*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> t6ext_attr (3n)              


t6ext_attr(3N)							t6ext_attr(3N)

NAME    [Toc]    [Back]

     t6ext_attr, t6new_attr - Activate extended	security attributes or set
     policy on security	attribute change

SYNOPSIS    [Toc]    [Back]

     cc	[ flags	... ] file

     #include <sys/t6attrs.h>

     int t6ext_attr(int	fd, t6cmd_t cmd);

     int t6new_attr(int	fd, t6cmd_t cmd);

DESCRIPTION    [Toc]    [Back]

     t6ext_attr	turns on extended security operations on the trusted IPC
     mechanism.	fd is the descriptor associated	with the IPC mechanism,	and
     cmd must be ON to turn on extended	operations, or OFF to turn them	off.
     When first	created, the trusted IPC mechanism appears the same as an
     untrusted IPC mechanism.  It can be used in the same way to send and
     receive data as long as communications do not violate the security
     policies of the system.  Between systems that support mandatory access
     control, for example, communications can only occur between processes at
     the same sensitivity level.  Before the network endpoint allows a process
     to	specify	security attributes or manipulate the endpoint's security
     options, it must call t6ext_attr. Any attempt to use extended operations
     other than	t6ext_err before calling this routine fails, setting errno to
     the appropriate value.

     t6new_attr	with a value of	ON for cmd tells the underlying	TSIX software
     that the receiving	process	is only	interested in security attributes if
     they differ from the last set of attributes it received.  After this
     call, t6recvfrom(3N) only returns valid security attributes when a	change
     in	the attributes is detected.  This is indicated by setting the
     t6recvfrom	parameter new_attrs to non-zero.  When new attributes are
     returned, the full	set of requested attributes is returned, not just
     those that	have changed.  When cmd	is OFF,	the default situation
     prevails, that is,	attributes are returned	with each call to t6recvfrom.

CAPABILITIES    [Toc]    [Back]

     t6ext_attr	requires the CAP_NETWORK_MGT capability	in the effective
     vector of its capability set.

ERRORS    [Toc]    [Back]

     [EINVAL]	    For	t6new_attr, the	caller did not initialize the
		    endpoint's security	extensions prior to this call

     [ENOSYS]	    Function not implemented as	the session manager may	not be

     [EPERM]	    Operation not permitted, inadequate	capabilities.

									Page 1

t6ext_attr(3N)							t6ext_attr(3N)

SEE ALSO    [Toc]    [Back]


SOURCE    [Toc]    [Back]

     Trusted Systems Interoperability Group

NOTES    [Toc]    [Back]

									PPPPaaaaggggeeee 2222
[ Back ]
 Similar pages
Name OS Title
t6get_endpt_mask IRIX get or set endpoint security attribute mask, get or set endpoint default security attributes
mac_mls FreeBSD Multi-Level Security confidentiality policy
pthread_attr_setschedpolicy Tru64 Changes the scheduling policy attribute of the specified thread attributes object
pthread_attr_getschedpolicy Tru64 Obtains the scheduling policy attribute of the specified thread attributes object
siad_test_newpass Tru64 test passphrase against rules and policy routine for SIA (Security Integration Architecture)
get_seed_es Tru64 Obtain a drand48 seed value for an extended profile (Enhanced Security)
t6get_attr IRIX Get or set security attributes
sia_chg_password Tru64 SIA change routines (Security Integration Architecture)
sia_chg_finger Tru64 SIA change routines (Security Integration Architecture)
sia_chg_shell Tru64 SIA change routines (Security Integration Architecture)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service