Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

priv(9) [freebsd man page]

PRIV(9) 						   BSD Kernel Developer's Manual						   PRIV(9)

NAME

     priv -- kernel privilege checking API

SYNOPSIS

     #include <sys/priv.h>

     int
     priv_check(struct thread *td, int priv);

     int
     priv_check_cred(struct ucred *cred, int priv, int flags);

DESCRIPTION

     The priv interfaces check to see if specific system privileges are granted to the passed thread, td, or credential, cred.	This interface
     replaces the now removed suser(9) privilege checking interface.  Privileges typically represent rights in one of two categories: the right to
     manage a particular component of the system, or an exemption to a specific policy or access control list.	The caller identifies the desired
     privilege via the priv argument.  The optional flags argument, flags, is currently unused.

   Privilege Policies
     Privileges are typically granted based on one of two base system policies: the superuser policy, which grants privilege based on the effec-
     tive (or sometimes real) UID having a value of 0, and the jail(2) policy, which permits only certain privileges to be granted to processes in
     a jail.  The set of available privileges may also be influenced by the TrustedBSD MAC Framework, described in mac(9).

IMPLEMENTATION NOTES

     When adding a new privilege check to a code path, first check the complete list of current privileges in sys/priv.h to see if one already
     exists for the class of privilege required.  Only if there is not an exact match should a new privilege be added to the privilege list.  As
     privilege numbers becomes encoded in the kernel module ABI, privilege constants must not be changed as any kernel modules depending on privi-
     leges will then need to be recompiled.  When adding a new privilege, be certain to also determine whether it should be listed in
     prison_priv_check(), which includes a complete list of privileges granted to the root user in jail(2).

     Certain catch-all privileges exist, such as PRIV_DRIVER, intended to be used by device drivers, rather than adding a new driver-specific
     privilege.

RETURN VALUES

     Typically, 0 will be returned for success, and EPERM will be returned on failure.	Most consumers of priv will wish to directly return the
     error code from a failed privilege check to user space; a small number will wish to translate it to another error code appropriate to a spe-
     cific context.

     When designing new APIs, it is preferable to return explicit errors from a call if privilege is not granted rather than changing the seman-
     tics of the call but returning success.  For example, the behavior exhibited by stat(2), in which the generation field is optionally zero'd
     out when there is insufficient privilege is highly undesirable, as it results in frequent privilege checks, and the caller is unable to tell
     if an access control failure occurred.

SEE ALSO

     jail(2), mac(9), ucred(9)

AUTHORS

     The priv API and implementation were created by Robert Watson under contract to nCircle Network Security, Inc.

BSD
								  August 30, 2006							       BSD

Check Out this Related Man Page

priv_policy(9F) 					   Kernel Functions for Drivers 					   priv_policy(9F)

NAME

       priv_policy, priv_policy_only, priv_policy_choice - check, report, and audit privileges

SYNOPSIS

       #include <sys/cred.h>

       int priv_policy(const cred_t  *cr, int priv, int err,
	    const char	*msg);

       int priv_policy_only(const cred_t  *cr, int priv);

       int priv_policy_choice(const cred_t  *cr, int priv);

INTERFACE LEVEL

       Solaris DDI specific (Solaris DDI).

PARAMETERS

       cr      The credential to be checked.

       priv    The integer value of the privilege to test.

       err     The error code to return.

       msg     String  that  is added to the privilege debugging message if one is generated. NULL if no additional information is needed. Because
	       the function name is included in the output, NULL is usually the best value to pass as a parameter.

DESCRIPTION

       These functions aid in privilege checking and privilege debugging.

       The priv_policy(), priv_policy_only(), and priv_policy_choice() functions all check whether priv is asserted in the effective  set  of  the
       credential. The special value PRIV_ALL tests for all privileges.

       The  priv_policy()  function  updates  the ASU accounting flag and records the privilege used on success in the audit trail if the required
       privilege was not a basic privilege.

       The priv_policy_only() function checks whether a privilege is asserted and has no side effects.

       The priv_policy_choice() function behaves like priv_policy_only() but records the successfully  used  non-basic	privileges  in	the  audit
       trail.

RETURN VALUES

       On success, priv_policy() return 0. On failure it returns its parameter err.

       On success, priv_policy_choice() and priv_policy_only() return 1, on failure both return 0.

ERRORS

       EINVAL	       This might be caused by any of the following:

			   o	  The flags parameter is invalid.

			   o	  The specified privilege does not exist.

			   o	  The priv parameter contains invalid characters.

       ENOMEM	       There is no room to allocate another privilege.

       ENAMETOOLONG    An attempt was made to allocate a privilege that was longer than {PRIVNAME_MAX} characters.

CONTEXT

       This functions can be called from user, interrupt, or kernel context.

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       acct(3HEAD), attributes(5), privileges(5)

       Writing Device Drivers

SunOS 5.11							    16 Jan 2006 						   priv_policy(9F)
Man Page