Execute a File

When a file is exec'd, the process sets are computed based on the algorithms described in "Process Privilege Sets".

Privilege Sets

The execfile for the new program has the following file privilege sets, which were set by the exec'ing process's application code:

execfile Allowed = file_mac_write,proc_setid
execfile Forced = file_mac_write

The exec'ing process has the following process sets:

Exec'd Inheritable = proc_setid
Exec'd Saved = file_setpriv,proc_setid
Exec'd Permitted = file_setpriv,proc_setid
Exec'd Effective = none

System Call

retval = execv(execfile, argv);

New Process Privilege Sets

After the exec(2) system call, the process sets are as follows.

execfile Allowed = file_mac_write,proc_setid
execfile Forced = file_mac_write
Exec'd Inheritable = proc_setid
Exec'd Saved = proc_setid
Exec'd Permitted = file_mac_write,proc_setid
Exec'd Effective = file_mac_write,proc_setid

Previous: Fork a Process
Next: Set User ID