Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ getrange(1) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

getmac(1)

secstat(1)

setmac(1M)

setrange(1M)



getrange(1)              DG/UX B2 Security R4.12MU02             getrange(1)


NAME
       getrange - display mandatory access control (MAC) range

SYNOPSIS
       getrange [-alpqr] [-t al] [-o objecttype] [object ...]

       getrange [-q] [-t al] [-s [pid ...] ]

   where:
       objecttype  The type of object: f, m, p, q, or s
       object       The name or identifier of an object
       pid          A process identification number

DESCRIPTION
       The getrange command displays MAC ranges.  If you omit all arguments,
       the MAC range for your current shell process is displayed.

   Options
       -a     Display the MAC ranges of all files, including those beginning
              with a full stop (.), when used with the -r option.

       -l     If target is a symbolic link, operate on the link.  The
              default behavior is to operate on the object that the link
              references.

       -p     Display absolute pathnames of file objects.

       -q     Do not write diagnostic messages.  The usage error message is
              always written.

       -r     Recursively descend through directory file objects, displaying
              the MAC range for each file object.

       -t al  Indicate the type of alias printing desired.  -ta prints out
              all aliases that would result in the same MAC label.  They are
              printed in order of last defined through first defined in the
              files /etc/tcb/mac/macaliasdefs and then
              /etc/tcb/mac/maclabeldefs.  -tl displays the long form of
              the alias name; the default is to display the short form.
              -tal displays the long form of -ta.

       -o     Specify the type of object arguments.  If you use -o
              objecttype but omit object, getrange uses the default object.
              Values for objecttype, the objects associated with them, the
              specification format for the objects, and the default objects
              are listed below.

              Value  Object             Format            Default
              f      file               filename          Working directory (.)
              m      shared memory IPC  shared memory ID  0
              q      message queue IPC  message queue ID  0
              p      process            PID number        The invoking PID
              s      semaphore IPC      semaphore set ID  0

              Note that UNIX-domain sockets are file objects.

       -s     Display the MAC label of the invoking process.

       If you omit -o objecttype and specify one or more objects, the
       default object type is f (file).  If getrange is invoked without -s,
       -o, or object, then getrange displays the invoking process's MAC
       range.

   MAC Label Format
       Getrange displays the MAC range of an object as two MAC labels
       representing the lower bound and the upper (high) bound of the MAC
       range.  Each MAC label of an object is displayed in the following
       format:

              objectname  MAClabelalias

       There is a separate objectname for each objecttype:

              Object type   Format
              f             filename
              p             p:pidnumber
              m             m:sharedmemoryID
              q             q:messagequeueID
              s             s:semaphoresetID

       MAClabelalias is the external text representation of the MAC label
       as defined in the files /etc/tcb/mac/macaliasdefs and
       /etc/tcb/mac/maclabeldefs.  For a complete description of the
       MAClabelalias format, see macdefs(4M).

       getrange -s displays the MAC label of of the subject (the invoking
       process) in the following format:

            MAClabelalias

EXAMPLES
       $ getrange -r -tl dirabc
       dir_abc -L ACCRED_LO -H ACCRED_HI
       a -L SESSION_LO -H SESSION_HI
       b -L SESSION_LO -H SESSION_LO
       c -L IMPLEMENTATION_LO -H IMPLEMENTATION_HI

       $ getrange -pr dirabc
       /usr/ab_user/dir_abc/a -L SES_LO -H SES_HI
       /usr/ab_user/dir_abc/b -L SES_LO -H SES_LO
       /usr/ab_user/dir_abc/c -L IMPL_LO -H IMPL_HI

FILES
       /etc/macalias
       /etc/tcb/mac/maclabeldefs
       /etc/tcb/mac/macaliasdefs

DIAGNOSTICS
       Getrange writes all diagnostic messages to stderr.

       The getrange command exits with one of the following values:

            0    The MAC ranges associated with all specified files were
                 successfully reported.

            1    MAC is not supported on this system.

            2    getrange could not report a MAC range.

            3    getrange usage is wrong.

SEE ALSO
       getmac(1), secstat(1), setmac(1M), setrange(1M), dggetomac(2),
       dggetorange(2), dgsetomac(2), dgsetomaconly(2), dgsetorange(2),
       maclibrary(3), macdefs(4M).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026