dg_set_tfm_mode(2) DG/UX B2 Security R4.12MU02 dg_set_tfm_mode(2)
NAME
dgsettfmmode - set the TFM mode of a process.
SYNOPSIS
#include <sys/types.h>
#include <sys/mac.h>
int dgsettfmmode(pid, newmode)
pidt pid;
int newmode;
where:
pid The process ID of the process whose TFM mode is to be set.
newmode Either TFMMODEOFF, to disable TFM mode, or TFMMODEON, to
enable TFM mode. Also, the mask TFMMODEPERM can be
included with either of these to prevent further changes to
the process' TFM mode setting.
DESCRIPTION
Trusted Facility Management (TFM) mode refers to a process state in
which only commands with particular MAC labels may be executed. The
dgsettfmmode system call sets the TFM mode of the process
indicated by pid to the mode indicated by the newmode parameter.
ACCESS CONTROL
To change a TFM mode setting, the process must have appropriate
privilege and have appropriate MAC access to the target process.
(See the appropriateprivilege(5) man page for more information.)
For systems supporting the DG/UX Capability Option, appropriate
privilege is defined as having one or more specific capabilities
enabled in the effective capability set of the calling process. See
capdefaults(5) for the default capability for this system call.
RETURN VALUE
0 Successful completion.
-1 An error occurred. errno is set to indicate the error.
EXCEPTIONS
Errno may be set to one of the following error codes:
EACCES The caller is denied MAC access to the target process.
EINVAL The newmode parameter has an invalid value, or the process
pid cannot have its TFM mode setting changed.
ENOSYS MAC is not configured on the system.
EPERM The caller did not have sufficient privilege.
SEE ALSO
dggettfmmode(2), capdefaults(5).
Licensed material--property of copyright holder(s)