Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dg_setorange(2) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

gettuple(1)

settuple(1M)



dg_setorange(2)          DG/UX B2 Security R4.12MU02         dg_setorange(2)


NAME
       dgsetorange - set the mandatory access control (MAC) range of an
       object

SYNOPSIS
       #include <sys/types.h>
       #include <sys/dgtparms.h>
       #include <sys/mac.h>

       int    dgsetorange(targtype, targ, range, rangesize, textrange,
              textrangesize)
       int    targtype;
       const void    *targ;
       macrangestructt *range;
       int    rangesize;
       char   *textrange;
       int    textrangesize;

   where:
       targtype      A token that identifies the type of object whose MAC
                      range is set.  The available tokens are defined in
                      sys/dgtparms.h as follows:
                        TPROC  The object is an existing process on the
                                system.
                        TFILE  The object is a file identified by a
                                pathname.
                        TFD    The object is a file, socket or pipe
                                identified by a descriptor.
                        TMSG   The object is a message queue identified by
                                a message queue identifier.
                        TSHM   The object is a shared memory segment
                                identified by a shared memory segment
                                identifier.
                        TSEM   The object is a semaphore identified by a
                                semaphore set identifier.

       targ           The address of the identifier of the object whose MAC
                      range is to be set.  The targtype parameter values
                      are defined in sys/tparms.h.  The value of targtype
                      determines the type of entity that targ points to as
                      follows:
                        TPROC  targ points to a process id (type pidt).
                        TFILE  targ points to a pathname string.
                        TFD    targ points to a file, socket or pipe
                                descriptor.
                        TMSG   targ points to a message queue identifier.
                        TSHM   targ points to shared memory segment
                                identifier.
                        TSEM   targ points to a semaphore set identifier.

       range          The address of a macrangestructt that contains the
                      valid MAC range being set on the object.

       rangesize      An integer containing the size in bytes of the MAC
                      range structure.

       textrange      Currently unused. This should be a NULL pointer.

       textrangesize  Currently unused. This should be zero.

DESCRIPTION
       This interface is obsolete, but is retained for compatibility with
       existing applications. New applications should use dgsettuple
       instead.  The dgsetorange system call converts the
       macrangestructt structure pointed to by range into a MAC range
       tuple and sets this tuple on the object identified by targtype and
       targ. The conversion process splits the range between the various MAC
       regions, if necessary.

       Note that if the target of dgsetorange is not a directory, then any
       MAC label on the target will be removed.

ACCESS CONTROL
       To set the MAC range of an object, a process must have MAC read/write
       access to the object and must have MAC write access to the entire
       range being set.  In addition to this, the process must have
       appropriate privilege.

       For systems supporting the DG/UX Capability Option, appropriate
       privilege is defined as having one or more specific capabilities
       enabled in the effective capability set of the calling process.  See
       capdefaults(5) for the default capability for this system call.  On
       systems without the DG/UX Capability Option, appropriate privilege
       means that the process has an effective UID of root. See the
       appropriateprivilege(5) man page for more information.

       When setting a MAC range on a process, the new MAC range (tuple) must
       include the MAC label of the process and can be no larger than the
       existing MAC range tuple on the process.

RETURN VALUE
       0      Successful completion.

       -1     An error occurred.  errno is set to indicate the error.

ERRORS
       Errno may be set to one of the following error codes:

       EPERM         The caller does not have appropriate privilege.

       EACCES        The caller does not have the required access rights to
                     the object.

       ENOENT        The object does not exist.

       ENAMETOOLONG  A component of the pathname pointed at by targ exceeds
                     the length limit for filenames.

       EFAULT        The range parameter specified an area of memory not
                     accessible to the calling process.

       ENOMEM        The operating system was unable to allocate sufficient
                     internal memory to process the system call.

       EINVAL        Invalid parameter passed.

       EOPNOTSUPP    This operation is not supported on the targtype or
                     object passed.

       ENOSYS        MAC is not configured on the system.

       EBUSY         The file object named by path is currently in use by
                     another process.

SEE ALSO
       gettuple(1), settuple(1M), dggetorange(2), dgsettmpomac(2),
       dggettuple(2), dgsettuple(2), dggetomac(2), dgsetomac(2),
       capdefaults(5), macdef(5).

NOTES
       Setting a MAC range which does not include any portion of the the
       Virus Prevention region on a process will likely deny the process any
       further access to the filesystem, including system executables.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026