dg_get_tfm_mode(2) DG/UX B2 Security R4.12MU02 dg_get_tfm_mode(2)
NAME
dggettfmmode - get a process's TFM mode
SYNOPSIS
#include <sys/types.h>
#include <sys/mac.h>
int dggettfmmode(pid)
pidt pid
where:
pid The process ID of the process whose TFM mode is to be fetched.
If pid equals zero, the TFM mode of the calling process is
returned.
DESCRIPTION
Trusted Facility Management (TFM) mode refers to a process state in
which only commands with particular MAC labels may be executed. The
dggettfmmode system call gets the current TFM mode for the
specified process.
ACCESS CONTROL
The caller must have MAC read access to the target process, or have
appropriate privilege. For systems supporting the DG/UX Capability
Option, appropriate privilege is defined as having one or more
specific capabilities enabled in the effective capability set of the
calling process. See capdefaults(5) for the default capability for
this system call. On systems without the DG/UX Capability Option,
appropriate privilege means that the process has an effective UID of
root.
RETURN VALUE
TFM_MODE_OFF The process is not running in TFM mode. Any command to
which the process has appropriate MAC, DAC and CAC
access can be executed.
TFM_MODE_ON The process is running in TFM mode. Only commands with
MAC labels in the VP_EXEC or VP_SITE hierarchies may
be executed.
TFM_MODE_PERM This is a mask that may be included with either of the
above values. It indicates that the process cannot
have its TFM mode setting changed.
-1 An error occurred. errno is set to indicate the
error.
EXCEPTIONS
Errno may be set to one of the following error codes:
EACCES The caller is denied MAC access to the target process.
ENOSYS MAC is not configured on the system.
EPERM The caller did not have sufficient privilege.
SEE ALSO
dgsettfmmode(2), capdefaults(5).
Licensed material--property of copyright holder(s)