Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ secadvise(2) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

ioctl(2)

streamio(7)






       secadvise(2)                                            secadvise(2)


       NAME
             secadvise - get kernel advisory access information

       SYNOPSIS
             #include <sys/secsys.h>
             int secadvise(struct obj_attr *obj, int cmd, struct sub_attr *sub);

       DESCRIPTION
             The secadvise system call is used to get advisory access
             information from the kernel.

             The obj argument points to a structure containing the
             attributes for an object.  This structure is defined with at
             least the following members:
                   uid_t uid;
                   gid_t gid;
                   mode_t mode;
                   level_t lid;

             The level_t argument is ignored unless the Enhanced Security
             Utilities are installed.

             The cmd argument determines the requested access.  The sub
             argument points to a structure containing the attributes for a
             subject.  The subject structure is retrieved through the
             I_S_RECVFD command of the ioctl system call.

             secadvise recognizes the following commands:

             SA_SUBSIZE
                       Returns the size of the subject attributes
                       structure.  The obj and sub arguments are ignored.
                       This command is provided so that future changes to
                       the kernel can happen without recompilation of the
                       application program.

             SA_READ   Determines whether sub has read access to obj.  If
                       this command succeeds, it returns 0 to the calling
                       process.

                       This call will fail, returning -1, if one or more of
                       the following is true:

                       EACCES    if sub does not have read access to obj.




                           Copyright 1994 Novell, Inc.               Page 1













      secadvise(2)                                            secadvise(2)


                      EFAULT    if obj or sub points outside the allocated
                                address space for the process.

            SA_WRITE  Determines whether sub has write access to obj.  If
                      this command succeeds, it returns 0 to the calling
                      process.

                      This call will fail, returning -1, if one or more of
                      the following is true:

                      EACCES    if sub does not have write access to obj.

                      EFAULT    if obj or sub points outside the allocated
                                address space for the process.

            SA_EXEC   Determines whether sub has execute access to obj.
                      If this command succeeds, it returns 0 to the
                      calling process.

                      This call will fail, returning -1, if one or more of
                      the following is true:

                      EACCES    if sub does not have execute access to
                                obj.

                      EFAULT    if obj or sub points outside the allocated
                                address space for the process.

         Return Values
            Return values for secadvise depend on cmd and are described
            above.

         Errors
            Errors for secadvise depend on cmd and are described above.

      REFERENCES
            ioctl(2), streamio(7)











                          Copyright 1994 Novell, Inc.               Page 2








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026