Privileged Operations

No privileges are required to read security attributes retrieved from an incoming message. The following sections describe privileges used on outgoing messages.

Replying with Same Sensitivity Label

A server process can receive a message over a multilevel port at any sensitivity label dominated by the server process's clearance. However, the server reply is normally at the sensitivity label of the server process unless the server process has the net_reply_equal privilege in its effective set in which case the reply is sent at the sensitivity label of the last message received. See Chapter 10, Interprocess Communications for a discussion on single-level and multilevel ports.

Make sure the net_reply_equal privilege is turned off if the receiving process needs to reply at a sensitivity label different from that of the requesting process. See "TCP/IP Server" for an example situation where net_reply_equal must be turned off.

Changing Sensitivity Label

To respond to a single-level client, the server process needs the proc_set_sl privilege in its effective set to change the sensitivity label of its child to be the same as the sensitivity label of the requesting client.

Changing Security Attribute Information

To change the user ID, group ID, sensitivity label, process clearance, or privilege security attribute on an outgoing message or on the communication endpoint for outgoing messages, a process needs the appropriate network privilege in its effective set.

Sensitivity Labels

The sending process can set the sensitivity label for a message or communication endpoint to a new sensitivity label that does not dominate the object's existing sensitivity label if it has the net_downgrade_sl privilege in its effective set. The sending process can set the sensitivity label for a message or communication endpoint to a new sensitivity label that dominates the existing object's sensitivity label it has the net_upgrade_sl privilege in its effective set.

Process Clearance

The sending process needs the net_setclr privilege in its effective set to change the clearance sent with the message.

The system ensures that the clearance always dominates the sensitivity label. There is no privilege to override this restriction.

User and Group IDs

The sending process needs the net_setid privilege in its effective set to change the user or group ID.

Privileges

The sending process needs the net_setpriv privilege in its effective set to specify privileges to be sent with the message. The specified privileges must be in the permitted set of the sending process.