Procedure for Bracketing Privileges

The procedure for bracketing the setfpriv(1) system call and the effects it has on the effective set are summarized here. The code is shown in the next headings.

At the start of execution before bracketing, the permitted and effective sets contain these privileges:

Permitted = file_mac_write,file_setpriv,proc_setid
Effective = file_mac_write,file_setpriv,proc_setid

Clear the effective set at the beginning of the application.

Permitted = file_mac_write,file_setpriv,proc_setid
Effective = none

Bracket the setfpriv() system call.
1. Turn the file_setpriv privilege on in the effective set right before you call the setfpriv() system call.
  Permitted = file_mac_write,file_setpriv,proc_setid Effective = file_setpriv
2. Turn off the effective set immediately after the setfpriv() system call.
  Permitted = file_mac_write,file_setpriv,proc_setid Effective = none

Previous: Setting and Getting File Privilege Sets
Next: Clear Effective Set