Update c18n guide

src/features/c18n.md

@@ -24,10 +24,10 @@ CHERI-enabled software compartmentalization models:
 CheriBSD's library compartmentalization feature (c18n) executes each dynamic
 library within a compartmentalization-enabled process in its own protection
 domain.
-The non-default c18n-enabled run-time linker grants libraries capabilities
-only to resources (global variables, APIs) declared in their ELF linkage.
-Function calls that cross domain boundaries are interposed on by
-domain-crossing shims implemented by the run-time linker.
+When c18n is enabled, the run-time linker grants libraries capabilities only to
+resources (global variables, APIs) declared in their ELF linkage. Function
+calls that cross domain boundaries are interposed on by domain-crossing shims
+implemented by the run-time linker.
 
 The adversary model for these compartments is one of trusted code but
 untrustworthy execution: a library such as `libpng` or `libjpeg` is trusted
@@ -57,39 +57,62 @@ page](https://man.cheribsd.org/cgi-bin/man.cgi/releng-24.05/c18n):
 man c18n
 ```
 
-## Compiling applications for library compartmentalization
+## Enabling library compartmentalization system-wide
 
-To compile a main application to use library compartmentalization, add the
-following flags to compilation of the program binary:
+Compartmentalization can be enabled for all eligible new processes with
+`sysctl`:
 
 ```
--Wl,--dynamic-linker=/libexec/ld-elf-c18n.so.1
+sysctl security.cheri.lib_based_c18n_default=1
 ```
 
-For example, compile `helloworld.c` using:
+## Enabling library compartmentalization temporarily for a particular binary
 
+To run a particular binary with library compartmentalization enabled just for
+this run, use `proccontrol`:
+
+`proccontrol -m cheric18n -s enable ./helloworld`
+
+## Enabling library compartmentalization by default for a particular binary
+
+To enable library compartmentalization by default for a particular binary, run
+the following command to set a flag in the binary:
+
+```
+elfctl -e +cheric18n ./helloworld
 ```
-cc -Wall -g -o helloworld helloworld.c -Wl,--dynamic-linker=/libexec/ld-elf-c18n.so.1
+
+This can be reversed by replacing `+cheric18n` with `-cheric18n`.
+
+You can confirm whether c18n is enabled for a binary by default using the
+`elfctl` command:
+
+```
+elfctl ./helloworld
 ```
 
-You can confirm whether a binary uses the c18n run-time linker by inspecting
-it using the `file` command:
+The output will contain two lines like the following indicating whether c18n is
+enabled or disabled.
 
 ```
-file helloworld
+cheric18n       'Force Enable CHERI library-based compartmentalisation' is set.
+nocheric18n     'Force Disable CHERI library-based compartmentalisation' is unset.
 ```
 
+Note that `nocheric18n` _disables_ c18n for the binary by default even when it
+is enabled system-wide.
+
 ## Tracing compartment-boundary crossings
 
-The BSD ktrace(1) command is able to trace compartment-boundary crossings.
-To enable this feature, set the `LD_C18N_UTRACE_COMPARTMENT` environmental
-variable, which will cause the c18n run-time linker to emit records using
-the utrace(2) system call.
+The BSD ktrace(1) command is able to trace compartment-boundary crossings. To
+enable this feature, set the `LD_UTRACE_COMPARTMENT` environmental variable,
+which will cause the run-time linker to emit records using the utrace(2) system
+call.
 Run the program under ktrace with the `-tu` argument to capture only those
 records (and not a full system-call trace):
 
 ```
-env LD_C18N_UTRACE_COMPARTMENT=1 ktrace -tu ./helloworld
+env LD_UTRACE_COMPARTMENT=1 ktrace -tu ./helloworld
 ```
 
 The resulting `ktrace.out` file can be viewed using the kdump(1) command: