1 PSECFLAGS(1) User Commands PSECFLAGS(1)
2
3
4
5 NAME
6 psecflags - inspect or modify process security flags
7
8 SYNOPSIS
9 /usr/bin/psecflags -s [-+]flags -e command
10 [arg]...
11
12 /usr/bin/psecflags -s [-+]flags [-i idtype]
13 id ...
14
15 /usr/bin/psecflags [-F] { pid | core }
16
17 /usr/bin/psecflags -l
18
19
20 DESCRIPTION
21 The first invocation of the psecflags command runs the specified
22 command with the security-flags modified as described by the -s argument.
23
24 The second invocation modifies the security-flags of the processes
25 described by idtype and id according as described by the -s argument.
26
27 The third invocation describes the security-flags of the specified
28 processes or core files. The effective set is signified by 'E', and
29 the inheritable set by 'I'
30
31 The fourth invocation lists the supported process security-flags
32
33
34 OPTIONS
35 The following options are supported:
36
37 -e
38 Interpret the remaining arguments as a command line and run
39 the command with the security-flags specified with the -s
40 flag.
41
42
43 -F
44 Force. Grab the target process even if another process has
45 control.
46
47
48 -i idtype
49 This option, together with the id arguments specify one or
50 more processes whose security-flags will be modified. The
51 interpretation of the id arguments is based on idtype. If
52 idtype is omitted the default is pid.
53
54 Valid idtype options are:
55
56 all
57 The psecflags command applies to all processes
58
59
60 contract, ctid
61 The security-flags of any process with a contract
62 ID matching the id arguments are modified.
63
64
65 group, gid
66 The security-flags of any process with a group ID
67 matching the id arguments are modified.
68
69
70 pid
71 The security-flags of any process with a process
72 ID matching the id arguments are modified. This
73 is the default.
74
75
76 ppid
77 The security-flags of any processes whose parent
78 process ID matches the id arguments are modified.
79
80
81 project, projid
82 The security-flags of any process whose project ID
83 matches the id arguments are modified.
84
85
86 session, sid
87 The security-flags of any process whose session ID
88 matches the id arguments are modified.
89
90
91 taskid
92 The security-flags of any process whose task ID
93 matches the id arguments are modified.
94
95
96 user, uid
97 The security-flags of any process belonging to the
98 users matching the id arguments are modified.
99
100
101 zone, zoneid
102 The security-flags of any process running in the
103 zones matching the given id arguments are
104 modified
105
106
107 -l
108 List all supported process security-flags
109
110
111 -s specification
112 Modify the process security-flags according to specification.
113 Specifications take the form [-+]flagspec. Where + indicates
114 that the given flags should be enabled in addition to the
115 current flags, - indicates the given flags should be
116 disabled, and the default (with neither) the given flags
117 should replace the current flags.
118
119 flagspec is a comma-separated list of security flags, or the
120 string "none", which indicates that the security-flags are to
121 be cleared.
122
123 For a list of valid security-flags, see psecflags -l
124
125
126 EXAMPLES
127 Example 1 Display the security-flags of the current shell
128
129 example$ psecflags $$
130 100718: -sh
131 E: aslr
132 I: aslr
133
134
135
136 Example 2 Run a user command with ASLR enabled in addition to any
137 inherited security flags.
138
139 example$ psecflags -s +aslr -e /bin/sh
140 $ psecflags $$
141 100724: -sh
142 E: none
143 I: aslr
144
145
146
147 Example 3 Remove aslr from the inheritable flags of all Bob's
148 processes.
149
150 example# psecflags -s -aslr -i uid bob
151
152
153 EXIT STATUS
154 The following exit values are returned:
155
156
157 0
158
159 Success
160
161
162 non-zero
163
164 An error has occured
165
166
167 ATTRIBUTES
168 See attributes(5) for descriptions of the following attributes:
169
170
171
172
173 +--------------------+-----------------+
174 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
175 +--------------------+-----------------+
176 |Interface Stability | Volatile |
177 +--------------------+-----------------+
178
179 SEE ALSO
180 exec(2), attributes(5), contract(4), security-flags(5), zones(5)
181
182
183
184 May 3, 2014 PSECFLAGS(1)