Sets, unsets, and queries a process' RBAC properties.
Standard C Library (libc.a)
The proc_rbac_op subroutine is used to set, unset, and query a process' Role Based Access Control (RBAC) awareness.
To use the proc_rbac_op subroutine, the calling process must have the ACT_P_SET_PAGRBAC privilege. If running in a Trusted AIX® environment, the calling process must have the appropriate label properties to perform the operation on the target process specified by the Pid parameter.
Item | Description |
---|---|
Cmd | Specifies the command to run on the target process. The Cmd parameter has the following values:
|
Pid | Specifies the Pid for the target process. A negative Pid value denotes the current process. |
Param | This parameter is dependent on the command that the Cmd parameter specifies. PROC_RBAC_SET and PROC_RBAC_UNSET: Can only be SEC_NOEXEC or SEC_RBACAWARE. Only one flag can be specified for a call. PROC_RBAC_GET: Upon return, holds the status of SEC_NOEXEC, SEC_RBACAWARE, and SEC_PRIVCMD. |
On successful completion, the proc_rbac_op subroutine returns the value of zero. If the subroutine fails, it returns a value of 1, and the errno will be set.
The proc_rbac_op subroutine fails if one of the following values is true:
Item | Description |
---|---|
EINVAL | An invalid Cmd value was given or a NULL pointer was given for the Status parameter with the PROC_RBAC_GET command. |
ESRCH | The pid value does not correspond to a valid process. |
EPERM | The calling process does not have the appropriate RBAC privilege. Or, if the Trusted AIX is enabled, the calling process does not have the appropriate label information. |
EFAULT | The copy operation to the Param buffer fails. |
ENOSYS | The system is not running in the enhanced RBAC mode. |