Windows PowerShell command on Get-command setflabel

Manual Pages for UNIX Operating System command usage for man setflabel

Trusted Extensions Library Functions setflabel(3TSOL)

NAME

setflabel - move file to zone with corresponding sensitivity

label

SYNOPSIS

cc [flag...] file... -ltsol [library...]

#include

int setflabel(const char path, const m_label_t label_p);

DESCRIPTION

The file that is named by path is relabeled by moving it to a new pathname relative to the root directory of the zone

corresponding to label_p. If the source and destination file

systems are loopback mounted from the same underlying file system, the file is renamed. Otherwise, the file is copied and removed from the source directory.

The setflabel() function enforces the following policy

checks:

o If the sensitivity label of label_p equals the

existing sensitivity label, then the file is not moved. o If the corresponding directory does not exist in the destination zone, or if the directory exists,

but has a different label than label_p, the file is

not moved. Also, if the file already exists in the destination directory, the file is not moved. o If the sensitivity label of the existing file is not equal to the calling process label and the caller is not in the global zone, then the file is not moved. If the caller is in the global zone, the existing file label must be in a labeled zone (not

ADMIN_LOW or ADMIN_HIGH).

o If the calling process does not have write access to both the source and destination directories, then the calling process must have

PRIV_FILE_DAC_WRITE in its set of effective

privileges.

o If the sensitivity label of label_p provides read

only access to the existing sensitivity label (an upgrade), then the user must have the solaris.label.file.upgrade authorization. In

SunOS 5.11 Last change: 20 Jul 2007 1

Trusted Extensions Library Functions setflabel(3TSOL)

addition, if the current zone is a labeled zone, then it must have been assigned the privilege

PRIV_FILE_UPGRADE_SL when the zone was configured.

o If the sensitivity label of label_p does not pro-

vide access to the existing sensitivity label (a downgrade), then the calling user must have the solaris.label.file.downgrade authorization. In addition, if the current zone is a labeled zone, then it must have been assigned the privilege

PRIV_FILE_DOWNGRADE_SL when the zone was config-

ured. o If the calling process is not in the global zone, and the user does not have the solaris.label.range

authorization, then label_p must be within the

user's label range and within the system accredita-

tion range. o If the existing file is in use (not tranquil) it is not moved. This tranquility check does not cover race conditions nor remote file access.

Additional policy constraints can be implemented by custom-

izing the shell script /etc/security/tsol/relabel. See the comments in this file.

RETURN VALUES

Upon successful completion, setflabel() returns 0. Otherwise

it returns -1 and sets errno to indicate the error.

ERRORS

The setflabel() function fails and the file is unchanged if:

EACCES Search permission is denied for a component of the path prefix of path. The calling process does not have mandatory write access to the final component of path because the sensitivity label of the final

component of path does not dominate the sen-

sitivity label of the calling process and the calling process does not have

PRIV_FILE_MAC_WRITE in its set of effective

privileges. EBUSY There is an open file descriptor reference to the final component of path.

SunOS 5.11 Last change: 20 Jul 2007 2

Trusted Extensions Library Functions setflabel(3TSOL)

ECONNREFUSED A connection to the label daemon could not be established.

EEXIST A file with the same name exists in the des-

tination directory. EINVAL Improper parameters were received by the label daemon. EISDIR The existing file is a directory. ELOOP Too many symbolic links were encountered in translating path. EMLINK The existing file is hardlinked to another file.

ENAMETOOLONG The length of the path argument exceeds

PATH_MAX.

ENOENT The file referred to by path does not exist.

EROFS The file system is read-only or its label is

ADMIN_LOW or ADMIN_HIGH.

ATTRIBUTES

See attributes(5) for descriptions of the following attri-

butes:

____________________________________________________________

| ATTRIBUTE TYPE | ATTRIBUTE VALUE |

|_______________________|___________________________________|

| Interface Stability | Committed |

|_______________________|___________________________________|

| MT-Level | MT-Safe |

|_______________________|___________________________________|

Trusted Extensions Library Functions setflabel(3TSOL)

Setting a File Sensitivity Label in Oracle Solaris Trusted Extensions Developer's Guide NOTES The functionality described on this manual page is available only if the system is configured with Trusted Extensions.

SunOS 5.11 Last change: 20 Jul 2007 4

Manual Pages for UNIX Operating System command usage for man setflabel

Trusted Extensions Library Functions setflabel(3TSOL)

NAME

setflabel - move file to zone with corresponding sensitivity

SYNOPSIS

int setflabel(const char *path, const m_label_t *label_p);

DESCRIPTION

The setflabel() function enforces the following policy

Trusted Extensions Library Functions setflabel(3TSOL)

RETURN VALUES

Upon successful completion, setflabel() returns 0. Otherwise

ERRORS

The setflabel() function fails and the file is unchanged if:

Trusted Extensions Library Functions setflabel(3TSOL)

ENAMETOOLONG The length of the path argument exceeds

ATTRIBUTES

| ATTRIBUTE TYPE | ATTRIBUTE VALUE |

SEE ALSO

Trusted Extensions Library Functions setflabel(3TSOL)

int setflabel(const char path, const m_label_t label_p);