Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dg_mac_mkdir(2) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

mkdir(2)



dg_mac_mkdir(2)          DG/UX B2 Security R4.12MU02         dg_mac_mkdir(2)


NAME
       dgmacmkdir - create an upgraded directory

SYNOPSIS
       #include <sys/types.h>
       #include <sys/mac.h>

       int    dgmacmkdir(path, mode, mlptr, mlsize, textmac, textmacsize)
       char                *path;
       modet              mode;
       maclabelt         mlptr;
       int                 mlsize;
       char                *textmac;
       int                 textmacsize;

   where:
       path         Path name of the directory to create.

       mode         The permission bits to apply to the new directory.

       mlptr       Pointer to the MAC label to be applied to the new
                    directory.

       mlsize      Size of the structure pointed to by mlptr.

       textmac      Pointer to a text form of the MAC label. This is not
                    currently used and should be NULL.

       textmacsize  Length of textmac. This is not currently used, and
                    should be 0.

DESCRIPTION
       The dgmacmkdir system call creates a directory at a MAC (mandatory
       access control) label which is not necessarily that of the calling
       process. Other than the access control requirements detailed below,
       and the MAC label assigned to the directory, this call functions the
       same as the mkdir(2) system call.

ACCESS CONTROL
       The caller must have appropriate privilege.

       Additionally, the caller must either have MAC write access to the
       proposed label and write access (MAC, DAC and CAC) to the parent
       directory, or the caller must own the parent directory, have MAC
       search, DAC (discretionary access control) write and search and CAC
       (capability access control) search access to the parent directory.
       Also, the upper bound of the caller's user-region MAC range must
       dominate the proposed label, which in turn must dominate the MAC
       label of the parent directory, which must dominate the caller's MAC
       label.

       For systems supporting the DG/UX Capability Option, appropriate
       privilege is defined as having one or more specific capabilities
       enabled in the effective capability set of the calling process.  See
       capdefaults(5) for the default capability for this system call.  On
       systems without the DG/UX Capability Option, appropriate privilege
       means that the process has an effective UID of root. See the
       appropriateprivilege(5) man page for more information.

RETURN VALUE
       0      Successful completion.

       -1     An error occurred.  The errno variable is set to indicate the
              error.

EXCEPTIONS
       The errno variable may be set to one of the following error codes:

       EPERM         The caller does not have appropriate privilege to make
                     this call.

       EACCES        The caller lacks appropriate access to the parent
                     directory, or the MAC label relationship requirements
                     are not met.

       EMLINK        The maximum number of links to the parent directory
                     would be exceeded by the creation.

       EROFS         The path name refers to a file system device mounted
                     read-only.

       EFAULT        The path parameter specified an area of memory not
                     accessible to the calling process.

       EEXIST        The name path refers to an existing file system object.

       ENOENT        A non-terminal component of the path name does not
                     exist.

       ENOTDIR       A non-terminal component of the path name is not a
                     directory or symbolic link.

       ENAMETOOLONG  The path name exceeds the length limit for file names.

       ENAMETOOLONG  A component of the path name exceeds the length limit
                     for file names.

       ENOMEM        There are not enough system resources to resolve the
                     path name or to expand a symbolic link.

       ELOOP         The number of symbolic links encountered during path
                     name resolution exceeded MAXSYMLINKS. A symbolic link
                     cycle is suspected.

SEE ALSO
       mkdir(2), capdefaults(5).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026