DG/UX B2 Security R4.12MU02 dg_set_trusted_device(2)
NAME
dgsettrusteddevice - set the trusted-device attribute of device
files
SYNOPSIS
#include <sys/dgtparms.h>
int dgsettrusteddevice (const char *path, int option);
where:
path Address of the pathname of a device file
option One of two options: DGTDEVON or DGTDEVOFF
DESCRIPTION
Dgsettrusteddevice sets the trusted-device attribute of the device
named by the pathname pointed to by path to option. If path refers
to a symbolic link, the option is set for the target of the symbolic
link.
A trusted device is one that either does its own MAC checking or is
inherently trusted and need not perform any access control checks.
The option DGTDEVON sets the attribute, causing the device to be
treated as a trusted device, while DGTDEVOFF resets the attribute.
The subject file must be of type `character-special-file', `block-
special-file', or `streams-file'.
If dgsettrusteddevice fails, the trusted-device attribute of the
device is not changed.
ACCESS CONTROL
The caller must have appropriate privilege.
For systems supporting the DG/UX Capability Option, appropriate
privilege is defined as having one or more specific capabilities
enabled in the effective capability set of the calling process. See
capdefaults(5) for the default capability for this system call. On
systems without the DG/UX Capability Option, appropriate privilege
means that the process has an effective UID of root. See the
appropriateprivilege(5) man page for more information.
RETURN VALUE
0 The dgsettrusteddevice operation was successful.
-1 An error occurred. errno is set to indicate the error.
DIAGNOSTICS
Errno may be set to one of the following error codes:
ENOSYS The system is not configured for MAC.
EPERM The caller does not have sufficient privilege.
EINVAL The option option is not recognized.
EOPNOTSUPP The file the pathname resolved to does not support
this operation.
ENOENT The file the pathname resolved to does not exist.
ENOENT A nonterminal component of the pathname does not
exist.
ENOTDIR A nonterminal component of the pathname was not a
directory or symbolic link.
ENAMETOOLONG The pathname exceeds the length limit for pathnames.
ENAMETOOLONG A component of the pathname exceeds the length limit
for filenames.
ENOMEM There are not enough system resources to resolve the
pathname or to expand a symbolic link.
ELOOP The number of symbolic links encountered during
pathname resolution exceeded MAXSYMLINKS. A symbolic
link cycle is suspected.
EFAULT The pathname does not completely reside in the
process's address space or the pathname does not
terminate in the process's address space.
EBUSY The file object named by path is currently in use by
another process.
SEE ALSO
secstat(1), settdev(1M), dggetomac(2), dggetorange(2),
dgsetomac(2), dgsetorange(2), capdefaults(5).
Licensed material--property of copyright holder(s)