JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 2: System Calls     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

System Calls

access(2)

acct(2)

acl(2)

adjtime(2)

alarm(2)

brk(2)

chdir(2)

chmod(2)

chown(2)

chroot(2)

close(2)

creat(2)

dup(2)

exec(2)

execl(2)

execle(2)

execlp(2)

execv(2)

execve(2)

execvex(2)

execvp(2)

_Exit(2)

_exit(2)

exit(2)

faccessat(2)

facl(2)

fchdir(2)

fchmod(2)

fchmodat(2)

fchown(2)

fchownat(2)

fchroot(2)

fcntl(2)

fexecve(2)

fgetlabel(2)

fork1(2)

fork(2)

forkall(2)

forkallx(2)

forkx(2)

fpathconf(2)

fstat(2)

fstatat(2)

fstatvfs(2)

futimens(2)

futimesat(2)

getacct(2)

getcontext(2)

getdents(2)

getegid(2)

geteuid(2)

getgid(2)

getgroups(2)

getisax(2)

getitimer(2)

getlabel(2)

getmsg(2)

getpflags(2)

getpgid(2)

getpgrp(2)

getpid(2)

getpmsg(2)

getppid(2)

getppriv(2)

getprojid(2)

getrctl(2)

getrlimit(2)

getsid(2)

gettaskid(2)

getuid(2)

getustack(2)

ioctl(2)

issetugid(2)

kill(2)

lchown(2)

link(2)

linkat(2)

llseek(2)

lseek(2)

lstat(2)

_lwp_cond_broadcast(2)

_lwp_cond_reltimedwait(2)

_lwp_cond_signal(2)

_lwp_cond_timedwait(2)

_lwp_cond_wait(2)

_lwp_continue(2)

_lwp_info(2)

_lwp_kill(2)

_lwp_mutex_lock(2)

_lwp_mutex_trylock(2)

_lwp_mutex_unlock(2)

_lwp_self(2)

_lwp_sema_init(2)

_lwp_sema_post(2)

_lwp_sema_trywait(2)

_lwp_sema_wait(2)

_lwp_suspend(2)

memcntl(2)

meminfo(2)

mincore(2)

mkdir(2)

mkdirat(2)

mknod(2)

mknodat(2)

mmap(2)

mmapobj(2)

mount(2)

mprotect(2)

msgctl(2)

msgget(2)

msgids(2)

msgrcv(2)

msgsnap(2)

msgsnd(2)

munmap(2)

nice(2)

ntp_adjtime(2)

ntp_gettime(2)

open(2)

openat(2)

pathconf(2)

pause(2)

pcsample(2)

pipe(2)

poll(2)

p_online(2)

ppoll(2)

pread(2)

priocntl(2)

priocntlset(2)

processor_bind(2)

processor_info(2)

profil(2)

pset_assign(2)

pset_bind(2)

pset_create(2)

pset_destroy(2)

pset_getattr(2)

pset_info(2)

pset_list(2)

pset_setattr(2)

putacct(2)

putmsg(2)

putpmsg(2)

pwrite(2)

read(2)

readlink(2)

readlinkat(2)

readv(2)

rename(2)

renameat(2)

resolvepath(2)

rmdir(2)

sbrk(2)

semctl(2)

semget(2)

semids(2)

semop(2)

semtimedop(2)

setcontext(2)

setegid(2)

seteuid(2)

setgid(2)

setgroups(2)

setitimer(2)

setpflags(2)

setpgid(2)

setpgrp(2)

setppriv(2)

setrctl(2)

setregid(2)

setreuid(2)

setrlimit(2)

setsid(2)

settaskid(2)

setuid(2)

setustack(2)

shmadv(2)

shmat(2)

shmctl(2)

shmdt(2)

shmget(2)

shmids(2)

shmop(2)

sigaction(2)

sigaltstack(2)

sigpending(2)

sigprocmask(2)

sigsend(2)

sigsendset(2)

sigsuspend(2)

sigwait(2)

__sparc_utrap_install(2)

stat(2)

statvfs(2)

stime(2)

swapctl(2)

symlink(2)

symlinkat(2)

sync(2)

sysfs(2)

sysinfo(2)

time(2)

times(2)

uadmin(2)

ulimit(2)

umask(2)

umount(2)

umount2(2)

uname(2)

unlink(2)

unlinkat(2)

ustat(2)

utime(2)

utimensat(2)

utimes(2)

uucopy(2)

vfork(2)

vforkx(2)

vhangup(2)

waitid(2)

wracct(2)

write(2)

writev(2)

yield(2)

getpflags

, setpflags

- get or set process flags

Synopsis

#include <sys/types.h>
#include <priv.h>

uint_t getpflags(uint_t flag);
int setpflags(uint_t flag, uint_t value);

Description

The getpflags() and setpflags() functions obtain and modify the current per-process flags.

The following values for flag are supported:

PRIV_AWARE

This one bit flag takes the value of 0 (unset) or 1 (set). Only if this flag is set is the current process privilege-aware. A process can attempt to unset this flag but might fail silently if the observed set invariance condition cannot be met. Setting this flag is always successful. See privileges(5) for a discussion of this flag.

PRIV_AWARE_RESET

This one bit flag takes the value of 0 (unset) or 1 (set). This causes a process to pretend it is non- privilege aware. The effective and permitted privilege set change on the change of the effective uid. When all the uid sets become the same through setuid(uid) or through setreuid(uid, uid), the effective and permitted set are set to the intersection between the limit set and the inheritable set. At that point, both PRIV_AWARE and PRIV_AWARE_RESET are unset.

This flag gets automatically reset when a file becomes privilege aware, either through calling setppriv(2) or by setting PRIV_AWARE to 1.

PRIV_DEBUG

This one bit flag takes the value of 0 (unset) or 1 (set). Only if this flag is set does the current process have privilege debugging enabled. Processes can set and unset this flag at will.

PRIV_PFEXEC

This one-bit flag takes the value of 0 (unset) or 1 (set). Only if this flag is set is the current process a profile shell. Every time exec(2) is called, the exec_attr(4) database for the current user's profiles database is queried and the appropriate attributes are applied to the new program. PRIV_PFEXEC is inherited except when the real UID is changed as a result of the applied attributes.

PRIV_XPOLICY

This one-bit flag takes the value of 0 (unset) or 1 (set). Only if this flag is set does the current process honor its Extended Policy (see privileges(5)).

NET_MAC_AWARE
NET_MAC_AWARE_INHERIT

These flags are available only if the system is configured with Trusted Extensions. These one bit flags each take the value of 0 (unset) or 1 (set). If the NET_MAC_AWARE flag is set then the current process is allowed to communicate with peers at labels that are different than its own, subject to MAC policy.

The NET_MAC_AWARE_INHERIT flag controls the propagation of the NET_MAC_AWARE flag. When a process performs one of the exec(2) functions, the NET_MAC_AWARE flag is unset unless the NET_MAC_AWARE_INHERIT is set. NET_MAC_AWARE_INHERIT is always unset on one of the exec functions. The PRIV_NET_MAC_AWARE privilege is required to set either of these flags.

Return Values

The getpflags() returns the value associated with a given per-process flag. If the flag argument is invalid, (uint_t)-1 is returned and errno is set to indicate the error.

Upon successful completion, setpflags() returns 0. Otherwise, -1 is returned and errno is set to indicate the error.

Errors

The getpflags() and setpflags() functions will fail if:

EINVAL

The value of flag or the value to which the flag is set is out of range.

The setpflags() function will fail if:

EPERM

An attempt was made to unset PRIV_AWARE but the observed set invariance condition was not met.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed
MT-Level
Async-Signal-Safe

See Also

ppriv(1), setppriv(2), attributes(5), privileges(5)