- get or set a privilege set
#include <priv.h> int getppriv(priv_ptype_t which, priv_set_t *set);
int setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set);
The getppriv() function returns the process privilege set specified by which in the set pointed to by set. The memory for set is allocated with priv_allocset() and freed with priv_freeset(). Both functions are documented on the priv_addset(3C) manual page.
The setppriv() function sets or changes the process privilege set. The op argument specifies the operation and can be one of PRIV_OFF, PRIV_ON or PRIV_SET. The which argument specifies the name of the privilege set. The set argument specifies the set.
If op is PRIV_OFF, the privileges in set are removed from the process privilege set specified by which. There are no restrictions on removing privileges from process privileges sets, but the following apply:
Privileges removed from PRIV_PERMITTED are silently removed from PRIV_EFFECTIVE.
If privileges are removed from PRIV_LIMIT, they are not removed from the other sets until one of exec(2) functions has successfully completed.
If op is PRIV_ON, the privileges in set are added to the process privilege set specified by which. The following operations are permitted:
Privileges in PRIV_PERMITTED can be added to PRIV_EFFECTIVE without restriction.
Privileges in PRIV_PERMITTED can be added to PRIV_INHERITABLE without restriction.
All operations that attempt to add privileges that are already present are permitted.
If op is PRIV_SET, the privileges in set replace completely the process privilege set specified by which. PRIV_SET is implemented in terms of PRIV_OFF and PRIV_ON. The same restrictions apply.
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.
The getppriv() and setppriv() functions will fail if:
The value of op or which is out of range.
The set argument points to an illegal address.
The setppriv() function will fail if:
The application attempted to add privileges to PRIV_LIMIT or PRIV_PERMITTED, or the application attempted to add privileges to PRIV_INHERITABLE or PRIV_EFFECTIVE which were not in PRIV_PERMITTED.
See attributes(5) for descriptions of the following attributes: