*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> t6get_endpt_mask (3n)              
Title
Content
Arch
Section
 

Contents


t6get_endpt_mask(3N)					  t6get_endpt_mask(3N)


NAME    [Toc]    [Back]

     t6get_endpt_mask, t6set_endpt_mask, t6get_endpt_default,
     t6set_endpt_default - get or set endpoint security	attribute mask,	get or
     set endpoint default security attributes

SYNOPSIS    [Toc]    [Back]

     cc	[ flags	... ] file

     #include <sys/t6attrs.h>

     int t6get_endpt_mask(int fd, t6mask_t *mask)

     int t6set_endpt_mask(int fd, t6mask_t mask)

     int t6get_endpt_default(int fd, t6mask_t mask, t6attr_t attr_ptr)

     int t6set_endpt_default(int fd, t6mask_t mask, const t6attr_t attr_ptr)

DESCRIPTION    [Toc]    [Back]

     The security extensions on	the communication endpoint include a set of
     default security attributes that may be applied to	outgoing data and an
     attribute mask that designates which attributes are taken from the
     endpoint's	default	attributes and which are taken from the	process's
     effective attributes.

     By	default, data written to an endpoint has associated with it the
     security attributes of the	process	that wrote the data.  However, a
     privileged	process	may change the value of	the default attribute mask on
     an	endpoint it had	created, and the endpoint's default attributes.

     t6get_endpt_mask allows a process to obtain the current setting of	the
     default attribute mask for	the endpoint specified by fd.  The attribute
     mask is returned in the parameter mask.  Note that	the following
     attributes	will silently fail to be returned:  T6_NAT_CAVEATS, T6_ACL,
     T6_IL, T6_PID, T6_RESV10, T6_AUDIT_INFO, T6_CLEARANCE.

     t6set_endpt_mask allows a process to set the bit values of	the default
     attribute mask for	the endpoint specified by fd to	the value specified by
     mask.  A bit value	of 0 indicates the attribute is	taken from the
     process's effective attributes; and a bit value of	1 indicates the	the
     attribute is taken	from the endpoint's default attributes.

     t6get_endpt_default allows	a process to get the current setting of	the
     default attributes	of the endpoint	specified by fd.  mask indicates which
     attributes	are present in the parameter attr_ptr.	To access attr_ptr,
     see t6get_attr(3N)

     t6set_endpt_default allows	a process to set the default attributes	of the
     endpoint specified	by fd to the attributes	specified by the parameter
     attr_ptr.	mask indicates which attributes	are present in the parameter
     attr_ptr.	To set up attr_ptr, see	t6set_attr(3N).




									Page 1






t6get_endpt_mask(3N)					  t6get_endpt_mask(3N)



     Note that the t6set_endpt_default() will fail and return EINVAL if	any of
     the following attributes are set:	T6_NAT_CAVEATS,	T6_ACL,	T6_IL, T6_PID,
     T6_RESV10,	T6_AUDIT_INFO ).

CAPABILITIES    [Toc]    [Back]

     t6set_endpt_mask always requires CAP_NETWORK_MGT capability.

     t6set_endpt_default requires different capabilities for each different
     value of t6mask_t.	 (listed in following table)

     Value of t6mask_t	 Capability required

     T6_SL		 CAP_MAC_RELABEL_OPEN, CAP_MAC_UPGRADE,
			 CAP_MAC_DOWNGRADE

     T6_INTEG_LABEL	 CAP_MAC_RELABEL_OPEN, CAP_MAC_UPGRADE,
			 CAP_MAC_DOWNGRADE

     T6_SESSION_ID	 CAP_NETWORK_MGT

     T6_CLEARANCE	 CAP_MAC_RELABEL_OPEN, CAP_MAC_UPGRADE,
			 CAP_MAC_DOWNGRADE

     T6_PRIVILEGES	 CAP_SETPCAP

     T6_AUDIT_ID	 CAP_AUDIT_CONTROL

     T6_UID		 CAP_SETUID

     T6_GID		 CAP_SETGID

     T6_GROUPS		 CAP_SETGID

     The above table shows the maximum capability that may be required for
     each t6mask_t attribute.  CAP_MAC_RELABEL_OPEN is only required when
     setting a label of	type MSEN_EQUAL_LABEL or MINT_EQUAL_LABEL.
     CAP_MAC_UPGRADE is	required if the	new label dominates the	old one.
     CAP_MAC_DOWNGRADE is required if the new label does not dominate the old
     one. Generally the	CAP_MAC_UPGRADE	and CAP_MAC_DOWNGRADE capabilities
     will be necessary.

RETURN VALUE    [Toc]    [Back]

     On	successful completion these calls return 0.  If	either call encounters
     an	error, the appropriate error code is returned.

ERRORS    [Toc]    [Back]

     [EFAULT]	    Encountered	a bad pointer address.

     [ENOTSOCK]	    Attempted a	socket operation on a non-socket.





									Page 2






t6get_endpt_mask(3N)					  t6get_endpt_mask(3N)



     [EINVAL]	    Invalid argument.

SEE ALSO    [Toc]    [Back]

      
      
     libt6(3N),	t6sendto(3N), t6set_attr(3N)

SOURCE    [Toc]    [Back]

     Trusted Systems Interoperability Group

NOTES    [Toc]    [Back]


									PPPPaaaaggggeeee 3333
[ Back ]
 Similar pages
Name OS Title
t6sendto IRIX Specify security attributes to send with data on a trusted endpoint
t6recvfrom IRIX Read security attributes and data from a trusted endpoint
t6ext_attr IRIX Activate extended security attributes or set policy on security attribute change
dcecp_endpoint HP-UX A dcecp object that manages endpoint information in local RPC endpoint maps
default Tru64 System default database file (Enhanced Security)
putprdfnam Tru64 Manipulate system default database entry (Enhanced Security)
endprdfent Tru64 Manipulate system default database entry (Enhanced Security)
putesdfnam Tru64 Manipulate system default database entry (Enhanced Security)
getprdfent Tru64 Manipulate system default database entry (Enhanced Security)
getprdfnam Tru64 Manipulate system default database entry (Enhanced Security)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service