1 PSECFLAGS(1) User Commands PSECFLAGS(1)
2
3
4
5 NAME
6 psecflags - inspect or modify process security flags
7
8 SYNOPSIS
9 /usr/bin/psecflags -s spec -e command
10 [arg]...
11
12 /usr/bin/psecflags -s spec [-i idtype]
13 id ...
14
15 /usr/bin/psecflags [-F] { pid | core }
16
17 /usr/bin/psecflags -l
18
19
20 DESCRIPTION
21 The first invocation of the psecflags command runs the specified
22 command with the security-flags modified as described by the -s
23 argument.
24
25 The second invocation modifies the security-flags of the processes
26 described by idtype and id according as described by the -s argument.
27
28 The third invocation describes the security-flags of the specified
29 processes or core files. The effective set is signified by 'E', the
30 inheritable set by 'I', the lower set by 'L', and the upper set by 'U'.
31
32 The fourth invocation lists the supported process security-flags,
33 documented in security-flags(5).
119 be removed from the specification. The pseudo-flags "all",
120 "none" and "current" are supported, to indicate that all
121 flags, no flags, or the current set of flags (respectively)
122 are to be included.
123
124 By default, the inheritable flags are changed. You may
125 optionally specify the set to change using their single-
126 letter identifiers and an equals sign.
127
128 For a list of valid security-flags, see psecflags -l.
129
130
131 EXAMPLES
132 Example 1 Display the security-flags of the current shell.
133
134 example$ psecflags $$
135 100718: -sh
136 E: aslr
137 I: aslr
138 L: none
139 U: aslr, forbidnullmap, noexecstack
140
141
142
143 Example 2 Run a user command with ASLR enabled in addition to any
144 inherited security flags.
145
146 example$ psecflags -s current,aslr -e /bin/sh
147 $ psecflags $$
148 100724: -sh
149 E: none
150 I: aslr
151 L: none
152 U: aslr, forbidnullmap, noexecstack
153
154
155
156 Example 3 Remove aslr from the inheritable flags of all Bob's
157 processes.
158
159 example# psecflags -s current,-aslr -i uid bob
160
161
162 Example 4 Add the aslr flag to the lower set, so that all future child
163 processes must have this flag set.
164
165 example# psecflags -s L=current,aslr $$
166
167
168 EXIT STATUS
169 The following exit values are returned:
170
171
172 0
179 An error has occured.
180
181
182 ATTRIBUTES
183 See attributes(5) for descriptions of the following attributes:
184
185
186
187
188 +--------------------+-----------------+
189 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
190 +--------------------+-----------------+
191 |Interface Stability | Volatile |
192 +--------------------+-----------------+
193
194 SEE ALSO
195 exec(2), attributes(5), contract(4), security-flags(5), zones(5)
196
197
198
199 May 3, 2014 PSECFLAGS(1)
|
1 PSECFLAGS(1) User Commands PSECFLAGS(1)
2
3
4
5 NAME
6 psecflags - inspect or modify process security flags
7
8 SYNOPSIS
9 /usr/bin/psecflags -s spec -e command [arg]...
10
11 /usr/bin/psecflags -s spec [-i idtype] id ...
12
13 /usr/bin/psecflags [-F] { pid | core }
14
15 /usr/bin/psecflags -l
16
17
18 DESCRIPTION
19 The first invocation of the psecflags command runs the specified
20 command with the security-flags modified as described by the -s
21 argument.
22
23 The second invocation modifies the security-flags of the processes
24 described by idtype and id according as described by the -s argument.
25
26 The third invocation describes the security-flags of the specified
27 processes or core files. The effective set is signified by 'E', the
28 inheritable set by 'I', the lower set by 'L', and the upper set by 'U'.
29
30 The fourth invocation lists the supported process security-flags,
31 documented in security-flags(5).
117 be removed from the specification. The pseudo-flags "all",
118 "none" and "current" are supported, to indicate that all
119 flags, no flags, or the current set of flags (respectively)
120 are to be included.
121
122 By default, the inheritable flags are changed. You may
123 optionally specify the set to change using their single-
124 letter identifiers and an equals sign.
125
126 For a list of valid security-flags, see psecflags -l.
127
128
129 EXAMPLES
130 Example 1 Display the security-flags of the current shell.
131
132 example$ psecflags $$
133 100718: -sh
134 E: aslr
135 I: aslr
136 L: none
137 U: aslr,forbidnullmap,noexecstack
138
139
140
141 Example 2 Run a user command with ASLR enabled in addition to any
142 inherited security flags.
143
144 example$ psecflags -s current,aslr -e /bin/sh
145 $ psecflags $$
146 100724: -sh
147 E: none
148 I: aslr
149 L: none
150 U: aslr,forbidnullmap,noexecstack
151
152
153
154 Example 3 Remove aslr from the inheritable flags of all Bob's
155 processes.
156
157 example# psecflags -s current,-aslr -i uid bob
158
159
160 Example 4 Add the aslr flag to the lower set, so that all future child
161 processes must have this flag set.
162
163 example# psecflags -s L=current,aslr $$
164
165
166 EXIT STATUS
167 The following exit values are returned:
168
169
170 0
177 An error has occured.
178
179
180 ATTRIBUTES
181 See attributes(5) for descriptions of the following attributes:
182
183
184
185
186 +--------------------+-----------------+
187 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
188 +--------------------+-----------------+
189 |Interface Stability | Volatile |
190 +--------------------+-----------------+
191
192 SEE ALSO
193 exec(2), attributes(5), contract(4), security-flags(5), zones(5)
194
195
196
197 June 6, 2016 PSECFLAGS(1)
|