PRIV_SET(3C) Standard C Library Functions PRIV_SET(3C)
priv_set, priv_ineffect - change privilege sets and check whether
privileges are set
#include <priv.h>
int
priv_set(priv_op_t op, priv_ptype_t which, ...);
boolean_t
priv_ineffect(const char *priv);
priv_set() is a convenient wrapper for the setppriv(2) function. It
takes three or more arguments. The operation argument, op, can be one
of PRIV_OFF, PRIV_ON or PRIV_SET. The which argument is the name of
the privilege set to change, one of PRIV_EFFECTIVE, PRIV_INHERITABLE,
PRIV_PERMITTED, PRIV_LIMIT or the special pseudo set PRIV_ALLSETS if
the operation should be applied to all privilege sets. Subsequent
arguments provide zero or more privilege names, terminated with a NULL
pointer. See EXAMPLES.
The specified privileges are converted to a binary privilege set and
setppriv(2) is called with the same op and which arguments. When
called with PRIV_ALLSETS as the value for the which argument,
setppriv(2) is called for each set in turn, aborting on the first
failed call.
priv_ineffect() is a convenient wrapper for the getppriv(2) function.
The priv argument specifies the name of a privilege, and this function
checks for its presence in the effective set.
Upon successful completion, priv_set() return 0. Otherwise, -1 is
returned and errno is set to indicate the error.
If priv is a valid privilege that is a member of the effective set,
priv_ineffect() returns B_TRUE. Otherwise, it returns B_FALSE and sets
errno to indicate the error.
Example 1 Using priv_set()
#include <priv.h>
...
/* Remove basic privileges we don't need */
(void) priv_set(PRIV_OFF, PRIV_PERMITTED, PRIV_PROC_EXEC,
PRIV_PROC_INFO, PRIV_FILE_LINK_ANY, PRIV_PROC_SESSION,
NULL);
The priv_set() function will fail if:
EINVAL The value of op or which is out of range.
ENOMEM Insufficient memory was allocated.
EPERM The application attempted to add privileges to PRIV_LIMIT or
PRIV_PERMITTED, or the application attempted to add privileges
to PRIV_INHERITABLE or PRIV_EFFECTIVE that were not in
PRIV_PERMITTED.
The priv_ineffect() function will fail if:
EINVAL The privilege specified by priv is invalid.
ENOMEM Insufficient memory was allocated.
Uncommitted
MT-LEVEL
MT-Safe
setppriv(2), priv_str_to_set(3C), attributes(7), privileges(7)
illumos June 3, 2022 illumos
NAME
priv_set, priv_ineffect - change privilege sets and check whether
privileges are set
SYNOPSIS
#include <priv.h>
int
priv_set(priv_op_t op, priv_ptype_t which, ...);
boolean_t
priv_ineffect(const char *priv);
DESCRIPTION
priv_set() is a convenient wrapper for the setppriv(2) function. It
takes three or more arguments. The operation argument, op, can be one
of PRIV_OFF, PRIV_ON or PRIV_SET. The which argument is the name of
the privilege set to change, one of PRIV_EFFECTIVE, PRIV_INHERITABLE,
PRIV_PERMITTED, PRIV_LIMIT or the special pseudo set PRIV_ALLSETS if
the operation should be applied to all privilege sets. Subsequent
arguments provide zero or more privilege names, terminated with a NULL
pointer. See EXAMPLES.
The specified privileges are converted to a binary privilege set and
setppriv(2) is called with the same op and which arguments. When
called with PRIV_ALLSETS as the value for the which argument,
setppriv(2) is called for each set in turn, aborting on the first
failed call.
priv_ineffect() is a convenient wrapper for the getppriv(2) function.
The priv argument specifies the name of a privilege, and this function
checks for its presence in the effective set.
RETURN VALUES
Upon successful completion, priv_set() return 0. Otherwise, -1 is
returned and errno is set to indicate the error.
If priv is a valid privilege that is a member of the effective set,
priv_ineffect() returns B_TRUE. Otherwise, it returns B_FALSE and sets
errno to indicate the error.
EXAMPLES
Example 1 Using priv_set()
#include <priv.h>
...
/* Remove basic privileges we don't need */
(void) priv_set(PRIV_OFF, PRIV_PERMITTED, PRIV_PROC_EXEC,
PRIV_PROC_INFO, PRIV_FILE_LINK_ANY, PRIV_PROC_SESSION,
NULL);
ERRORS
The priv_set() function will fail if:
EINVAL The value of op or which is out of range.
ENOMEM Insufficient memory was allocated.
EPERM The application attempted to add privileges to PRIV_LIMIT or
PRIV_PERMITTED, or the application attempted to add privileges
to PRIV_INHERITABLE or PRIV_EFFECTIVE that were not in
PRIV_PERMITTED.
The priv_ineffect() function will fail if:
EINVAL The privilege specified by priv is invalid.
ENOMEM Insufficient memory was allocated.
INTERFACE STABILITY
Uncommitted
MT-LEVEL
MT-Safe
SEE ALSO
setppriv(2), priv_str_to_set(3C), attributes(7), privileges(7)
illumos June 3, 2022 illumos