1setflabel(3TSOL) Trusted Extensions Library Functions setflabel(3TSOL)
2
3
4
6 setflabel - move file to zone with corresponding sensitivity label
7
9 cc [flag...] file... -ltsol [library...]
10
11
12 #include <tsol/label.h>
13
14 int setflabel(const char *path, const m_label_t *label_p);
15
16
18 The file that is named by path is relabeled by moving it to a new path‐
19 name relative to the root directory of the zone corresponding to
20 label_p. If the source and destination file systems are loopback
21 mounted from the same underlying file system, the file is renamed. Oth‐
22 erwise, the file is copied and removed from the source directory.
23
24
25 The setflabel() function enforces the following policy checks:
26
27 o If the sensitivity label of label_p equals the existing sen‐
28 sitivity label, then the file is not moved.
29
30 o If the corresponding directory does not exist in the desti‐
31 nation zone, or if the directory exists, but has a different
32 label than label_p, the file is not moved. Also, if the file
33 already exists in the destination directory, the file is not
34 moved.
35
36 o If the sensitivity label of the existing file is not equal
37 to the calling process label and the caller is not in the
38 global zone, then the file is not moved. If the caller is in
39 the global zone, the existing file label must be in a
40 labeled zone (not ADMIN_LOW or ADMIN_HIGH).
41
42 o If the calling process does not have write access to both
43 the source and destination directories, then the calling
44 process must have PRIV_FILE_DAC_WRITE in its set of effec‐
45 tive privileges.
46
47 o If the sensitivity label of label_p provides read only
48 access to the existing sensitivity label (an upgrade), then
49 the user must have the solaris.label.file.upgrade authoriza‐
50 tion. In addition, if the current zone is a labeled zone,
51 then it must have been assigned the privilege
52 PRIV_FILE_UPGRADE_SL when the zone was configured.
53
54 o If the sensitivity label of label_p does not provide access
55 to the existing sensitivity label (a downgrade), then the
56 calling user must have the solaris.label.file.downgrade
57 authorization. In addition, if the current zone is a labeled
58 zone, then it must have been assigned the privilege
59 PRIV_FILE_DOWNGRADE_SL when the zone was configured.
60
61 o If the calling process is not in the global zone, and the
62 user does not have the solaris.label.range authorization,
63 then label_p must be within the user's label range and
64 within the system accreditation range.
65
66 o If the existing file is in use (not tranquil) it is not
67 moved. This tranquility check does not cover race conditions
68 nor remote file access.
69
70
71 Additional policy constraints can be implemented by customizing the
72 shell script /etc/security/tsol/relabel. See the comments in this file.
73
75 Upon successful completion, setflabel() returns 0. Otherwise it returns
76 -1 and sets errno to indicate the error.
77
79 The setflabel() function fails and the file is unchanged if:
80
81 EACCES Search permission is denied for a component of the path
82 prefix of path.
83
84 The calling process does not have mandatory write
85 access to the final component of path because the sen‐
86 sitivity label of the final component of path does not
87 dominate the sensitivity label of the calling process
88 and the calling process does not have
89 PRIV_FILE_MAC_WRITE in its set of effective privileges.
90
91
92 EBUSY There is an open file descriptor reference to the final
93 component of path.
94
95
96 ECONNREFUSED A connection to the label daemon could not be estab‐
97 lished.
98
99
100 EEXIST A file with the same name exists in the destination
101 directory.
102
103
104 EINVAL Improper parameters were received by the label daemon.
105
106
107 EISDIR The existing file is a directory.
108
109
110 ELOOP Too many symbolic links were encountered in translating
111 path.
112
113
114 EMLINK The existing file is hardlinked to another file.
115
116
117 ENAMETOOLONG The length of the path argument exceeds PATH_MAX.
118
119
120 ENOENT The file referred to by path does not exist.
121
122
123 EROFS The file system is read-only or its label is ADMIN_LOW
124 or ADMIN_HIGH.
125
126
128 See attributes(5) for descriptions of the following attributes:
129
130
131
132
133 ┌───────────────────────┬───────────────────────────────────┐
134 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
135 ├───────────────────────┼───────────────────────────────────┤
136 │Interface Stability │ Committed │
137 ├───────────────────────┼───────────────────────────────────┤
138 │MT-Level │ MT-Safe │
139 └───────────────────────┴───────────────────────────────────┘
140
142 libtsol(3LIB), attributes(5)
143
144
145 Setting a File Sensitivity Label in Solaris Trusted Extensions Devel‐
146 oper's Guide
147
149 The functionality described on this manual page is available only if
150 the system is configured with Trusted Extensions.
151
152
153
154SunOS 5.11 20 Jul 2007 setflabel(3TSOL)