Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dg_get_tfm_mode(2) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought



dg_get_tfm_mode(2)       DG/UX B2 Security R4.12MU02      dg_get_tfm_mode(2)


NAME
       dggettfmmode - get a process's TFM mode

SYNOPSIS
       #include <sys/types.h>
       #include <sys/mac.h>

       int     dggettfmmode(pid)
       pidt   pid

   where:
       pid  The process ID of the process whose TFM mode is to be fetched.
            If pid equals zero, the TFM mode of the calling process is
            returned.

DESCRIPTION
       Trusted Facility Management (TFM) mode refers to a process state in
       which only commands with particular MAC labels may be executed.  The
       dggettfmmode system call gets the current TFM mode for the
       specified process.

ACCESS CONTROL
       The caller must have MAC read access to the target process, or have
       appropriate privilege.  For systems supporting the DG/UX Capability
       Option, appropriate privilege is defined as having one or more
       specific capabilities enabled in the effective capability set of the
       calling process.  See capdefaults(5) for the default capability for
       this system call.  On systems without the DG/UX Capability Option,
       appropriate privilege means that the process has an effective UID of
       root.

RETURN VALUE
       TFM_MODE_OFF   The process is not running in TFM mode. Any command to
                      which the process has appropriate MAC, DAC and CAC
                      access can be executed.

       TFM_MODE_ON    The process is running in TFM mode. Only commands with
                      MAC labels in the VP_EXEC or VP_SITE hierarchies may
                      be executed.

       TFM_MODE_PERM  This is a mask that may be included with either of the
                      above values. It indicates that the process cannot
                      have its TFM mode setting changed.

       -1             An error occurred.  errno is set to indicate the
                      error.

EXCEPTIONS
       Errno may be set to one of the following error codes:

       EACCES  The caller is denied MAC access to the target process.

       ENOSYS  MAC is not configured on the system.

       EPERM   The caller did not have sufficient privilege.

SEE ALSO
       dgsettfmmode(2), capdefaults(5).



Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026