Privileged Operations

System V IPC objects are subject to discretionary and mandatory access controls, and discretionary ownership controls.

A System V IPC object is created from a key and accessed by an object descriptor returned when the IPC object is created. The object descriptor, like a file descriptor, is used for future operations on the object. The sensitivity label of the System V IPC object is the same as the sensitivity label of its creating process unless the creating process has the privilege to create the System V IPC object at a different label. A process can access a System V IPC object at its same sensitivity label unless the process has the privilege to access a System V IPC object at another label. Because keys are qualified by the sensitivity label at which they are created, there can be many objects that use the same key, but no more than one instance of a key (object ID) at a given sensitivity label.

• Message queues allow processes to place messages into a queue where any process can retrieve the message.

• Semaphore sets synchronize processes and are often used to control concurrent access to shared memory regions.

• Shared memory regions allow multiple processes to attach to the same region of memory to access changes to the memory.

Discretionary Access and Ownership Controls

Discretionary access to a System V IPC object is granted or denied according to the read and write modes associated with the object for owner, group, and other in much the same way as file access. System V IPC objects also have the creator user and creator group sets that control attribute change requests. The process that creates a System V IPC object is the owner and can set the discretionary permission bits to any value. To override discretionary access and ownership restrictions, the process needs the ipc_dac_read, ipc_dac_write, or ipc_owner privilege in its effective set, depending on the interface used or operation requested.

Mandatory Access Controls

Unprivileged processes can only refer to System V IPC objects and return an IPC descriptor at the process's correct sensitivity label. This makes the mandatory access controls read-equal and write-equal and eliminates naming and access conflicts when an unmodified base Solaris application using System V IPC runs at multiple sensitivity labels. To override mandatory access restrictions, the process needs the ipc_mac_read or ipc_mac_write privilege in its effective set, depending on the interface used.

You cannot change the sensitivity label once it has been created.