Assert Privileges in Privilege Set Structure

You can use the PRIV_ASSERT macro or the str_to_priv_set(3TSOL) routine to assert privileges in a privilege set structure. str_to_priv_set() works well when you have two or more privileges to assert because you can do it in one statement; whereas, PRIV_ASSERT must be called for each privilege asserted in the set. This code uses the str_to_priv_set() routine for the allowed set and PRIV_ASSERT for the forced set. The str_to_priv() routine returns NULL on success and the string passed to it in priv_names on failure.

if((string = str_to_priv_set(priv_names, &priv_set, ",")) != NULL)
	printf("string = %s errno = %d\n", string, errno);

 PRIV_EMPTY(&priv_set);
 PRIV_ASSERT(&priv_set, PRIV_FILE_MAC_WRITE);

Previous: Turn Allowed Privileges Off
Next: Contents of Privilege Sets