labeling_enable, labeling_disable, labeling_set_encodings - Manage labeling
cc [flag...] file... -ltsol [library...]
#include <tsol/label.h> int labeling_enable(uint_t flags); int labeling_disable(uint_t flags); int labeling_set_encodings( const char *path);
The labeling_enable() and labeling_disable () functions enable and disable the security labeling services which are provided by the Trusted Extensions feature. These functions operate asynchronously, and the functions return before enabling or disabling is complete. Note that the is_system_labeled(3C) function may be used to determine if labeling services are active.
The enabling and disabling process affects all zones and system services and may take several minutes to complete. All zones are halted and may be automatically rebooted. Refer to the labeladm(8) man page for details on this process.
The flags argument is a bitwise-inclusive OR of zero or more of the following flags, defined in the tsol/label.h header:
If set, enabling or disabling will be done without making prior checks of current state and other conditions.
If set, a message will be sent to syslog upon the successful or unsuccessful completion of enabling or disabling.
If set, enabling or disabling will not be effective until the system is rebooted. Zones and system services are not affected except for normal boot processing.
The LABELING_SYSLOG and LABELING_DELAY flags may not be specified together.
The labeling_set_encodings() function sets the effective label-encodings file. The file specified by the path argument is verified by chk_encodings(8) and then copied to a system directory with a unique name.
Upon successful completion, labeling_enable(), labeling_disable(), and labeling_set_encodings()return 0. Otherwise, they return -1, and errno is set to indicate the error.
The labeling_enable() and labeling_disable () functions will fail if:
Invalid flags.
The labeling_set_encodings() function will fail if:
Invalid encoding file as determined by chk_encodings(8).
For the list of possible errors that can occur when accessing the specified file, such as ENOENT, EACCES, see access(2) man page.
See attributes(7) for descriptions of the following attributes:
|
is_system_labeled(3C), labels(7), trusted_extensions(7), chk_encodings(8), labeladm(8), labeld(8), tncfg(8)