Changing Security Attribute Information

To change the user ID, group ID, sensitivity label, process clearance, or privilege security attribute on an outgoing message or on the communication endpoint for outgoing messages, a process needs the appropriate network privilege in its effective set.

Sensitivity Labels

The sending process can set the sensitivity label for a message or communication endpoint to a new sensitivity label that does not dominate the object's existing sensitivity label if it has the net_downgrade_sl privilege in its effective set. The sending process can set the sensitivity label for a message or communication endpoint to a new sensitivity label that dominates the existing object's sensitivity label it has the net_upgrade_sl privilege in its effective set.

Process Clearance

The sending process needs the net_setclr privilege in its effective set to change the clearance sent with the message.

The system ensures that the clearance always dominates the sensitivity label. There is no privilege to override this restriction.

User and Group IDs

The sending process needs the net_setid privilege in its effective set to change the user or group ID.

Privileges

The sending process needs the net_setpriv privilege in its effective set to specify privileges to be sent with the message. The specified privileges must be in the permitted set of the sending process.