33
34 execattr_t *match_execattr(execattr_t *ep, char *profname,
35 char *type, char *id);
36
37
38 DESCRIPTION
39 The getexecattr() function returns a single exec_attr(4) entry.
40 Entries can come from any of the sources specified in the
41 nsswitch.conf(4) file.
42
43
44 Successive calls to getexecattr() return either successive exec_attr
45 entries or NULL. Because getexecattr() always returns a single entry,
46 the next pointer in the execattr_t data structure points to NULL.
47
48
49 The internal representation of an exec_attr entry is an execattr_t
50 structure defined in <exec_attr.h> with the following members:
51
52 char *name; /* name of the profile */
53 char *type; /* type of profile */
54 char *policy; /* policy under which the attributes are */
55 /* relevant*/
56 char *res1; /* reserved for future use */
57 char *res2; /* reserved for future use */
58 char *id; /* unique identifier */
59 kva_t *attr; /* attributes */
60 struct execattr_s *next; /* optional pointer to next profile */
61
62
63
64 The free_execattr() function releases memory. It follows the next
65 pointers in the execattr_t structure so that the entire linked list is
66 released.
67
68
69 The setexecattr() function "rewinds" to the beginning of the
70 enumeration of exec_attr entries. Calls to getexecuser() can leave the
71 enumeration in an indeterminate state. Therefore, setexecattr() should
72 be called before the first call to getexecattr().
73
74
75 The endexecattr() function can be called to indicate that exec_attr
136 Example 1 Find all profiles that have the ping command.
137
138 if ((execprof=getexecprof(NULL, KV_COMMAND, "/usr/sbin/ping",
139 GET_ONE)) == NULL) {
140 /* do error */
141 }
142
143
144 Example 2 Find the entry for the ping command in the Network
145 Administration Profile.
146
147 if ((execprof=getexecprof("Network Administration", KV_COMMAND,
148 "/usr/sbin/ping", GET_ALL))==NULL) {
149 /* do error */
150 }
151
152
153 Example 3 Tell everything that can be done in the Filesystem Security
154 profile.
155
156 if ((execprof=getexecprof("Filesystem Security", KV_NULL, NULL,
157 GET_ALL))==NULL)) {
158 /* do error */
159 }
160
161
162 Example 4 Tell if the tar utility is in a profile assigned to user
163 wetmore. If there is no exact profile entry, the wildcard (*), if
164 defined, is returned.
165
166
167 The following tells if the tar utility is in a profile assigned to user
168 wetmore. If there is no exact profile entry, the wildcard (*), if
169 defined, is returned.
170
171
172 if ((execprof=getexecuser("wetmore", KV_COMMAND, "/usr/bin/tar",
173 GET_ONE))==NULL) {
174 /* do error */
175 }
176
177
178 FILES
179 /etc/nsswitch.conf
180 configuration file lookup information for
181 the name server switch
182
183
184 /etc/user_attr
185 extended user attributes
186
187
188 /etc/security/exec_attr
189 execution profiles
190
191
192 /etc/security/policy.conf
193 policy definitions
194
195
196 ATTRIBUTES
197 See attributes(5) for descriptions of the following attributes:
198
199
200
201
202 +---------------+-----------------+
203 |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
204 +---------------+-----------------+
205 |MT-Level | MT-Safe |
206 +---------------+-----------------+
207
208 SEE ALSO
209 getauthattr(3SECDB), getuserattr(3SECDB), kva_match(3SECDB),
210 exec_attr(4), passwd(4), policy.conf(4), prof_attr(4), user_attr(4),
211 attributes(5)
212
213
214
215 May 27, 2014 GETEXECATTR(3SECDB)
|
33
34 execattr_t *match_execattr(execattr_t *ep, char *profname,
35 char *type, char *id);
36
37
38 DESCRIPTION
39 The getexecattr() function returns a single exec_attr(4) entry.
40 Entries can come from any of the sources specified in the
41 nsswitch.conf(4) file.
42
43
44 Successive calls to getexecattr() return either successive exec_attr
45 entries or NULL. Because getexecattr() always returns a single entry,
46 the next pointer in the execattr_t data structure points to NULL.
47
48
49 The internal representation of an exec_attr entry is an execattr_t
50 structure defined in <exec_attr.h> with the following members:
51
52 char *name; /* name of the profile */
53 char *policy; /* policy under which the attributes are */
54 /* relevant*/
55 char *type; /* type of profile */
56 char *res1; /* reserved for future use */
57 char *res2; /* reserved for future use */
58 char *id; /* unique identifier */
59 kva_t *attr; /* attributes */
60 struct execattr_s *next; /* optional pointer to next profile */
61
62
63
64 The free_execattr() function releases memory. It follows the next
65 pointers in the execattr_t structure so that the entire linked list is
66 released.
67
68
69 The setexecattr() function "rewinds" to the beginning of the
70 enumeration of exec_attr entries. Calls to getexecuser() can leave the
71 enumeration in an indeterminate state. Therefore, setexecattr() should
72 be called before the first call to getexecattr().
73
74
75 The endexecattr() function can be called to indicate that exec_attr
136 Example 1 Find all profiles that have the ping command.
137
138 if ((execprof=getexecprof(NULL, KV_COMMAND, "/usr/sbin/ping",
139 GET_ONE)) == NULL) {
140 /* do error */
141 }
142
143
144 Example 2 Find the entry for the ping command in the Network
145 Administration Profile.
146
147 if ((execprof=getexecprof("Network Administration", KV_COMMAND,
148 "/usr/sbin/ping", GET_ALL))==NULL) {
149 /* do error */
150 }
151
152
153 Example 3 Tell everything that can be done in the Filesystem Security
154 profile.
155
156 if ((execprof=getexecprof("Filesystem Security", NULL, NULL,
157 GET_ALL))==NULL)) {
158 /* do error */
159 }
160
161
162 Example 4 Tell if the tar utility is in a profile assigned to user
163 wetmore. If there is no exact profile entry, the wildcard (*), if
164 defined, is returned.
165
166 if ((execprof=getexecuser("wetmore", KV_COMMAND, "/usr/bin/tar",
167 GET_ONE))==NULL) {
168 /* do error */
169 }
170
171
172 FILES
173 /etc/nsswitch.conf
174 configuration file lookup information for
175 the name service switch
176
177
178 /etc/user_attr
179 extended user attributes
180
181
182 /etc/security/exec_attr
183 execution profiles
184
185
186 /etc/security/policy.conf
187 policy definitions
188
189
190 /etc/security/prof_attr
191 profile information
192
193
194 ATTRIBUTES
195 See attributes(5) for descriptions of the following attributes:
196
197
198
199
200 +---------------+-----------------+
201 |ATTRIBUTE TYPE | ATTRIBUTE VALUE |
202 +---------------+-----------------+
203 |MT-Level | MT-Safe |
204 +---------------+-----------------+
205
206 SEE ALSO
207 getauthattr(3SECDB), getprofattr(3SECDB), getuserattr(3SECDB),
208 kva_match(3SECDB), exec_attr(4), passwd(4), policy.conf(4),
209 prof_attr(4), user_attr(4), attributes(5)
210
211
212
213 August 13, 2018 GETEXECATTR(3SECDB)
|