NEWLABEL(1) NEWLABEL(1)
NAME
newlabel - run a process at another label
SYNOPSIS
newlabel [ -EFIOmt ] [ -ah dir ] [ -efio path ] [ label ] [ cmd [ arg ...
] ]
DESCRIPTION
newlabel allows the user to run a process at another label without
logging off. To prevent inappropriate transfers of information, all open
file descriptors are closed before the new process is invoked. Unless
the invoked by the Superuser with one or more of the -E, -F, -I, or -O
options, the stdin, stdout, and stderr are closed and reopened after the
label is changed. The default path used is /dev/tty, but may be changed
with the -e, -f, -i, and -o options. If the path cannot be opened
/dev/null is opened.
If a cmd is given, it is invoked using /bin/sh. If the cmd is followed
by one or more args, the entire string of cmd plus args should be quoted
to ensure that it is interpreted by /bin/sh, rather than the current
shell. If no cmd is given, the user's preferred shell is invoked. Note
that in most cases, a shell running with a different label will not be
able to open /dev/tty.
The newlabel command has the following options:
-E Do not close and reopen standard error. This option is restricted
to the Superuser.
-F Do not close and reopen standard error, input, or output. This
option is restricted to the Superuser.
-I Do not close and reopen standard input. This option is restricted
to the Superuser.
-O Do not close and reopen standard output. This option is restricted
to the Superuser.
-a Run the specified command at each label at which there is a sub-
directory in dir. The sub-directory check is done with the process
label set to msenmldhigh/mintequal in case dir has a moldy label.
This option is restricted to the Superuser.
-e Use the following path instead of /dev/tty as the standard error.
-f Use the following path instead of /dev/tty as the standard error,
input, and output.
-h Run the specified command at each label at which there is a sub-
directory in dir with neither equal sensitivity nor equal integrity.
The sub-directory check is done with the process label set to
msenmldhigh/mintequal in case dir has a moldy label. This option is
Page 1
NEWLABEL(1) NEWLABEL(1)
restricted to the Superuser.
-i Use the following path instead of /dev/tty as the standard input.
-m Use a label exactly like that on the current process, except that
the new label is assured to be moldy. This option excludes the -t
option.
-o Use the following path instead of /dev/tty as the standard output.
-t Use a label exactly like that on the current process, except that
the new label is assured not to be moldy. This option excludes the
-m option.
EXAMPLES
To obtain a shell with moldy characteristics, execute:
newlabel -m
To look at the current directy without moldy characteristics when the
current process has them, execute:
newlabel -t ls -l
To execute ps(1) at the system high label with no integrity, execute:
newlabel msenhigh/mintlow ps -el
To do the same thing, but write the result into a file, execute:
newlabel -o /tmp/ps.out msenhigh/mintlow ps -el
FILES
/bin/csh default command
/dev/tty default output
/dev/null secondary output
SEE ALSO
su(1m), login(1),
Page 2