GETPPRIV(2) System Calls GETPPRIV(2)

NAME


getppriv, setppriv - get or set a privilege set

SYNOPSIS


#include <priv.h>

int getppriv(priv_ptype_t which, priv_set_t *set);


int setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set);


DESCRIPTION


The getppriv() function returns the process privilege set specified by
which in the set pointed to by set. The memory for set is allocated with
priv_allocset() and freed with priv_freeset(). Both functions are
documented on the priv_addset(3C) manual page.


The setppriv() function sets or changes the process privilege set. The op
argument specifies the operation and can be one of PRIV_OFF, PRIV_ON or
PRIV_SET. The which argument specifies the name of the privilege set. The
set argument specifies the set.


If op is PRIV_OFF, the privileges in set are removed from the process
privilege set specified by which. There are no restrictions on removing
privileges from process privileges sets, but the following apply:

o Privileges removed from PRIV_PERMITTED are silently removed
from PRIV_EFFECTIVE.

o If privileges are removed from PRIV_LIMIT, they are not
removed from the other sets until one of exec(2) functions has
successfully completed.


If op is PRIV_ON, the privileges in set are added to the process
privilege set specified by which. The following operations are
permitted:

o Privileges in PRIV_PERMITTED can be added to PRIV_EFFECTIVE
without restriction.

o Privileges in PRIV_PERMITTED can be added to PRIV_INHERITABLE
without restriction.

o All operations that attempt to add privileges that are already
present are permitted.


If op is PRIV_SET, the privileges in set replace completely the process
privilege set specified by which. PRIV_SET is implemented in terms of
PRIV_OFF and PRIV_ON. The same restrictions apply.

RETURN VALUES


Upon successful completion, 0 is returned. Otherwise, -1 is returned and
errno is set to indicate the error.

ERRORS


The getppriv() and setppriv() functions will fail if:

EINVAL
The value of op or which is out of range.


EFAULT
The set argument points to an illegal address.


The setppriv() function will fail if:

EPERM
The application attempted to add privileges to PRIV_LIMIT or
PRIV_PERMITTED, or the application attempted to add privileges
to PRIV_INHERITABLE or PRIV_EFFECTIVE which were not in
PRIV_PERMITTED.


ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+

SEE ALSO


priv_addset(3C), attributes(7), privileges(7)

September 10, 2004 GETPPRIV(2)