sec_setsemlab Subroutine
Purpose
Sets the security attributes for a semaphore.
Library
Standard C library (libc.a)
Syntax
#include <sys/mac.h>
#include <sys/ipc.h>
#include <sys/sem.h>int sec_setsemlab (semid, sl, tl)
int semid;
sl_t * sl;
tl_t *tl;
Description
The sec_setsemlab subroutine sets the security attributes of the semaphore that is specified by the semid parameter. The subroutine associates a sensitivity label and an integrity label with the semaphore. The sl parameter points to the sensitivity label, and the tl parameter points to the integrity label. If the sl or tl parameter is a null pointer, the sensitivity label or integrity label of the semaphore remains unchanged.
To change the sensitivity label of a semaphore, a process must have the PV_LAB_SL_FILE privilege, DAC and MAC WRITE access to the semaphore, and the PV_LAB_SLUG or PV_LAB_SLDG privilege for upgrading or downgrading the label. A process must have DAC OWNER access to the semaphore to downgrade the sensitivity label. If the old sensitivity label or the new sensitivity label is outside of the process clearance, the process needs the PV_MAC_CL privilege to change the label.
To change the integrity label of a semaphore, a process must have the PV_LAB_TL privilege and have MAC WRITE and DAC OWNER access to the semaphore.
Parameters
| Item | Description |
|---|---|
| semid | Specifies the semaphore. |
| sl | Points to a sensitivity label structure. |
| tl | Points to an integrity label structure. |
Return Values
| Item | Description |
|---|---|
| 0 | Successful |
| -1 | Unsuccessful |
Error Codes
| Item | Description |
|---|---|
| EPERM | The calling process does not have permissions or privileges. |
| EFAULT | The address that the sl or tl parameter points to is not valid. |
| EINVAL | The semaphore that the semid parameter specifies is not valid. |