GETPPRIV(2) System Calls GETPPRIV(2)
getppriv, setppriv - get or set a privilege set
#include <priv.h>
int getppriv(priv_ptype_t which, priv_set_t *set);
int setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set);
The getppriv() function returns the process privilege set specified
by which in the set pointed to by set. The memory for set is
allocated with priv_allocset() and freed with priv_freeset(). Both
functions are documented on the priv_addset(3C) manual page.
The setppriv() function sets or changes the process privilege set.
The op argument specifies the operation and can be one of PRIV_OFF,
PRIV_ON or PRIV_SET. The which argument specifies the name of the
privilege set. The set argument specifies the set.
If op is PRIV_OFF, the privileges in set are removed from the process
privilege set specified by which. There are no restrictions on
removing privileges from process privileges sets, but the following
apply:
o Privileges removed from PRIV_PERMITTED are silently
removed from PRIV_EFFECTIVE.
o If privileges are removed from PRIV_LIMIT, they are not
removed from the other sets until one of exec(2) functions
has successfully completed.
If op is PRIV_ON, the privileges in set are added to the process
privilege set specified by which. The following operations are
permitted:
o Privileges in PRIV_PERMITTED can be added to
PRIV_EFFECTIVE without restriction.
o Privileges in PRIV_PERMITTED can be added to
PRIV_INHERITABLE without restriction.
o All operations that attempt to add privileges that are
already present are permitted.
If op is PRIV_SET, the privileges in set replace completely the
process privilege set specified by which. PRIV_SET is implemented in
terms of PRIV_OFF and PRIV_ON. The same restrictions apply.
Upon successful completion, 0 is returned. Otherwise, -1 is returned
and errno is set to indicate the error.
The getppriv() and setppriv() functions will fail if:
EINVAL
The value of op or which is out of range.
EFAULT
The set argument points to an illegal address.
The setppriv() function will fail if:
EPERM
The application attempted to add privileges to PRIV_LIMIT or
PRIV_PERMITTED, or the application attempted to add
privileges to PRIV_INHERITABLE or PRIV_EFFECTIVE which were
not in PRIV_PERMITTED.
See attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+
priv_addset(3C), attributes(7), privileges(7)
September 10, 2004 GETPPRIV(2)
NAME
getppriv, setppriv - get or set a privilege set
SYNOPSIS
#include <priv.h>
int getppriv(priv_ptype_t which, priv_set_t *set);
int setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set);
DESCRIPTION
The getppriv() function returns the process privilege set specified
by which in the set pointed to by set. The memory for set is
allocated with priv_allocset() and freed with priv_freeset(). Both
functions are documented on the priv_addset(3C) manual page.
The setppriv() function sets or changes the process privilege set.
The op argument specifies the operation and can be one of PRIV_OFF,
PRIV_ON or PRIV_SET. The which argument specifies the name of the
privilege set. The set argument specifies the set.
If op is PRIV_OFF, the privileges in set are removed from the process
privilege set specified by which. There are no restrictions on
removing privileges from process privileges sets, but the following
apply:
o Privileges removed from PRIV_PERMITTED are silently
removed from PRIV_EFFECTIVE.
o If privileges are removed from PRIV_LIMIT, they are not
removed from the other sets until one of exec(2) functions
has successfully completed.
If op is PRIV_ON, the privileges in set are added to the process
privilege set specified by which. The following operations are
permitted:
o Privileges in PRIV_PERMITTED can be added to
PRIV_EFFECTIVE without restriction.
o Privileges in PRIV_PERMITTED can be added to
PRIV_INHERITABLE without restriction.
o All operations that attempt to add privileges that are
already present are permitted.
If op is PRIV_SET, the privileges in set replace completely the
process privilege set specified by which. PRIV_SET is implemented in
terms of PRIV_OFF and PRIV_ON. The same restrictions apply.
RETURN VALUES
Upon successful completion, 0 is returned. Otherwise, -1 is returned
and errno is set to indicate the error.
ERRORS
The getppriv() and setppriv() functions will fail if:
EINVAL
The value of op or which is out of range.
EFAULT
The set argument points to an illegal address.
The setppriv() function will fail if:
EPERM
The application attempted to add privileges to PRIV_LIMIT or
PRIV_PERMITTED, or the application attempted to add
privileges to PRIV_INHERITABLE or PRIV_EFFECTIVE which were
not in PRIV_PERMITTED.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+
SEE ALSO
priv_addset(3C), attributes(7), privileges(7)
September 10, 2004 GETPPRIV(2)