xref: /illumos-gate/usr/src/man/man2/getppriv.2 (revision 83691253a923cc7914c71daa1b4fa1c8ff755636)
te
Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
GETPPRIV 2 "Sep 10, 2004"
NAME
getppriv, setppriv - get or set a privilege set
SYNOPSIS

#include <priv.h>

int getppriv(priv_ptype_t which, priv_set_t *set);

int setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set);
DESCRIPTION

The getppriv() function returns the process privilege set specified by which in the set pointed to by set. The memory for set is allocated with priv_allocset() and freed with priv_freeset(). Both functions are documented on the priv_addset(3C) manual page.

The setppriv() function sets or changes the process privilege set. The op argument specifies the operation and can be one of PRIV_OFF, PRIV_ON or PRIV_SET. The which argument specifies the name of the privilege set. The set argument specifies the set.

If op is PRIV_OFF, the privileges in set are removed from the process privilege set specified by which. There are no restrictions on removing privileges from process privileges sets, but the following apply:

Privileges removed from PRIV_PERMITTED are silently removed from PRIV_EFFECTIVE.

If privileges are removed from PRIV_LIMIT, they are not removed from the other sets until one of exec(2) functions has successfully completed.

If op is PRIV_ON, the privileges in set are added to the process privilege set specified by which. The following operations are permitted:

Privileges in PRIV_PERMITTED can be added to PRIV_EFFECTIVE without restriction.

Privileges in PRIV_PERMITTED can be added to PRIV_INHERITABLE without restriction.

All operations that attempt to add privileges that are already present are permitted.

If op is PRIV_SET, the privileges in set replace completely the process privilege set specified by which. PRIV_SET is implemented in terms of PRIV_OFF and PRIV_ON. The same restrictions apply.

RETURN VALUES

Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.

ERRORS

The getppriv() and setppriv() functions will fail if: EINVAL

The value of op or which is out of range.

EFAULT

The set argument points to an illegal address.

The setppriv() function will fail if: EPERM

The application attempted to add privileges to PRIV_LIMIT or PRIV_PERMITTED, or the application attempted to add privileges to PRIV_INHERITABLE or PRIV_EFFECTIVE which were not in PRIV_PERMITTED.

ATTRIBUTES

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
MT-Level MT-Safe
SEE ALSO

priv_addset (3C), attributes (7), privileges (7)