Go to main content

man pages section 2: System Calls

Exit Print View

Updated: Thursday, June 13, 2019
 
 

semgetlabel (2)

Name

semgetlabel, semsetlabel - labeling interfaces for IPC semaphores

Synopsis

#include <sys/sem.h>
int semgetlabel(int semid, int semnum, m_label_t *label);
int semsetlabel(int semid, int semnum, m_label_t *label);

Description

The semgetlabel() and semsetlabel() functions get and set the labels of IPC semaphores. Labels provide another access control mechanism in addition to the permission bits that are managed using the semctl(2). In order to access the semid the current process clearance must dominate the label associated with semid.

The default label for all semaphores is ADMIN_LOW, which is dominated by every process clearance. The access policy only becomes effective when a new label is assigned using the semsetlabel(2).

To set a label the current process clearance must dominate both the new label and the current label of semid. In addition, the effective user ID must be equal to the value of sem_perm.cuid or sem_perm.uid in the data structure associated with semid.

The semgetlabel() and semsetlabel() functions are not supported when Trusted Extensions is enabled.

Return Values

Upon successful completion, 0 is returned. Otherwise, -1 is returned and errno is set to indicate the error.

Errors

The semgetlabel() and semsetlabel() functions will fail if:

EACCES

The existing semid label is not dominated by the process clearance.

EFAULT

The label argument points to an illegal address.

EINVAL

The semid argument is not a valid semaphore identifier or the specified label is not dominated by the process clearance.

ENOTSUP

The semgetlabel() and semsetlabel() functions cannot be used when Trusted Extensions is enabled.

EPERM

The function is semsetlabel() and the effective user ID of the calling process is not equal to the value of sem_perm.cuid or sem_perm.uid in the data structure associated with semid, and {PRIV_IPC_OWNER} is not asserted in the effective set of the calling process.

Attributes

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed
MT-Level
MT-Safe

See Also

ipcs(1), semctl(2), semget(2), semop(2), attributes(7), clearance(7). labels(7), privileges(7)