t6ext_attr, t6new_attr - Activate extended security attributes or set
policy on security attribute change
cc [ flags ... ] file
int t6ext_attr(int fd, t6cmd_t cmd);
int t6new_attr(int fd, t6cmd_t cmd);
t6ext_attr turns on extended security operations on the trusted IPC
mechanism. fd is the descriptor associated with the IPC mechanism, and
cmd must be ON to turn on extended operations, or OFF to turn them off.
When first created, the trusted IPC mechanism appears the same as an
untrusted IPC mechanism. It can be used in the same way to send and
receive data as long as communications do not violate the security
policies of the system. Between systems that support mandatory access
control, for example, communications can only occur between processes at
the same sensitivity level. Before the network endpoint allows a process
to specify security attributes or manipulate the endpoint's security
options, it must call t6ext_attr. Any attempt to use extended operations
other than t6ext_err before calling this routine fails, setting errno to
the appropriate value.
t6new_attr with a value of ON for cmd tells the underlying TSIX software
that the receiving process is only interested in security attributes if
they differ from the last set of attributes it received. After this
call, t6recvfrom(3N) only returns valid security attributes when a change
in the attributes is detected. This is indicated by setting the
t6recvfrom parameter new_attrs to non-zero. When new attributes are
returned, the full set of requested attributes is returned, not just
those that have changed. When cmd is OFF, the default situation
prevails, that is, attributes are returned with each call to t6recvfrom.
t6ext_attr requires the CAP_NETWORK_MGT capability in the effective
vector of its capability set.
[EINVAL] For t6new_attr, the caller did not initialize the
endpoint's security extensions prior to this call
[ENOSYS] Function not implemented as the session manager may not be
[EPERM] Operation not permitted, inadequate capabilities.
Trusted Systems Interoperability Group
PPPPaaaaggggeeee 2222 [ Back ]