Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getprocxsec(1m) [hpux man page]

getprocxsec(1M) 														   getprocxsec(1M)

NAME

       getprocxsec - display security attributes of a process

SYNOPSIS


DESCRIPTION

       The  command  displays security attributes associated with a running process.  These attributes include the permitted privilege set, effec-
       tive privilege set, retained privilege set, euid, and the compartment name.  See privileges(5) and compartments(5).

       Each process has a permitted privilege set, effective privilege set, and retained privilege set.  If the  compartmentalization  feature	is
       enabled,  it  also  has	a  compartment.   When	a process is created, the child process inherits these attributes from the parent.  When a
       process executes a binary, these attributes can be changed.  See setfilexsec(1M) and getfilexsec(1M) for information on how these  extended
       attributes can be manipulated at execution time.

       For  compatibility,  the  kernel handles processes with effective uid of zero in special ways.  If the compartmentalization feature is dis-
       abled, these processes are treated as though they have all root replacement privileges.	If, on the other  hand,  the  compartmentalization
       feature	is  enabled, these processes are treated as though they have all the root replacement privileges except those configured as disal-
       lowed privileges for the compartment.

   Options
       recognizes the following options:

	      Displays the compartment name of the process.
		   If compartments are not enabled, nothing is reported for this option.  If compartments are enabled, all  the  kernel  processes
		   would be reported as running in "RESERVED CMPT" .

	      Displays the implementation effective privilege set.

	      Displays the full form of the lists.

	      Displays the implementation permitted privilege set.

	      Display the implementation retained privilege set.

       If none of the above options are specified, the default is

   Operands
       recognizes the following operand:

	      pid  The	process ID of the process whose attributes are being displayed.  If pid is displays attributes of this process.  If pid is
		   it displays attributes of the process' parent.  If pid is not specified, it defaults to this process (equivalent to

   Security Restrictions
       The specified process must be visible to the user invoking this command or the user must have the privilege.

RETURN VALUE

       returns the following values:

	      Successful completion.
		   The attributes are displayed.

	      An error occurred.
		   An error can be caused by an invalid option or because the specified process is not visible to the user.

EXAMPLES

       Example 1: Display the privilege sets and compartment of the current process:

       Sample output:

	      effective= BASIC
	      permitted= BASIC
	      retained= BASIC
	      cmpt= init
	      euid= zero

       Example 2: Display the privilege sets and compartment of the parent process:

       Sample output:

	      effective= BASIC
	      permitted= BASIC
	      retained= BASIC
	      cmpt= init
	      euid= zero

       Example 3: Display the full privilege sets and compartment of an arbitrary process:

       Sample output:

	      effective= FORK EXEC SESSION LINKANY
	      permitted= FORK EXEC SESSION LINKANY
	      retained= FORK EXEC SESSION LINKANY
	      cmpt= web
	      euid= non-zero

SEE ALSO

       getfilexsec(1M), setfilexsec(1M), compartments(5), privileges(5).

																   getprocxsec(1M)

Check Out this Related Man Page

cmpt_change(3)						     Library Functions Manual						    cmpt_change(3)

NAME

       cmpt_change(), cmpt_get() - set and get process' compartment

SYNOPSIS


   Parameters
	      cid    Compartment ID.

	      pid    Process ID of the target process or for the calling process.

DESCRIPTION

       The and functions query and manipulate the compartment of a process.

       The  function  returns  the given process' compartment ID.  If is passed as the pid parameter, the compartment ID of the calling process is
       returned.

       The function changes the calling process' compartment ID to be the value of cid.

   Security Restrictions
       In order for the function to be effective, the calling process must possess the privilege.  See privileges(5) for  more	information  about
       privileges.

RETURN VALUE

       returns the following values:

	      Successful completion.
		   The function returns a valid compartment ID.
	      Function failed.
		   is set to indicate the error.

       returns the following values:

	      Successful completion.
	      Function failed.
		   is set to indicate the error.

ERRORS

       If any of the following conditions occur, the functions fail and set

	      Invalid compartment ID specified.

	      The function failed to allocate sufficient memory for its operation.

	      The process does not have the
			     privilege.

	      pid	     is not valid.

EXAMPLES

	      #include <errno.h>
	      #include <sys/cmpt.h>

	      main()
	      {
		      cmpt_t c = cmpt_getbyname("init");
		      if (cmpt_change(c) == -1 )
		      {
			      perror("could not enter init compartment");
			      exit(1);
		      }

		      printf("The process is now running in compartment %d
",
			      cmpt_get(0));
	      }

DEPENDENCIES

       These functions are a part of the library.

SEE ALSO

       cmpt_getbynum(3), cmpt_getbyname(3), compartments(4), compartments(5), privileges(5).

																    cmpt_change(3)
Man Page