NAME
cmpt_change(), cmpt_get() — set and get process' compartment
SYNOPSIS
#include <sys/cmpt.h>
int cmpt_change(cmpt_t cid);
cmpt_t cmpt_get(pid_t pid);
Parameters
- cid
Compartment ID.
- pid
Process ID of the target process or
0
for the calling process.
DESCRIPTION
The
cmpt_change()
and
cmpt_get()
functions query and manipulate the compartment of a process.
The
cmpt_get()
function returns the given process' compartment ID.
If
0
is passed as the
pid
parameter, the compartment ID of the calling process is returned.
The
cmpt_change()
function changes the calling process' compartment ID to be the value of
cid.
Security Restrictions
In order for the
cmpt_change()
function to be effective, the calling process must possess the
CHANGECMPT
privilege.
See
privileges(5)
for more information about privileges.
RETURN VALUE
cmpt_get()
returns the following values:
- n>0
Successful completion.
The function returns a valid compartment ID.
- -1
Function failed.
errno
is set to indicate the error.
cmpt_change()
returns the following values:
- 0
Successful completion.
- -1
Function failed.
errno
is set to indicate the error.
ERRORS
If any of the following conditions occur, the functions fail and set
errno.
- EINVAL
Invalid compartment ID specified.
- ENOMEM
The function failed to allocate sufficient memory for its operation.
- EPERM
The process does not have the
CHANGECMPT
privilege.
- ESRCH
pid
is not valid.
EXAMPLES
#include <errno.h>
#include <sys/cmpt.h>
main()
{
cmpt_t c = cmpt_getbyname("init");
if (cmpt_change(c) == -1 )
{
perror("could not enter init compartment");
exit(1);
}
printf("The process is now running in compartment %d\n",
cmpt_get(0));
}
DEPENDENCIES
These functions are a part of the
libsec
library.
Printable version
