Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ././../../../../../../usr/man/man2/getpflags.2
Real path: /usr/share/man/man2/getpflags.2
Zurück

'\" te
.\" Copyright (c) 2009, 2023, Oracle and/or its affiliates.
.TH getpflags 2 "30 Jan 2023" "Oracle Solaris 11.4" "System Calls"
.SH NAME
getpflags, setpflags \- get or set process flags
.SH SYNOPSIS

.LP
.nf
#include <sys/types.h>
#include <priv.h>

\fBuint_t\fR \fBgetpflags\fR(\fBuint_t\fR \fIflag\fR);
.fi

.LP
.nf
\fBint\fR \fBsetpflags\fR(\fBuint_t\fR \fIflag\fR, \fBuint_t\fR \fIvalue\fR);
.fi
.SH DESCRIPTION
.sp
.LP
The \fBgetpflags()\fR and \fBsetpflags()\fR functions obtain and modify the current per-process flags. Each flag takes the value of \fB0\fR (unset) or \fB1\fR (set).
.sp
.LP
The following values for \fIflag\fR are supported: 
.sp
.ne 2
.mk
.na
\fB\fBPRIV_AWARE\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag is set if the current process is privilege-aware. A process can attempt to unset this flag but might fail silently if the observed set invariance condition cannot be met. Setting this flag is always successful.
.sp
When the \fBPRIV_AWARE\fR flag is set or unset, the observed effective and permitted set do not change. When setting \fBPRIV_AWARE\fR, this is possible but it is not always possible when \fBPRIV_AWARE\fR is unset. For more information, see the \fBprivileges\fR(7) man page.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_AWARE_RESET\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag causes a process to pretend it is non-privilege aware. The effective and permitted privilege set change on the change of the effective uid. When all the uid sets become the same through \fBsetuid\fR(\fIuid\fR) or through \fBsetreuid\fR(\fIuid\fR, \fIuid\fR), the effective and permitted set are set to the intersection between the limit set and the inheritable set. At that point, both \fBPRIV_AWARE\fR and \fBPRIV_AWARE_RESET\fR are unset.
.sp
This flag gets automatically reset when a file becomes privilege aware, either through calling \fBsetppriv\fR(2) or by setting \fBPRIV_AWARE\fR to 1.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_DEBUG\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag enables privilege debugging for the current process. Processes can set and unset this flag at will.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_PFEXEC\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag is set if the current process is a profile shell. Every time \fBexec\fR(2) is called, the \fBexec_attr\fR(5) database for the current user's profiles database is queried and the appropriate attributes are applied to the new program. \fBPRIV_PFEXEC\fR is inherited except when the real UID is changed as a result of the applied attributes.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_PFEXEC_AUTH\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag is set when the user successfully reauthenticates prior to executing a command which matches an entry in the user's authenticated profiles set, and the \fBPRIV_PFEXEC\fR flag is already set in the parent process. When these two flags are set, the process can execute commands which match the \fBexec_attr\fR(5) database for the user's authenticated profiles set, without subsequent reauthentication. \fBPRIV_PFEXEC_AUTH\fR is inherited except when the real UID is changed as a result of the applied attributes. The privilege \fBPRIV_PROC_SETID\fR is required to set this flag.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_PROC_SENSITIVE\fR\fR
.ad
.br
.sp .6
.RS 4n
If this flag is set, it is assumed that the process contains sensitive data and non-privileged users cannot observe it through \fBproc\fR tools, cannot truss it, and cannot dump its core. Processes can set and unset this flag at will. For more information, see the \fBproc\fR(1) and \fBppriv\fR(1) man pages.
.sp
This flag can be set automatically for the process, typically when a privileged process performs \fBsetuid\fR or \fBsetgid\fR. Unsetting the flag can expose potentially sensitive data to a wider range of users. Historically this flag was known as \fBSNOCD\fR (no coredump).
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_PROC_TPD\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag has no meaning outside of an immutable zone. In an immutable zone, if this flag is set, this process is allowed to modify files which are MWAC protected, such as updating the system or changing over to a new boot environment. This process will be prevented from opening files which can be modified by processes with this flag set unless \fBPRIV_TPD_UNSAFE\fR is set.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_PROC_TPD_RESET\fR\fR
.ad
.br
.sp .6
.RS 4n
If this flag is set, the \fBPRIV_PROC_TPD\fR flag will be reset on \fBexec()\fR. For more information, see the \fBexec\fR(2) man page.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_TPD_KILLABLE\fR\fR
.ad
.br
.sp .6
.RS 4n
Normally, a process in the Trusted Path cannot receive any signals outside of the Trusted Path. When this flag is set, the system will forward signals from a non-TPD process.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_TPD_UNSAFE\fR\fR
.ad
.br
.sp .6
.RS 4n
This flag has no meaning outside of an immutable zone. If this flag is set in a TPD process it will read files which can be modified by all privileged process in the zone or can open STREAM devices, doors, and pipes when the peer is not a TPD process.
.RE

.sp
.ne 2
.mk
.na
\fB\fBPRIV_XPOLICY\fR\fR
.ad
.br
.sp .6
.RS 4n
The current process honors its Extended Policy (see \fBprivileges\fR(7)) if, and only if, this flag is set.
.RE

.sp
.ne 2
.mk
.na
\fB\fBNET_MAC_AWARE\fR\fR
.ad
.br
.na
\fB\fBNET_MAC_AWARE_INHERIT\fR\fR
.ad
.br
.sp .6
.RS 4n
These flags are available only if the system is configured with Trusted Extensions. If the \fBNET_MAC_AWARE\fR flag is set then the current process is allowed to communicate with peers at labels that are different than its own, subject to MAC policy.
.sp
The \fBNET_MAC_AWARE_INHERIT\fR flag controls the propagation of the \fBNET_MAC_AWARE\fR flag. When a process performs one of the \fBexec\fR(2) functions, the \fBNET_MAC_AWARE\fR flag is unset unless the \fBNET_MAC_AWARE_INHERIT\fR is set. \fBNET_MAC_AWARE_INHERIT\fR is always unset on one of the \fBexec\fR functions. The \fBPRIV_NET_MAC_AWARE\fR privilege is required to set either of these flags.
.RE

.SH RETURN VALUES
.sp
.LP
The \fBgetpflags()\fR returns the value associated with a given per-process flag. If the \fIflag\fR argument is invalid, (\fBuint_t\fR)-1 is returned and \fBerrno\fR is set to indicate the error.
.sp
.LP
Upon successful completion, \fBsetpflags()\fR returns 0. Otherwise, -1 is returned and \fBerrno\fR is set to indicate the error.
.SH ERRORS
.sp
.LP
The \fBgetpflags()\fR and \fBsetpflags()\fR functions will fail if:
.sp
.ne 2
.mk
.na
\fB\fBEINVAL\fR\fR
.ad
.RS 10n
.rt
The value of \fIflag\fR or the value to which the \fIflag\fR is set is out of range.
.RE

.sp
.LP
The \fBsetpflags()\fR function will fail if:
.sp
.ne 2
.mk
.na
\fB\fBEPERM\fR\fR
.ad
.RS 9n
.rt
An attempt was made to unset \fBPRIV_PFEXEC\fR.
.sp
An attempt was made to unset \fBPRIV_AWARE\fR but the observed set invariance condition was not met.
.sp
An attempt was made to set \fBNET_MAC_AWARE\fR, \fBPRIV_PFEXEC_AUTH\fR, \fBNET_MAC_AWARE_INHERIT\fR, or \fBPRIV_PROC_TPD\fR without sufficient privileges.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp
.TS
tab(
) box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPE
ATTRIBUTE VALUE
_
Interface Stability
Committed
_
MT-Level
Async-Signal-Safe
_
Standard
None
.TE
.sp
.SH SEE ALSO
.sp
.LP
\fBppriv\fR(1), \fBexec\fR(2), \fBkill\fR(2), \fBsetppriv\fR(2), \fBattributes\fR(7), \fBprivileges\fR(7), \fBtpd\fR(7)
.SH HISTORY
.sp
.LP
The \fBgetpflags()\fR and \fBsetpflags()\fR functions were added to Solaris in Solaris 10 3/05.
.sp
.LP
Support for the following values for \fIflag\fR is available in Oracle Solaris starting with the listed release:
.sp
.TS
tab(
) box;
cw(4.71i) |cw(0.79i) 
lw(4.71i) |lw(0.79i) 
.
FLAG
RELEASE
_
\fBPRIV_PROC_TPD_RESET\fR, \fBPRIV_TPD_KILLABLE\fR
11.4.0
_
\fBPRIV_PROC_SENSITIVE\fR
11.3.20
_
T{
\fBPRIV_PFEXEC_AUTH\fR, \fBPRIV_PROC_TPD\fR, \fBPRIV_TPD_UNSAFE\fR
T}
11.2.0
_
\fBPRIV_XPOLICY\fR
11.1.0
_
\fBPRIV_AWARE_RESET\fR, \fBPRIV_PFEXEC\fR
11.0.0
_
\fBNET_MAC_AWARE\fR, \fBNET_MAC_AWARE_INHERIT\fR
10 4/08 (Update 5)
_
\fBPRIV_AWARE\fR, \fBPRIV_DEBUG\fR
10 3/05
.TE
.sp