Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ gettuple(1) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

getmac(1)

secstat(1)

setmac(1M)

settuple(1M)



gettuple(1)              DG/UX B2 Security R4.12MU02             gettuple(1)


NAME
       gettuple - display mandatory access control (MAC) tuple

SYNOPSIS
       gettuple [-alpqr] [-t al] [-o objecttype] [object ...]

       gettuple [-q] [-t al] [-s [pid ...] ]

   where:
       objecttype  The type of object: f, m, p, q, or s
       object       The name or identifier of an object
       pid          A process identification number

DESCRIPTION
       The gettuple command displays MAC tuples.  If you omit all arguments,
       the MAC tuple for your current shell process is displayed.

   Options
       -a     Display the MAC tuples of all files, including those beginning
              with a full stop (.), when used with the -r option.

       -l     If target is a symbolic link, operate on the link.  The
              default behavior is to operate on the object that the link
              references.

       -p     Display absolute pathnames of file objects.

       -q     Do not write diagnostic messages.  The usage error message is
              always written.

       -r     Recursively descend through directory file objects, displaying
              the MAC tuple for each file object.

       -t al  Indicate the type of alias printing desired.  -ta prints out
              all aliases that would result in the same MAC label.  They are
              printed in order of last defined through first defined in the
              files /etc/tcb/mac/macaliasdefs and then
              /etc/tcb/mac/maclabeldefs.  -tl displays the long form of
              the alias name; the default is to display the short form.
              -tal displays the long form of -ta.

       -o     Specify the type of object arguments.  If you use -o
              objecttype but omit object, gettuple uses the default object.
              Values for objecttype, the objects associated with them, the
              specification format for the objects, and the default objects
              are listed below.

              Value  Object             Format            Default
              f      file               filename          Working directory (.)
              m      shared memory IPC  shared memory ID  0
              q      message queue IPC  message queue ID  0
              p      process            PID number        The invoking PID
              s      semaphore IPC      semaphore set ID  0

              Note that UNIX-domain sockets are file objects.

       -s     Display the MAC tuple of the invoking process.

       If you omit -o objecttype and specify one or more objects, the
       default object type is f (file).  If gettuple is invoked without -s,
       -o, or object, then gettuple displays the invoking process's MAC
       tuple.

   MAC Tuple Format
       Gettuple displays the MAC tuple of an object by displaying up to
       three MAC ranges, where each range is listed as two MAC labels
       representing the lower bound and the upper (high) bound of the MAC
       range.  Each MAC tuple of an object is displayed in the following
       format:

              objectname  MACtuplealias

       There is a separate objectname for each objecttype:

              Object type   Format
              f             filename
              p             p:pidnumber
              m             m:sharedmemoryID
              q             q:messagequeueID
              s             s:semaphoresetID

       MACtuplealias is the external text representation of each MAC label
       comprising the endpoints of the ranges of the MAC tuple.  The MAC
       label aliases are defined in the files /etc/tcb/mac/macaliasdefs
       and /etc/tcb/mac/maclabeldefs.  For a complete description of the
       MAC label alias format, see macdefs(4M).

       gettuple -s displays the MAC tuple of of the subject (the invoking
       process) in the following format:

            MACtuplealias

EXAMPLES
       $ gettuple dir/abc
       foobar -L ADMIN_LO -H ADMIN_HI -L USER_LO -H USER_HI

       $ gettuple
       -L ACR_LO -H ACR_HI -L VP_EXEC -H VP_EXEC

FILES
       /etc/macalias
       /etc/tcb/mac/maclabeldefs
       /etc/tcb/mac/macaliasdefs

DIAGNOSTICS
       Gettuple writes all diagnostic messages to stderr.

       The gettuple command exits with one of the following values:

            0    The MAC tuples associated with all specified files were
                 successfully reported.

            1    MAC is not supported on this system.

            2    gettuple could not report a MAC tuple.

            3    gettuple usage is wrong.

SEE ALSO
       getmac(1), secstat(1), setmac(1M), settuple(1M), dggetomac(2),
       dgsetomac(2), maclibrary(3), macdefs(4M).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026