GETPPRIV(2) System Calls GETPPRIV(2)
NAME
getppriv, setppriv - get or set a privilege set
SYNOPSIS
#include <priv.h>
int getppriv(
priv_ptype_t which,
priv_set_t *set);
int setppriv(
priv_op_t op,
priv_ptype_t which,
priv_set_t *set);
DESCRIPTION
The
getppriv() function returns the process privilege set specified by
which in the set pointed to by
set. The memory for
set is allocated with
priv_allocset() and freed with
priv_freeset(). Both functions are
documented on the
priv_addset(3C) manual page.
The
setppriv() function sets or changes the process privilege set. The
op argument specifies the operation and can be one of
PRIV_OFF,
PRIV_ON or
PRIV_SET. The
which argument specifies the name of the privilege set. The
set argument specifies the set.
If
op is
PRIV_OFF, the privileges in
set are removed from the process
privilege set specified by
which. There are no restrictions on removing
privileges from process privileges sets, but the following apply:
o Privileges removed from
PRIV_PERMITTED are silently removed
from
PRIV_EFFECTIVE.
o If privileges are removed from
PRIV_LIMIT, they are not
removed from the other sets until one of
exec(2) functions has
successfully completed.
If
op is
PRIV_ON, the privileges in
set are added to the process
privilege set specified by
which. The following operations are
permitted:
o Privileges in
PRIV_PERMITTED can be added to
PRIV_EFFECTIVE without restriction.
o Privileges in
PRIV_PERMITTED can be added to
PRIV_INHERITABLE without restriction.
o All operations that attempt to add privileges that are already
present are permitted.
If
op is
PRIV_SET, the privileges in
set replace completely the process
privilege set specified by
which.
PRIV_SET is implemented in terms of
PRIV_OFF and
PRIV_ON. The same restrictions apply.
RETURN VALUES
Upon successful completion, 0 is returned. Otherwise, -1 is returned and
errno is set to indicate the error.
ERRORS
The
getppriv() and
setppriv() functions will fail if:
EINVAL The value of
op or
which is out of range.
EFAULT The
set argument points to an illegal address.
The
setppriv() function will fail if:
EPERM The application attempted to add privileges to
PRIV_LIMIT or
PRIV_PERMITTED, or the application attempted to add privileges
to
PRIV_INHERITABLE or
PRIV_EFFECTIVE which were not in
PRIV_PERMITTED.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+
SEE ALSO
priv_addset(3C),
attributes(7),
privileges(7) September 10, 2004
GETPPRIV(2)