getsecconfig and setsecconfig Subroutines

Purpose

Retrieves and sets the kernel security configuration flags for system run mode.

Library

Trusted AIX® Library ( libmls.a )

Syntax

#include <mls/mls.h>

int getsecconfig (secconf)
uint32_t *secconf;

int setsecconfig(secconf, mode)
uint32_t secconf;
ushort mode;

Description

The getsecconfig subroutine retrieves the security configuration flags based on the current run mode. The flags are copied to kernel security configuration flag specified by the secconf parameter.

The setsecconfig subroutine sets the kernel security configuration for the specified mode according to flag that the secconf parameter specifies. The kernel configuration flags can only be changed in the CONFIGURATION runtime mode.

Parameters

Item	Description
secconf	Specifies the kernel security configuration flags.
Mode	Specifies the runtime mode to be updated. The valid values are CONFIGURATION_MODE and OPERATIONAL_MODE.

Security

Access Control: To set the configuration flags, the calling process invoking should have the PV_KER_SECCONFIG privilege.

Return Values

If successful, these subroutines return a value of zero. Otherwise, they return a value of -1.

Error Codes

If these subroutines fail, they set one of the following error codes:

Item	Description
EINVAL	The value that the parameter specifies is null.
EINVAL	The specified run time mode is not valid.
EINVAL	The configuration flags that are specified are not proper.
EPERM	The calling process either does not have permissions or privileges, or the system is not in the CONFIGURATION runtime mode.