semgetlabel, semsetlabel - labeling interfaces for IPC semaphores
#include <sys/sem.h> int semgetlabel(int semid, int semnum, m_label_t *label); int semsetlabel(int semid, int semnum, m_label_t *label);
The semgetlabel() and semsetlabel() functions get and set the labels of IPC semaphores. Labels provide another access control mechanism in addition to the permission bits that are managed using semctl(2). In order to access a semaphore the current process clearance must dominate the label associated with semid. See clearance(7) and labels(7) for more information.
The default label for all semaphores is ADMIN_LOW, which is dominated by every process clearance. The access policy only becomes effective when a new label is assigned using the semsetlabel() function.
To set a label the current process clearance must dominate both the new label and the current label of semid. In addition, the effective user ID must be equal to the value of sem_perm.cuid or sem_perm.uid in the data structure associated with semid.
The semgetlabel() and semsetlabel() functions are not supported when Trusted Extensions is enabled.
Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.
The semgetlabel() and semsetlabel() functions will fail if:
The existing semid label is not dominated by the process clearance.
The label argument points to an illegal address.
The semid argument is not a valid semaphore identifier or the specified label is not dominated by the process clearance.
Trusted Extensions is enabled.
The function is semsetlabel() and the effective user ID of the calling process is not equal to the value of sem_perm.cuid or sem_perm.uid in the data structure associated with semid, and {PRIV_IPC_OWNER} is not asserted in the effective set of the calling process.
See attributes(7) for descriptions of the following attributes:
|
ipcs(1), semctl(2), semget(2), semop(2), attributes(7), clearance(7). labels(7), privileges(7)
The semgetlabel() and semsetlabel() functions were added to Solaris in the Solaris 11.4.0 release.