msggetlabel, msgsetlabel - labeling interfaces for IPC messages
#include <sys/msg.h> int msggetlabel(int msgid, m_label_t *label); int msgsetlabel(int msgid, m_label_t *label);
The msggetlabel() and msgsetlabel() functions get and set the labels of IPC messages. Labels provide another access control mechanism in addition to the permission bits that are managed via msgctl(2). In order to access the message the current process clearance must dominate the label associated with msgid. See clearance(7) and labels(7) for more information.
The default label for all messages is ADMIN_LOW, which is dominated by every process clearance. The access policy only becomes effective when a new label is assigned using the msgsetlabel() function.
To set a label the current process clearance must dominate both the new label and the current label of msgid. In addition, the effective user ID must be equal to the value of msg_perm.cuid or msg_perm.uid in the data structure associated with msgid.
The msggetlabel() and msgsetlabel() functions are not supported when Trusted Extensions is enabled.
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.
The msggetlabel() and msgsetlabel() functions will fail if:
The existing msgid label is not dominated by the process clearance.
The label argument points to an illegal address.
The msgid argument is not a IPC message. identifier or the specified label is not dominated by the process clearance.
Trusted Extensions is enabled.
The function is msggetlabel() and the effective user ID of the calling process is not equal to the value of msg_perm.cuid or msg_perm.uid in the data structure associated with msgid, and {PRIV_IPC_OWNER} is not asserted in the effective set of the calling process.
See attributes(7) for descriptions of the following attributes:
|
ipcs(1), msgctl(2), msgget(2), attributes(7), clearance(7). labels(7), privileges(7)
The msggetlabel() and msgsetlabel() functions were added to Solaris in the Solaris 11.4.0 release.