Print this page
Code review comments from jeffpc
   1 PSECFLAGS(1)                     User Commands                    PSECFLAGS(1)
   2 
   3 
   4 
   5 NAME
   6        psecflags - inspect or modify process security flags
   7 
   8 SYNOPSIS
   9        /usr/bin/psecflags -s spec -e command
  10             [arg]...
  11 
  12        /usr/bin/psecflags -s spec [-i idtype]
  13             id ...
  14 
  15        /usr/bin/psecflags [-F] { pid | core }
  16 
  17        /usr/bin/psecflags -l
  18 
  19 
  20 DESCRIPTION
  21        The first invocation of the psecflags command runs the specified
  22        command with the security-flags modified as described by the -s
  23        argument.
  24 
  25        The second invocation modifies the security-flags of the processes
  26        described by idtype and id according as described by the -s argument.
  27 
  28        The third invocation describes the security-flags of the specified
  29        processes or core files.  The effective set is signified by 'E', the
  30        inheritable set by 'I', the lower set by 'L', and the upper set by 'U'.
  31 
  32        The fourth invocation lists the supported process security-flags,
  33        documented in security-flags(5).


 119                   be removed from the specification.  The pseudo-flags "all",
 120                   "none" and "current" are supported, to indicate that all
 121                   flags, no flags, or the current set of flags (respectively)
 122                   are to be included.
 123 
 124                   By default, the inheritable flags are changed.  You may
 125                   optionally specify the set to change using their single-
 126                   letter identifiers and an equals sign.
 127 
 128                   For a list of valid security-flags, see psecflags -l.
 129 
 130 
 131 EXAMPLES
 132        Example 1 Display the security-flags of the current shell.
 133 
 134          example$ psecflags $$
 135          100718:   -sh
 136               E:   aslr
 137               I:   aslr
 138                  L:     none
 139                  U:     aslr, forbidnullmap, noexecstack
 140 
 141 
 142 
 143        Example 2 Run a user command with ASLR enabled in addition to any
 144        inherited security flags.
 145 
 146          example$ psecflags -s current,aslr -e /bin/sh
 147          $ psecflags $$
 148          100724:   -sh
 149               E:   none
 150               I:   aslr
 151                  L:     none
 152                  U:     aslr, forbidnullmap, noexecstack
 153 
 154 
 155 
 156        Example 3 Remove aslr from the inheritable flags of all Bob's
 157        processes.
 158 
 159          example# psecflags -s current,-aslr -i uid bob
 160 
 161 
 162        Example 4 Add the aslr flag to the lower set, so that all future child
 163        processes must have this flag set.
 164 
 165          example# psecflags -s L=current,aslr $$
 166 
 167 
 168 EXIT STATUS
 169        The following exit values are returned:
 170 
 171 
 172        0


 179               An error has occured.
 180 
 181 
 182 ATTRIBUTES
 183        See attributes(5) for descriptions of the following attributes:
 184 
 185 
 186 
 187 
 188        +--------------------+-----------------+
 189        |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
 190        +--------------------+-----------------+
 191        |Interface Stability | Volatile        |
 192        +--------------------+-----------------+
 193 
 194 SEE ALSO
 195        exec(2), attributes(5), contract(4), security-flags(5), zones(5)
 196 
 197 
 198 
 199                                   May 3, 2014                     PSECFLAGS(1)
   1 PSECFLAGS(1)                     User Commands                    PSECFLAGS(1)
   2 
   3 
   4 
   5 NAME
   6        psecflags - inspect or modify process security flags
   7 
   8 SYNOPSIS
   9        /usr/bin/psecflags -s spec -e command [arg]...

  10 
  11        /usr/bin/psecflags -s spec [-i idtype] id ...

  12 
  13        /usr/bin/psecflags [-F] { pid | core }
  14 
  15        /usr/bin/psecflags -l
  16 
  17 
  18 DESCRIPTION
  19        The first invocation of the psecflags command runs the specified
  20        command with the security-flags modified as described by the -s
  21        argument.
  22 
  23        The second invocation modifies the security-flags of the processes
  24        described by idtype and id according as described by the -s argument.
  25 
  26        The third invocation describes the security-flags of the specified
  27        processes or core files.  The effective set is signified by 'E', the
  28        inheritable set by 'I', the lower set by 'L', and the upper set by 'U'.
  29 
  30        The fourth invocation lists the supported process security-flags,
  31        documented in security-flags(5).


 117                   be removed from the specification.  The pseudo-flags "all",
 118                   "none" and "current" are supported, to indicate that all
 119                   flags, no flags, or the current set of flags (respectively)
 120                   are to be included.
 121 
 122                   By default, the inheritable flags are changed.  You may
 123                   optionally specify the set to change using their single-
 124                   letter identifiers and an equals sign.
 125 
 126                   For a list of valid security-flags, see psecflags -l.
 127 
 128 
 129 EXAMPLES
 130        Example 1 Display the security-flags of the current shell.
 131 
 132          example$ psecflags $$
 133          100718:   -sh
 134               E:   aslr
 135               I:   aslr
 136               L:   none
 137               U:   aslr,forbidnullmap,noexecstack
 138 
 139 
 140 
 141        Example 2 Run a user command with ASLR enabled in addition to any
 142        inherited security flags.
 143 
 144          example$ psecflags -s current,aslr -e /bin/sh
 145          $ psecflags $$
 146          100724:   -sh
 147               E:   none
 148               I:   aslr
 149               L:   none
 150               U:   aslr,forbidnullmap,noexecstack
 151 
 152 
 153 
 154        Example 3 Remove aslr from the inheritable flags of all Bob's
 155        processes.
 156 
 157          example# psecflags -s current,-aslr -i uid bob
 158 
 159 
 160        Example 4 Add the aslr flag to the lower set, so that all future child
 161        processes must have this flag set.
 162 
 163          example# psecflags -s L=current,aslr $$
 164 
 165 
 166 EXIT STATUS
 167        The following exit values are returned:
 168 
 169 
 170        0


 177               An error has occured.
 178 
 179 
 180 ATTRIBUTES
 181        See attributes(5) for descriptions of the following attributes:
 182 
 183 
 184 
 185 
 186        +--------------------+-----------------+
 187        |  ATTRIBUTE TYPE    | ATTRIBUTE VALUE |
 188        +--------------------+-----------------+
 189        |Interface Stability | Volatile        |
 190        +--------------------+-----------------+
 191 
 192 SEE ALSO
 193        exec(2), attributes(5), contract(4), security-flags(5), zones(5)
 194 
 195 
 196 
 197                                  June 6, 2016                     PSECFLAGS(1)