sec_setshmlab Subroutine

Purpose

Sets the security attributes for a shared memory segment.

Library

Standard C library (libc.a)

Syntax

#include <sys/mac.h>
#include <sys/ipc.h>
#include <sys/shm.h>
int sec_setshmlab (shmid, sl, tl)
int shmid;
sl_t *sl;
tl_t *tl;

Description

The sec_setshmlab subroutine sets the security attributes of the shared memory segment that is specified by the shmid parameter. The subroutine associates a sensitivity label and an integrity label with the shared memory segment. The sl parameter points to the sensitivity label, and the tl parameter points to the integrity label. If the sl or tl parameter is a null pointer, the sensitivity label or integrity label of the shared memory segment remains unchanged.

To change the sensitivity label of a shared memory segment, a process must have the PV_LAB_SL_FILE privilege, DAC and MAC WRITE access to the shared memory segment, and the PV_LAB_SLUG or PV_LAB_SLDG privilege for upgrading or downgrading the label. A process must have DAC OWNER access to the shared memory segment to downgrade the sensitivity label. If the old sensitivity label or the new sensitivity label is outside of the process clearance, the process needs the PV_MAC_CL privilege to change the label.

To change the integrity label of a shared memory segment, a process must have the PV_LAB_TL privilege and have MAC WRITE and DAC OWNER access to the shared memory segment.

Parameters

Item Description
shmid Specifies the shared memory segment.
sl Points to a sensitivity label structure.
tl Points to an integrity label (TL) structure.

Return Values

Item Description
0 Successful
-1 Unsuccessful

Error Codes

Item Description
EPERM The calling process does not have permissions or privileges.
EFAULT The address that the sl or tl parameter points to is not valid.
EINVAL The shared memory segment that the shmid parameter specifies is not valid.