secadvise(2) secadvise(2)
NAME
secadvise - get kernel advisory access information
SYNOPSIS
#include <sys/secsys.h>
int secadvise(struct obj_attr *obj, int cmd, struct sub_attr *sub);
DESCRIPTION
The secadvise system call is used to get advisory access
information from the kernel.
The obj argument points to a structure containing the
attributes for an object. This structure is defined with at
least the following members:
uid_t uid;
gid_t gid;
mode_t mode;
level_t lid;
The level_t argument is ignored unless the Enhanced Security
Utilities are installed.
The cmd argument determines the requested access. The sub
argument points to a structure containing the attributes for a
subject. The subject structure is retrieved through the
I_S_RECVFD command of the ioctl system call.
secadvise recognizes the following commands:
SA_SUBSIZE
Returns the size of the subject attributes
structure. The obj and sub arguments are ignored.
This command is provided so that future changes to
the kernel can happen without recompilation of the
application program.
SA_READ Determines whether sub has read access to obj. If
this command succeeds, it returns 0 to the calling
process.
This call will fail, returning -1, if one or more of
the following is true:
EACCES if sub does not have read access to obj.
Copyright 1994 Novell, Inc. Page 1
secadvise(2) secadvise(2)
EFAULT if obj or sub points outside the allocated
address space for the process.
SA_WRITE Determines whether sub has write access to obj. If
this command succeeds, it returns 0 to the calling
process.
This call will fail, returning -1, if one or more of
the following is true:
EACCES if sub does not have write access to obj.
EFAULT if obj or sub points outside the allocated
address space for the process.
SA_EXEC Determines whether sub has execute access to obj.
If this command succeeds, it returns 0 to the
calling process.
This call will fail, returning -1, if one or more of
the following is true:
EACCES if sub does not have execute access to
obj.
EFAULT if obj or sub points outside the allocated
address space for the process.
Return Values
Return values for secadvise depend on cmd and are described
above.
Errors
Errors for secadvise depend on cmd and are described above.
REFERENCES
ioctl(2), streamio(7)
Copyright 1994 Novell, Inc. Page 2