#include <sys/types.h> #include <priv.h>
uint_t getpflags(uint_t flag);
int setpflags(uint_t flag, uint_t value);
The getpflags() and setpflags() functions obtain and modify the current per-process flags.
The following values for flag are supported:
PRIV_AWARE This one bit flag takes the value of 0 (unset) or 1 (set). Only if this flag is set is the current process privilege-aware. A process can attempt to unset this flag but might fail silently if the observed set invariance condition cannot be met. Setting this flag is always successful. See privileges(5) for a discussion of this flag.
PRIV_DEBUG This one bit flag takes the value of 0 (unset) or 1 (set). Only if this flag is set does the current process have privilege debugging enabled. Processes can set and unset this flag at will.
NET_MAC_AWARE_INHERIT These flags are available only if the system is configured with Trusted Extensions. These one bit flags each take the value of 0 (unset) or 1 (set). If the NET_MAC_AWARE flag is set then the current process is allowed to communicate with peers at labels that are different than its own, subject to MAC policy.
The NET_MAC_AWARE_INHERIT flag controls the propagation of the NET_MAC_AWARE flag. When a process performs one of the exec(2) functions, the NET_MAC_AWARE flag is unset unless the NET_MAC_AWARE_INHERIT is set. NET_MAC_AWARE_INHERIT is always unset on one of the exec functions. The PRIV_NET_MAC_AWARE privilege is required to set either of these flags.
The getpflags() returns the value associated with a given per-process flag. If the flag argument is invalid, (uint_t)-1 is returned and errno is set to indicate the error.
Upon successful completion, setpflags() returns 0. Otherwise, -1 is returned and errno is set to indicate the error.
The getpflags() and setpflags() functions will fail if:
EINVAL The value of flag or the value to which the flag is set is out of range.
The setpflags() function will fail if:
EPERM An attempt was made to unset PRIV_AWARE but the observed set invariance condition was not met.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
ppriv(1), attributes(5), privileges(5)