allocate(1) DG/UX B2 Security R4.12MU02 allocate(1)
NAME
allocate, deallocate - reserve a device for exclusive use, or release
a device for allocation by others
SYNOPSIS
allocate [ -p pid ] device-path ...
deallocate device-path ...
DESCRIPTION
The allocate command reserves an allocable device for exclusive use.
The deallocate command releases a previously allocated device. An
allocable device is a device (such as a tape drive, floppy drive or
terminal port) that has been marked as allocable by an administrator
(see admdevice(1M)).
The invoker of the allocate command must have Mandatory Access
Control (MAC) write access to the target process for which the device
is being allocated, and must either be related to the process (the
real user IDs are the same) or have appropriate privilege (see
appropriate_privilege(5)) . Additionally, the target process must
have strict Discretionary Access Control (DAC) access (no DAC
override allowed) and Capability Access Control (CAC) access to a
device in order to allocate it. That is, if a device has a required
capability set, then all required capabilities on the device must be
in the effective capability set of the target process.
While the device is allocated, the MAC label on the device is set to
be equal to that of the process to which the device is being
allocated.
The owning user and group IDs of the allocated device are set to the
effective user and group IDs of the target process. A minimum ACL is
set on the device allowing read and write access to the device owner,
and no access to anyone else. The capability state of the device is
left unchanged.
When a device is allocated, its security attributes cannot be
changed. In addition, DAC access to an allocated device is strictly
enforced, and no DAC override is permitted.
The device remains allocated to the target process until either (1)
the target process (or some other process with appropriate privilege)
deallocates the device, or (2) the process exits. When deallocated
via either method, the security attributes of the device are restored
to the values they had before the device was allocated to the user,
and the device exits the allocated state. If the device is currently
open when it is deallocated, the device remains allocated until it is
closed, at which point the pending deallocation is effected. A
device may be open multiple times, so a pending deallocation will not
be effected until it is no longer open by any process.
The invoker of the deallocate command must have MAC write access to
the device and either own the device or have appropriate privilege.
Options
-p Allocate the device to the process with the specified pid.
By default, the device is allocated to the parent process
of the allocate command (e.g., to the shell from which the
allocate command was issued).
EXAMPLES
To allocate /dev/rmt/0 to the current process, use:
allocate /dev/rmt/0
To allocate /dev/rmt/1 to the process with pid 1066, use:
allocate -p 1066 /dev/rmt/1
To make /dev/ttyp1 exit the allocated state, use:
deallocate /dev/ttyp1
DIAGNOSTICS
allocate and deallocate write all error messages to stderr.
The allocate and deallocate commands exit with one of the following
values:
0 The device was successfully allocated to the target process,
or the device was successfully deallocated.
1 The operation was unsuccessful.
2 The operation failed due to access restrictions.
3 There was an error in the command line.
SEE ALSO
admdevice(1M), appropriateprivilege(5), capdefaults(5),
dgdevallocatectl(2), secstat(1), security(5).
NOTE
Deallocating a device does not necessarily make that device available
for use by others, since the device may still be open. To force the
device into an allocable state, the processes which currently have
the device open may need to be killed. The fuser(1M) command may be
used to determine which processes have a device open.
Licensed material--property of copyright holder(s)