NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | NOTES
#include <tsol/fsattr.h>int getfsattr(char * path, u_long type, void * buf_p, int len);
getfsattr() returns the file-system security attributes of a mounted file system. path is the pathname of any file within the mounted file system. type is the type of attribute requested. Values for type are:
The file system access ACL count.
The file system access ACL .
The file system allowed privilege set.
The file system forced privilege set.
The file system CMW label.
The file system attribute flags.
The file system label range.
The file system MLD prefix string.
buf_p is a pointer to a buffer to hold the requested attribute, and len is the buffer length.
fgetfsattr() returns the same information, but for an open file referred to by descriptor fd . type , buf_p , and len are the same as for getfsattr() .
The information label of path or fd is unchanged. The information label of the calling process is also unchanged.
Information labels are now obsolete. See NOTES below.
getfsattr() and fgetfsattr() return:
On success.
On failure and set errno to indicate the error.
getfsattr() fails if one or more of the following are true:
Search permission is denied for a component of the path prefix of
path
. To override this restriction, the calling process may assert the
PRIV_FILE_DAC_SEARCH
privilege and/or the
PRIV_FILE_MAC_SEARCH
privilege.
buf_p or path points to an invalid address.
The requested attributed is not set.
An I/O error occurred while reading from the filesystem.
Too many symbolic links were encountered in translating path .
The length of the path argument exceeds PATH_MAX .
A pathname component is longer than NAME_MAX (see sysconf(3C) ) while _POSIX_NO_TRUNC is in effect (see pathconf(2) ).
The file referred to by path does not exist.
A component of the path prefix of path is not a directory.
fgetfsattr() fails if one or more of the following are true:
fd is not a valid open file descriptor.
buf_p points to an invalid address.
fd refers to a socket, not a file; or the requested attribute is not set.
An I/O error occurred while reading from the file system.
Information labels (
IL
s) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any
IL
s on communications and files from systems running earlier releases as
ADMIN_LOW
.
Objects still have
CMW
labels, and
CMW
labels still include the
IL
component:
IL[SL]
; however, the
IL
component is fixed at
ADMIN_LOW
.
As a result, Trusted Solaris 7 has the following characteristics:
IL s do not display in window labels; SL s (Sensitivity Labels) display alone within brackets.
IL s do not float.
Setting an
IL
on an object has no effect, and getting an object's
IL
will always return
ADMIN_LOW
.
Although certain utilities, library functions, and system calls can manipulate
IL
strings, the resulting
IL
s are always
ADMIN_LOW
, and cannot be set on any objects.
Options related to information labels in the label_encodings(4) file can be ignored:
Markings Name= Marks; Float Process Information Label;
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | ERRORS | NOTES