dg_set_required_cap(2) DG/UX B2 Security R4.12MU02 dg_set_required_cap(2)
NAME
dgsetrequiredcap - change the required capability set of an
object.
SYNOPSIS
#include <sys/capability.h>
#include <sys/dgtparms.h>
int dgsetrequiredcap(targtype, targ, rcapp)
const int targtype;
const void *targ;
caprequiredt *rcapp;
where:
targtype A token that identifies the type of object whose required
capability set is to be replaced. The available tokens
are defined in sys/dgtparms.h as follows:
TFILE The object is a file identified by a
pathname.
TSYMLINK The object is a file identified by a
pathname. If the terminal component of the
pathname is a symbolic link, the link is not
followed.
TFD The object is a file, socket or pipe
identified by a descriptor.
TMSG The object is a message queue identified by a
message queue identifier.
TSHM The object is a shared memory segment
identified by a shared memory segment
identifier.
TSEM The object is a semaphore identified by a
semaphore set identifier.
targ The address of the identifier of the object whose required
capability set is to be replaced. The value of targtype
determines the type of entity that targ points to as
follows:
TFILE targ points to a pathname string.
TSYMLINK The object is a file identified by a
pathname. If the terminal component of the
pathname is a symbolic link, the link is not
followed.
TFD targ points to a file, socket or pipe
descriptor.
TMSG targ points to a message queue identifier.
TSHM targ points to a shared memory segment
identifier.
TSEM targ points to a semaphore set identifier.
rcapp The address of the required capability structure to
associate with the target object.
DESCRIPTION
This system call replaces the required capability set of the object
targ with the required set given by rcapp.
The required set is removed from the target object when the size
field of rcapp is zero. Removing a required set that does not exist
is not an error.
When the call fails the state of the target object is not changed.
ACCESS CONTROL
To change the required set the caller must either own the object or
must have appropriate privilege. For systems supporting the DG/UX
Capability Option, appropriate privilege is defined as having one or
more specific capabilities enabled in the effective capability set of
the calling process. See capdefaults(5) for the default capability
for this system call. On systems without the DG/UX Capability
Option, appropriate privilege means that the process has an effective
UID of root. See the appropriateprivilege(5) man page for more
information. When MAC is configured the caller must also have MAC
read and write access for the object.
RETURN VALUE
0 Successful completion.
-1 An error occurred. errno is set to indicate the error.
EXCEPTIONS
errno may be set to one of the following error codes:
EINVAL The type, version or size field is not valid.
ENOSYS This system call was made on a system that does not have
the POSIXCAP configuration option enabled.
EACCES Search permission is denied for a non-terminal component
of the targ.
EACCES On a system with DG/UX information security, MAC read or
write access to the target is denied.
EFAULT The parameter targ points to a memory area not
accessible to the calling process.
EFAULT The parameter rcapp points to a memory area not
accessible to the calling process.
ENOENT The object the pathname resolved to does not exist or a
non-terminal component does not exist.
ENAMETOOLONG The value of targtype is TFILE and the pathname given
by targ exceeds the length limit for pathname.
ELOOP The number of symbolic links encountered during pathname
resolution exceeded MAXSYMLINKS. A symbolic link cycle
is suspected.
ENOTDIR A non-terminal component of targ is not a directory.
EOPNOTSUPP The operation is not supported for the specified object.
ENOMEM The operating system was unable to allocate internal
memory to process the system call.
SEE ALSO
dggetrequiredcap(2), capdefaults(5).
Licensed material--property of copyright holder(s)