When a file is exec'd, the process sets are computed based on the algorithms described in "Process Privilege Sets".
The execfile for the new program has the following file privilege sets, which were set by the exec'ing process's application code:
execfile Allowed = file_mac_write,proc_setid execfile Forced = file_mac_write
The exec'ing process has the following process sets:
Exec'd Inheritable = proc_setid Exec'd Saved = file_setpriv,proc_setid Exec'd Permitted = file_setpriv,proc_setid Exec'd Effective = none |
retval = execv(execfile, argv);
After the exec(2) system call, the process sets are as follows.
execfile Allowed = file_mac_write,proc_setid execfile Forced = file_mac_write Exec'd Inheritable = proc_setid Exec'd Saved = proc_setid Exec'd Permitted = file_mac_write,proc_setid Exec'd Effective = file_mac_write,proc_setid |