getfsattr(2)

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | NOTES

NAME

getfsattr, fgetfsattr- Get filesystem securtity attributes

SYNOPSIS

cc [flags...] file... -ltsol


#include <tsol/fsattr.h>

int getfsattr(char * path, u_long type, void * buf_p, int len);
int fgetfsattr(int fd, u_long type, void * buf_p, int len);

DESCRIPTION

getfsattr() returns the file-system security attributes of a mounted file system. path is the pathname of any file within the mounted file system. type is the type of attribute requested. Values for type are:

FSA_ACLCNT

The file system access ACL count.

FSA_ACL

The file system access ACL .

FSA_APRIV

The file system allowed privilege set.

FSA_FPRIV

The file system forced privilege set.

FSA_LABEL

The file system CMW label.

FSA_AFLAGS

The file system attribute flags.

FSA_LBLRNG

The file system label range.

FSA_MLDPFX

The file system MLD prefix string.

buf_p is a pointer to a buffer to hold the requested attribute, and len is the buffer length.

fgetfsattr() returns the same information, but for an open file referred to by descriptor fd . type , buf_p , and len are the same as for getfsattr() .

The information label of path or fd is unchanged. The information label of the calling process is also unchanged.

Information labels are now obsolete. See NOTES below.

RETURN VALUES

getfsattr() and fgetfsattr() return:

0

On success.

-1

On failure and set errno to indicate the error.

ERRORS

getfsattr() fails if one or more of the following are true:

EACCES

Search permission is denied for a component of the path prefix of path . To override this restriction, the calling process may assert the PRIV_FILE_DAC_SEARCH privilege and/or the PRIV_FILE_MAC_SEARCH privilege.

EFAULT

buf_p or path points to an invalid address.

EINVAL

The requested attributed is not set.

EIO

An I/O error occurred while reading from the filesystem.

ELOOP

Too many symbolic links were encountered in translating path .

ENAMETOOLONG

The length of the path argument exceeds PATH_MAX .

A pathname component is longer than NAME_MAX (see sysconf(3C) ) while _POSIX_NO_TRUNC is in effect (see pathconf(2) ).

ENOENT

The file referred to by path does not exist.

ENOTDIR

A component of the path prefix of path is not a directory.

fgetfsattr() fails if one or more of the following are true:

EBADF

fd is not a valid open file descriptor.

EFAULT

buf_p points to an invalid address.

EINVAL

fd refers to a socket, not a file; or the requested attribute is not set.

EIO

An I/O error occurred while reading from the file system.

NOTES

Information labels ( IL s) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any IL s on communications and files from systems running earlier releases as ADMIN_LOW .

Objects still have CMW labels, and CMW labels still include the IL component: IL[SL] ; however, the IL component is fixed at ADMIN_LOW .

As a result, Trusted Solaris 7 has the following characteristics:

• IL s do not display in window labels; SL s (Sensitivity Labels) display alone within brackets.

• IL s do not float.

• Setting an IL on an object has no effect, and getting an object's IL will always return ADMIN_LOW .

• Although certain utilities, library functions, and system calls can manipulate IL strings, the resulting IL s are always ADMIN_LOW , and cannot be set on any objects.

• Options related to information labels in the label_encodings(4) file can be ignored:

  Markings Name= Marks; 
  Float Process Information Label;

Trusted Solaris 7  Last Revised 30 Sep 1999

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | NOTES