GETPFLAGS(2) System Calls GETPFLAGS(2)
NAME
getpflags, setpflags - get or set process flags
SYNOPSIS
#include <sys/types.h>
#include <priv.h>
uint_t getpflags(
uint_t flag);
int setpflags(
uint_t flag,
uint_t value);
DESCRIPTION
The
getpflags() and
setpflags() functions obtain and modify the current
per-process flags.
The following values for
flag are supported:
PRIV_AWARE This one bit flag takes the value of 0 (unset) or 1 (set). Only if
this flag is set is the current process privilege-aware. A process
can attempt to unset this flag but might fail silently if the
observed set invariance condition cannot be met. Setting this flag is
always successful. See
privileges(7) for a discussion of this flag.
PRIV_AWARE_RESET This one bit flag takes the value of 0 (unset) or 1 (set). This
causes a process to pretend it is non- privilege aware. The effective
and permitted privilege set change on the change of the effective
uid. When all the uid sets become the same through
setuid(
uid) or
through
setreuid(
uid,
uid), the effective and permitted set are set
to the intersection between the limit set and the inheritable set. At
that point, both
PRIV_AWARE and
PRIV_AWARE_RESET are unset.
This flag gets automatically reset when a file becomes privilege
aware, either through calling
setppriv(2) or by setting
PRIV_AWARE to
1.
PRIV_DEBUG This one bit flag takes the value of 0 (unset) or 1 (set). Only if
this flag is set does the current process have privilege debugging
enabled. Processes can set and unset this flag at will.
NET_MAC_AWARE NET_MAC_AWARE_INHERIT These flags are available only if the system is configured with
Trusted Extensions. These one bit flags each take the value of 0
(unset) or 1 (set). If the
NET_MAC_AWARE flag is set then the current
process is allowed to communicate with peers at labels that are
different than its own, subject to MAC policy.
The
NET_MAC_AWARE_INHERIT flag controls the propagation of the
NET_MAC_AWARE flag. When a process performs one of the
exec(2) functions, the
NET_MAC_AWARE flag is unset unless the
NET_MAC_AWARE_INHERIT is set.
NET_MAC_AWARE_INHERIT is always unset
on one of the
exec functions. The
PRIV_NET_MAC_AWARE privilege is
required to set either of these flags.
RETURN VALUES
The
getpflags() returns the value associated with a given per-process
flag. If the
flag argument is invalid, (
uint_t)-1 is returned and
errno is set to indicate the error.
Upon successful completion,
setpflags() returns 0. Otherwise, -1 is
returned and
errno is set to indicate the error.
ERRORS
The
getpflags() and
setpflags() functions will fail if:
EINVAL The value of
flag or the value to which the
flag is set is out
of range.
The
setpflags() function will fail if:
EPERM An attempt was made to unset
PRIV_AWARE but the observed set
invariance condition was not met.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------+
|Interface Stability | Committed |
+--------------------+-------------------+
|MT-Level | Async-Signal-Safe |
+--------------------+-------------------+
SEE ALSO
ppriv(1),
setppriv(2),
attributes(7),
privileges(7) June 4, 2009
GETPFLAGS(2)