proc_rbac_op Subroutine

Purpose

Sets, unsets, and queries a process' RBAC properties.

Library

Standard C Library (libc.a)

Syntax

#include <sys/cred.h>
#include <sys/types.h>

int proc_rbac_op (Pid,Cmd, Param)
pid_t Pid
int Cmd
int *Param

Description

The proc_rbac_op subroutine is used to set, unset, and query a process' Role Based Access Control (RBAC) awareness.

To use the proc_rbac_op subroutine, the calling process must have the ACT_P_SET_PAGRBAC privilege. If running in a Trusted AIX® environment, the calling process must have the appropriate label properties to perform the operation on the target process specified by the Pid parameter.

Parameters

Item Description
Cmd Specifies the command to run on the target process. The Cmd parameter has the following values:
PROC_RBAC_SET
Sets the flag that is specified in the Param parameter for the target process.
PROC_RBAC_UNSET
Clears the flag that is specified in the Param parameter for the target process.
PROC_RBAC_GET
Returns the status of the process's security flags in regards to the SEC_NOEXEC, SEC_RBACAWARE, and SEC_PRIVCMD.
Pid Specifies the Pid for the target process. A negative Pid value denotes the current process.
Param This parameter is dependent on the command that the Cmd parameter specifies.

PROC_RBAC_SET and PROC_RBAC_UNSET: Can only be SEC_NOEXEC or SEC_RBACAWARE. Only one flag can be specified for a call.

PROC_RBAC_GET: Upon return, holds the status of SEC_NOEXEC, SEC_RBACAWARE, and SEC_PRIVCMD.

Return Values

On successful completion, the proc_rbac_op subroutine returns the value of zero. If the subroutine fails, it returns a value of 1, and the errno will be set.

Error Codes

The proc_rbac_op subroutine fails if one of the following values is true:

Item Description
EINVAL An invalid Cmd value was given or a NULL pointer was given for the Status parameter with the PROC_RBAC_GET command.
ESRCH The pid value does not correspond to a valid process.
EPERM The calling process does not have the appropriate RBAC privilege. Or, if the Trusted AIX is enabled, the calling process does not have the appropriate label information.
EFAULT The copy operation to the Param buffer fails.
ENOSYS The system is not running in the enhanced RBAC mode.