Modifies the device security information in the privileged device database.
Security Library (libc.a)
The putdevattr subroutine writes a specified attribute into the device database. If the database is not open, this subroutine does an implicit open for reading and writing. Data changed by the putdevattr and putdevattrs subroutines must be explicitly committed by calling the putdevattr subroutine with a Type parameter specifying SEC_COMMIT. Until all the data is committed, only the subroutines within the process return written data.
New entries in the device databases must first be created by invoking the putdevattr subroutine with the SEC_NEW type.
Changes that are made to the privileged device database do not impact security considerations until the entire database is sent to the Kernel Security Tables through the setkst device or until the system is rebooted.
Item | Description |
---|---|
Device | The device name. The value should be the full path to the device on the system. This parameter must be specified unless the Type parameter is SEC_COMMIT. |
Attribute | Specifies that attribute is written. The following
possible attributes are defined in the usersec.h file:
|
Value | Specifies a buffer, a pointer to a buffer, or a pointer to a pointer depending on the Attribute and Type parameters. See the Type parameter for more details. |
Type | Specifies the type of attribute expected. Valid
types are defined in the usersec.h file and include:
|
File | Mode |
---|---|
/etc/security/privdevs | rw |
If successful, the putdevattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.
If the putdevattr subroutine fails, one of the following errno values can be set:
Item | Description |
---|---|
EINVAL | The Device parameter is NULL and the Type parameter is not SEC_COMMIT. |
EINVAL | The Device parameter is default or ALL. |
EINVAL | The Attribute parameter does not contain one of the defined attributes or is NULL. |
EINVAL | The Type parameter does not contain one of the defined values. |
EINVAL | The Value parameter does not point to a valid buffer or to valid data for this type of attribute. |
ENOENT | The device specified by the Device parameter does not exist. |
EPERM | The operation is not permitted. |