Query System Security Configuration

System variables provide information on how the system is configured. The system variables are initialized at system start up, and when there is no entry in system(4), default values are used. An application can query the system variables with the secconf(2) system call. The following variables are defined in /etc/system and have the default values listed:

_TSOL_HIDE_UPGRADED_NAMES - When a directory contains a file or subdirectory that has had its sensitivity label upgraded by a privileged process, this variable determines whether or not those upgraded files or subdirectories can be listed or obtained by system call requests such as getdents(2). Default is off. When off, names of upgraded files and subdirectories are visible when listing directories. When on, names of upgraded files or subdirectories are hidden.

_TSOL_PRIVS_DEBUG - Enable privilege debugging. Default is off. See Trusted Solaris Administrator's Procedures or "Privilege Debugging" for information on how to enable and use privilege debugging.

This code queries the system variables to show their current values.

#include <tsol/secconf.h>

main()
{

long retval;


	retval = secconf(_TSOL_HIDE_UPGRADED_NAMES);
	printf("Hide Names = %d\n", retval);

	retval = secconf(_TSOL_PRIVS_DEBUG);
	printf("Priv Debug = %d\n", retval);
}

The printf statements print the following. A retval of 1 means the variable is on; 0 means off; and -1 means an error has occurred. errno is set only when the input variable is invalid.

Hide Names = 0
Priv Debug = 0