Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

t6ext_attr(3N)							t6ext_attr(3N)

NAME
     t6ext_attr, t6new_attr - Activate extended security attributes or set
     policy on security attribute change

SYNOPSIS
     cc [ flags ... ] file

     #include <sys/t6attrs.h>

     int t6ext_attr(int fd, t6cmd_t cmd);

     int t6new_attr(int fd, t6cmd_t cmd);

DESCRIPTION
     t6ext_attr turns on extended security operations on the trusted IPC
     mechanism. fd is the descriptor associated with the IPC mechanism, and
     cmd must be ON to turn on extended operations, or OFF to turn them off.
     When first created, the trusted IPC mechanism appears the same as an
     untrusted IPC mechanism.  It can be used in the same way to send and
     receive data as long as communications do not violate the security
     policies of the system.  Between systems that support mandatory access
     control, for example, communications can only occur between processes at
     the same sensitivity level.  Before the network endpoint allows a process
     to specify security attributes or manipulate the endpoint's security
     options, it must call t6ext_attr. Any attempt to use extended operations
     other than t6ext_err before calling this routine fails, setting errno to
     the appropriate value.

     t6new_attr with a value of ON for cmd tells the underlying TSIX software
     that the receiving process is only interested in security attributes if
     they differ from the last set of attributes it received.  After this
     call, t6recvfrom(3N) only returns valid security attributes when a change
     in the attributes is detected.  This is indicated by setting the
     t6recvfrom parameter new_attrs to non-zero.  When new attributes are
     returned, the full set of requested attributes is returned, not just
     those that have changed.  When cmd is OFF, the default situation
     prevails, that is, attributes are returned with each call to t6recvfrom.

CAPABILITIES
     t6ext_attr requires the CAP_NETWORK_MGT capability in the effective
     vector of its capability set.

ERRORS
     [EINVAL]	    For t6new_attr, the caller did not initialize the
		    endpoint's security extensions prior to this call

     [ENOSYS]	    Function not implemented as the session manager may not be
		    installed.

     [EPERM]	    Operation not permitted, inadequate capabilities.

									Page 1

t6ext_attr(3N)							t6ext_attr(3N)

SEE ALSO
     libt6(3N)

SOURCE
     Trusted Systems Interoperability Group

NOTES

									Page 2

Vote for polarhome