The process needs the proc_setclr privilege to set the process clearance to another value if the new value is not equal to the sensitivity label portion of the process's own CMW label. A new process clearance is set with the setclearance(2) system call. This example initializes a clearance structure to ADMIN_HIGH and passes it to the setclearance(2) system call.
#include <tsol/label.h> main() { int retval; bclear_t hiclear, undef, loclear; bclearhigh(&hiclear); /* Turn proc_setclr on in the effective set */ retval = setclearance(&hiclear); /* Turn off the proc_setclr privilege */ printf("Retval = %d\n", retval); }
The printf(1) statement prints the following:
Retval = 0 |