MAC_GET_FD(3C) MAC_GET_FD(3C)
mac_get_fd, mac_set_fd - get the MAC label associated with an open file
#include <sys/mac.h>
mac_t mac_get_fd(int fd);
int mac_set_fd(int fd, mac_t macp);
mac_get_fd returns a mac_t, a pointer to an allocated struct mac_label
associated with the open file referred to by fd. If _POSIX_MAC is in
effect, then the process must have MAC read access to the object.
mac_set_fd sets the MAC label for the open file referred to by fd from
the mac_t pointed to by macp. The effective UID of the process must
match the owner of the object or the process must have appropriate
privilege to set the access MAC on the object. If _POSIX_CAP is in
effect, then the appropriate capability must include CAP_FOWNER. In
addition, if _POSIX_MAC is in effect, then the process must have MAC
write access to the object. mac_set_fd function will succeed only if the
MAC is valid as defined by the mac_valid(3c) function.
mac_get_fd returns a pointer to an allocated mac_t if successful, NULL
otherwise. The storage should be freed with a call to mac_free with the
returned pointer as an argument when it is no longer needed.
mac_set_fd returns 0 if successful, -1 otherwise.
mac_get_fd:
EACCESS Access to the object is denied.
EBADF fd is not a valid file descriptor.
ENOMEM allocation of the mac_t failed.
ENOSYS MAC support is not available (not installed).
mac_set_fd:
EACCESS Access to the object is denied.
EBADF fd is not a valid file descriptor.
EINVAL the MAC label is not valid.
ENOSPC The file system is full or some other resource needed for
the MAC storage is not available.
Page 1
MAC_GET_FD(3C) MAC_GET_FD(3C)
ENOSYS MAC support is not available (not installed).
EPERM The process does not have appropriate privilege to
perform the operation to set the MAC.
EROFS This function requires modification of a file system
which is currently read-only.
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 2�2�2�2 [ Back ]
|
