dg_mac_mkdir(2) DG/UX B2 Security R4.12MU02 dg_mac_mkdir(2)
NAME
dgmacmkdir - create an upgraded directory
SYNOPSIS
#include <sys/types.h>
#include <sys/mac.h>
int dgmacmkdir(path, mode, mlptr, mlsize, textmac, textmacsize)
char *path;
modet mode;
maclabelt mlptr;
int mlsize;
char *textmac;
int textmacsize;
where:
path Path name of the directory to create.
mode The permission bits to apply to the new directory.
mlptr Pointer to the MAC label to be applied to the new
directory.
mlsize Size of the structure pointed to by mlptr.
textmac Pointer to a text form of the MAC label. This is not
currently used and should be NULL.
textmacsize Length of textmac. This is not currently used, and
should be 0.
DESCRIPTION
The dgmacmkdir system call creates a directory at a MAC (mandatory
access control) label which is not necessarily that of the calling
process. Other than the access control requirements detailed below,
and the MAC label assigned to the directory, this call functions the
same as the mkdir(2) system call.
ACCESS CONTROL
The caller must have appropriate privilege.
Additionally, the caller must either have MAC write access to the
proposed label and write access (MAC, DAC and CAC) to the parent
directory, or the caller must own the parent directory, have MAC
search, DAC (discretionary access control) write and search and CAC
(capability access control) search access to the parent directory.
Also, the upper bound of the caller's user-region MAC range must
dominate the proposed label, which in turn must dominate the MAC
label of the parent directory, which must dominate the caller's MAC
label.
For systems supporting the DG/UX Capability Option, appropriate
privilege is defined as having one or more specific capabilities
enabled in the effective capability set of the calling process. See
capdefaults(5) for the default capability for this system call. On
systems without the DG/UX Capability Option, appropriate privilege
means that the process has an effective UID of root. See the
appropriateprivilege(5) man page for more information.
RETURN VALUE
0 Successful completion.
-1 An error occurred. The errno variable is set to indicate the
error.
EXCEPTIONS
The errno variable may be set to one of the following error codes:
EPERM The caller does not have appropriate privilege to make
this call.
EACCES The caller lacks appropriate access to the parent
directory, or the MAC label relationship requirements
are not met.
EMLINK The maximum number of links to the parent directory
would be exceeded by the creation.
EROFS The path name refers to a file system device mounted
read-only.
EFAULT The path parameter specified an area of memory not
accessible to the calling process.
EEXIST The name path refers to an existing file system object.
ENOENT A non-terminal component of the path name does not
exist.
ENOTDIR A non-terminal component of the path name is not a
directory or symbolic link.
ENAMETOOLONG The path name exceeds the length limit for file names.
ENAMETOOLONG A component of the path name exceeds the length limit
for file names.
ENOMEM There are not enough system resources to resolve the
path name or to expand a symbolic link.
ELOOP The number of symbolic links encountered during path
name resolution exceeded MAXSYMLINKS. A symbolic link
cycle is suspected.
SEE ALSO
mkdir(2), capdefaults(5).
Licensed material--property of copyright holder(s)