Set Process Clearance

The process needs the proc_setclr privilege to set the process clearance to another value if the new value is not equal to the sensitivity label portion of the process's own CMW label. A new process clearance is set with the setclearance(2) system call. This example initializes a clearance structure to ADMIN_HIGH and passes it to the setclearance(2) system call.

#include <tsol/label.h>

main()
{
	int          retval;
	bclear_t     hiclear, undef, loclear;

	bclearhigh(&hiclear);

/* Turn proc_setclr on in the effective set */
	retval = setclearance(&hiclear);
/* Turn off the proc_setclr privilege */

	printf("Retval = %d\n", retval);
}

The printf(1) statement prints the following:

Retval = 0

Previous: Programming Interface Declarations
Next: Initialize Clearance Structure