sec_setshmlab Subroutine
Purpose
Sets the security attributes for a shared memory segment.
Library
Standard C library (libc.a)
Syntax
#include <sys/mac.h>
#include <sys/ipc.h>
#include <sys/shm.h>int sec_setshmlab (shmid, sl, tl)
int shmid;
sl_t *sl;
tl_t *tl;
Description
The sec_setshmlab subroutine sets the security attributes of the shared memory segment that is specified by the shmid parameter. The subroutine associates a sensitivity label and an integrity label with the shared memory segment. The sl parameter points to the sensitivity label, and the tl parameter points to the integrity label. If the sl or tl parameter is a null pointer, the sensitivity label or integrity label of the shared memory segment remains unchanged.
To change the sensitivity label of a shared memory segment, a process must have the PV_LAB_SL_FILE privilege, DAC and MAC WRITE access to the shared memory segment, and the PV_LAB_SLUG or PV_LAB_SLDG privilege for upgrading or downgrading the label. A process must have DAC OWNER access to the shared memory segment to downgrade the sensitivity label. If the old sensitivity label or the new sensitivity label is outside of the process clearance, the process needs the PV_MAC_CL privilege to change the label.
To change the integrity label of a shared memory segment, a process must have the PV_LAB_TL privilege and have MAC WRITE and DAC OWNER access to the shared memory segment.
Parameters
| Item | Description |
|---|---|
| shmid | Specifies the shared memory segment. |
| sl | Points to a sensitivity label structure. |
| tl | Points to an integrity label (TL) structure. |
Return Values
| Item | Description |
|---|---|
| 0 | Successful |
| -1 | Unsuccessful |
Error Codes
| Item | Description |
|---|---|
| EPERM | The calling process does not have permissions or privileges. |
| EFAULT | The address that the sl or tl parameter points to is not valid. |
| EINVAL | The shared memory segment that the shmid parameter specifies is not valid. |