data is invalid.
+.It Bq Er EACCES
+The file or directory ACL does not permit access.
+.It Bq Er ENOMEM
+Sufficient memory is not available to fulfill the request.
+.It Bq Er EOPNOTSUPP
+The file system does not support
+.Fn VOP_ACLCHECK .
+.El
+.Sh SEE ALSO
+.Xr acl 9 ,
+.Xr vnode 9 ,
+.Xr VOP_GETACL 9 ,
+.Xr VOP_SETACL 9
+.Sh AUTHORS
+This manual page was written by
+.An Robert Watson .

share/man/man9/VOP_GETACL.9

@@ -0,0 +1,95 @@
+.\" $NetBSD: VOP_GETACL.9,v 1.1 2022/01/17 22:47:43 christos Exp $
+.\"-
+.\" Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD: head/share/man/man9/VOP_GETACL.9 235319 2012-05-12 03:46:43Z gjb $
+.\"
+.Dd January 17, 2022
+.Dt VOP_GETACL 9
+.Os
+.Sh NAME
+.Nm VOP_GETACL
+.Nd retrieve access control list for a vnode
+.Sh SYNOPSIS
+.In sys/param.h
+.In sys/vnode.h
+.In sys/acl.h
+.Ft int
+.Fn VOP_GETACL "struct vnode *vp" "acl_type_t type" "struct acl *aclp" "kauth_cred_t cred"
+.Sh DESCRIPTION
+This vnode call may be used to retrieve the access control list (ACL) from a
+file or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Fa vp
+The vnode of the file or directory.
+.It Fa type
+The type of ACL to retrieve.
+.It Fa aclp
+A pointer to an ACL structure to receive the ACL data.
+.It Fa cred
+The user credentials to use in authorizing the request.
+.El
+.Pp
+The
+.Fa cred
+pointer may be
+.Dv NULL
+to indicate that access control checks are not to be performed, if possible.
+This cred setting might be used to allow the kernel to authorize ACL
+retrieval that the active process might not be permitted to do.
+.Pp
+The vnode ACL interface defines the syntax, and not semantics, of file and
+directory ACL interfaces.
+More information about ACL management in kernel may be found in
+.Xr acl 9 .
+.Sh LOCKS
+The vnode will be locked on entry and should remain locked on return.
+.Sh RETURN VALUES
+If the
+.Fa aclp
+pointer will point to a valid ACL, then zero is returned.
+Otherwise, an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The ACL type passed is invalid for this vnode.
+.It Bq Er EACCES
+The caller does not have the appropriate privilege.
+.It Bq Er ENOMEM
+Sufficient memory is not available to fulfill the request.
+.It Bq Er EOPNOTSUPP
+The file system does not support
+.Fn VOP_GETACL .
+.El
+.Sh SEE ALSO
+.Xr acl 9 ,
+.Xr vnode 9 ,
+.Xr VOP_ACLCHECK 9 ,
+.Xr VOP_SETACL 9
+.Sh AUTHORS
+This manual page was written by
+.An Robert Watson .

share/man/man9/VOP_SETACL.9

@@ -0,0 +1,104 @@
+.\" $NetBSD: VOP_SETACL.9,v 1.1 2022/01/17 22:47:43 christos Exp $
+.\"-
+.\" Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD: head/share/man/man9/VOP_SETACL.9 235319 2012-05-12 03:46:43Z gjb $
+.\"
+.Dd January 17, 2022
+.Dt VOP_SETACL 9
+.Os
+.Sh NAME
+.Nm VOP_SETACL
+.Nd set the access control list for a vnode
+.Sh SYNOPSIS
+.In sys/param.h
+.In sys/vnode.h
+.In sys/acl.h
+.Ft int
+.Fn VOP_SETACL "struct vnode *vp" "acl_type_t type" "struct acl *aclp" "kauth_cred_t cred"
+.Sh DESCRIPTION
+This vnode call may be used to set the access control list (ACL) for a file
+or directory.
+.Pp
+Its arguments are:
+.Bl -tag -width type
+.It Fa vp
+The vnode of the file or directory.
+.It Fa type
+The type of ACL to set.
+.It Fa aclp
+A pointer to an ACL structure from which to retrieve the ACL data.
+.It Fa cred
+The user credentials to use in authorizing the request.
+.El
+.Pp
+The
+.Fa aclp
+pointer may be
+.Dv NULL
+to indicate that the specified ACL should be deleted.
+.Pp
+The
+.Fa cred
+pointer may be
+.Dv NULL
+to indicate that access control checks are not to be performed, if possible.
+This cred setting might be used to allow the kernel to authorize ACL
+changes that the active process might not be permitted to make.
+.Pp
+The vnode ACL interface defines the syntax, and not semantics, of file and
+directory ACL interfaces.
+More information about ACL management in kernel
+may be found in
+.Xr acl 9 .
+.Sh LOCKS
+The vnode will be locked on entry and should remain locked on return.
+.Sh RETURN VALUES
+If the ACL is successfully set, then zero is returned.
+Otherwise, an appropriate error code is returned.
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EINVAL
+The ACL type passed is invalid for this vnode, or the ACL data is invalid.
+.It Bq Er EACCES
+The caller does not have the appropriate privilege.
+.It Bq Er ENOMEM
+Sufficient memory is not available to fulfill the request.
+.It Bq Er EOPNOTSUPP
+The file system does not support
+.Fn VOP_SETACL .
+.It Bq Er ENOSPC
+The file system is out of space.
+.It Bq Er EROFS
+The file system is read-only.
+.El
+.Sh SEE ALSO
+.Xr acl 9 ,
+.Xr vnode 9 ,
+.Xr VOP_ACLCHECK 9 ,
+.Xr VOP_GETACL 9
+.Sh AUTHORS
+This manual page was written by
+.An Robert Watson .