NAME | SYNOPSIS | DESCRIPTION | NOTES | RETURN VALUES | ERRORS | SEE ALSO
#include <tsol/label.h>int setcmwlabel(const char *path, const bclabel_t *label_p, const setting_flag_tflag);
The file that is named by path or referred to by fd has its CMW label changed as specified provided the file resides on a file system that supports the setting of labels on individual objects.
If flag equals SETCL_ALL, then both parts of the file's CMW label are to be set and the following checks must be made:
The sensitivity label of label_p must be in the sensitivity label range of the containing file system.
If the sensitivity label of label_p equals the existing sensitivity label, then neither PRIV_FILE_UPGRADE_SL
nor PRIV_FILE_DOWNGRADE_SL
is required.
If the sensitivity label of label_p dominates but does not equal the existing sensitivity label (an upgrade), then the calling process must have PRIV_FILE_UPGRADE_SL
in its set of effective privileges.
If the sensitivity label of label_p does not dominate the existing sensitivity label (a downgrade), then the calling process must have PRIV_FILE_DOWNGRADE_SL
in its set of effective privileges.
If the sensitivity label operation is a downgrade and the calling process is not the owner of the file, then the calling process must have PRIV_FILE_OWNER
in its set of effective privileges.
If flag equals SETCL_SL, then the sensitivity label of the file's CMW label is to be set and the following checks must be made:
The sensitivity label of label_p must be in the sensitivity label range of the containing file system.
If the sensitivity label of label_p equals the existing sensitivity label, then neither PRIV_FILE_UPGRADE_SL
nor PRIV_FILE_DOWNGRADE_SL
is required.
If the sensitivity label of label_p dominates but does not equal the existing sensitivity label (an upgrade), then the calling process must have PRIV_FILE_UPGRADE_SL
in its set of effective privileges.
If the sensitivity label of label_p does not dominate the existing sensitivity label (a downgrade), then the calling process must have PRIV_FILE_DOWNGRADE_SL
in its set of effective privileges.
If the operation is a sensitivity label downgrade and the calling process is not the owner of the file, then the calling process must have PRIV_FILE_OWNER
in its set of effective privileges.
There are several checks that are applicable if the sensitivity label is being changed:
The calling process must have discretionary write access to the file.
If there is an open file descriptor reference to the file, then the calling process must have PRIV_PROC_TRANQUIL
in its set of effective privileges.
setcmwlabel() and lsetcmwlabel() function identically except when the final component is a symbolic link. If the final component is a symbolic link, lsetcmwlabel() sets the CMW label of the symbolic link, but setcmwlabel() sets the CMW label of the object referred to by the symbolic link.
If the sensitivity label is being set, then the calling process is responsible for verifying that sensitivity label is within the accreditation range of the system.
setcmwlabel(), fsetcmwlabel(), and lsetcmwlabel() return:
On success.
On failure, and set errno to indicate the error.
setcmwlabel() and lsetcmwlabel() fail and the file is unchanged if any of these conditions prevails:
Search permission is denied for a component of the path prefix of path.
The calling process does not have mandatory write access to the final component of path because the sensitivity label of the final component of path does not dominate the sensitivity label of the calling process and the calling process does not have PRIV_FILE_MAC_WRITE
in its set of effective privileges.
The calling process does not have discretionary write access to the final component of path.
There is an open file descriptor reference to the final component of path and the calling process does not have PRIV_PROC_TRANQUIL
in its set of effective privileges.
path or label_p points outside the allocated address space of the process.
path does not reside on a file system that supports the setting of labels on individual objects.
The sensitivity label of label_p is not in the sensitivity label range of the containing file system.
An I/O error occurred while reading from or writing to the file system.
Too many symbolic links were encountered in translating path.
The length of the path argument exceeds PATH_MAX.
A pathname component is longer than NAME_MAX [see sysconf(3C)] while _POSIX_NO_TRUNC is in effect. See pathconf(2).
The file referred to by path does not exist.
A component of the path prefix of path is not a directory.
The calling process does not have mandatory write access to the final component of path because the sensitivity label of the final component of path is outside the clearance of the calling
process and the calling process does not have PRIV_FILE_MAC_WRITE
in its set of effective privileges.
A calling process that is not the owner of the file attempted to downgrade the sensitivity label associated with the final component of path but did not have PRIV_FILE_OWNER
in its set of effective privileges.
The calling process attempted to upgrade the sensitivity label associated with the final component of path but did not have PRIV_FILE_UPGRADE_SL
in its set of effective privileges.
The calling process attempted to downgrade the sensitivity label associated with the final component of path but did not have PRIV_FILE_DOWNGRADE_SL
in its set of effective privileges.
The file referred to by path resides on a read-only file system.
fsetcmwlabel() fails if any of these conditions prevails:
fd does not refer to a valid descriptor.
There is an open file descriptor reference to the object referred to by the descriptor and the calling process does not have PRIV_PROC_TRANQUIL
in its set of effective privileges.
label_p points outside the allocated address space of the process.
fd refers to a socket, not a file.
fd does not refer to a file on a file system that supports the setting of labels on individual objects.
The sensitivity label of label_p is not in the sensitivity label range of the containing file system.
An I/O error occurred while reading from or writing to the file system.
The calling process is not the owner of the file, attempted to downgrade the sensitivity label associated with the file, but did not have PRIV_FILE_OWNER
in its set of effective privileges.
The calling process attempted to upgrade the sensitivity label associated with the file but did not have PRIV_FILE_UPGRADE_SL
in its set of effective privileges.
The calling process attempted to downgrade the sensitivity label associated with the file but did not have PRIV_FILE_DOWNGRADE_SL
in its set of effective privileges.
The calling process does not have mandatory write access to the object referred to by fd because the sensitivity label of the object referred to by fd is outside the clearance of the calling
process and the calling process does not have PRIV_FILE_MAC_WRITE
in its set of effective privileges.
A calling process that is not the owner of the file attempted to downgrade the sensitivity label associated with the object referred to by fd but did not have PRIV_FILE_OWNER
in its set of effective privileges.
The calling process attempted to upgrade the sensitivity label associated with the object referred to by fd but did not have PRIV_FILE_UPGRADE_SL
in its set of effective privileges.
The calling process attempted to downgrade the sensitivity label associated with the object referred to by fd but did not have PRIV_FILE_DOWNGRADE_SL
in its set of effective privileges.
The file referred to by fd resides on a read-only file system.
NAME | SYNOPSIS | DESCRIPTION | NOTES | RETURN VALUES | ERRORS | SEE ALSO