Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getfilexsec(1m) [hpux man page]

getfilexsec(1M) 														   getfilexsec(1M)

NAME

       getfilexsec - display security attributes of binary executable(s)

SYNOPSIS

       filename...

DESCRIPTION

       The command displays various extended security attributes associated with binary executable files.  These attributes include retained priv-
       ileges, permitted privileges, and compartment and security attribute flags.  See privileges(5) and exec(2)

   Options
       The command supports the following options:

	      Displays the compartment name of the file(s).

	      Displays security attribute flags.
			The only currently defined flag is the privilege start flag.

	      Displays the minimum permitted privileges.

	      Displays the maximum permitted privileges.

	      Displays the minimum retained privileges.

	      Displays the maximum retained privileges.

       If no options are specified, all extended security attributes of the binary file(s) are displayed.

   Operands
       supports the following operand:

	      filename	Binary executable file.  All file names given as arguments must be binary executables.	Files of other types (for example,
			script executables, text files, and so on) are not permitted.

   Security Restrictions
       The user invoking this command must be able to open the directory in which the binary executable files are present.

RETURN VALUE

       returns the following values:

	      Successful completion.
		     The attributes are displayed.

	      An error occurs.
		     An error can be caused by an invalid option or inadequate permissions to perform the operation.

EXAMPLES

       Example 1: Display the maximum permitted privileges and privilege-aware flag of binary executable file

       Sample output:

	      /web/java:
	      Flag: start_nil
	      PermittedMaxPrivileges: CMPTREAD, CMPTWRITE

SEE ALSO

       setfilexsec(1M), exec(2), compartments(5), privileges(5).

																   getfilexsec(1M)

Check Out this Related Man Page

cmpt_change(3)						     Library Functions Manual						    cmpt_change(3)

NAME

       cmpt_change(), cmpt_get() - set and get process' compartment

SYNOPSIS


   Parameters
	      cid    Compartment ID.

	      pid    Process ID of the target process or for the calling process.

DESCRIPTION

       The and functions query and manipulate the compartment of a process.

       The  function  returns  the given process' compartment ID.  If is passed as the pid parameter, the compartment ID of the calling process is
       returned.

       The function changes the calling process' compartment ID to be the value of cid.

   Security Restrictions
       In order for the function to be effective, the calling process must possess the privilege.  See privileges(5) for  more	information  about
       privileges.

RETURN VALUE

       returns the following values:

	      Successful completion.
		   The function returns a valid compartment ID.
	      Function failed.
		   is set to indicate the error.

       returns the following values:

	      Successful completion.
	      Function failed.
		   is set to indicate the error.

ERRORS

       If any of the following conditions occur, the functions fail and set

	      Invalid compartment ID specified.

	      The function failed to allocate sufficient memory for its operation.

	      The process does not have the
			     privilege.

	      pid	     is not valid.

EXAMPLES

	      #include <errno.h>
	      #include <sys/cmpt.h>

	      main()
	      {
		      cmpt_t c = cmpt_getbyname("init");
		      if (cmpt_change(c) == -1 )
		      {
			      perror("could not enter init compartment");
			      exit(1);
		      }

		      printf("The process is now running in compartment %d
",
			      cmpt_get(0));
	      }

DEPENDENCIES

       These functions are a part of the library.

SEE ALSO

       cmpt_getbynum(3), cmpt_getbyname(3), compartments(4), compartments(5), privileges(5).

																    cmpt_change(3)
Man Page