User Tools

Site Tools


solaris:getuserrange.3tsol

getuserrange


NAME

getuserrange - get the label range of a user

SYNOPSIS

cc [flags…] file-ltsol [library…]

#include <tsol/label.h>

m_range_t *getuserrange(const char *username);

DESCRIPTION

The getuserrange() function returns the label range of username. The lower bound in the range is used as the initial workspace label when a user logs into a multilevel desktop. The upper bound, or clearance, is used as an upper limit to the available labels that a user can assign to labeled workspaces.

The default value for a user’s label range is specified in label_encodings(5). Overriding values for individual users are specified in user_attr(5).

If the labeld(8) service is enabled, the default value for a user’s label range is specified in label_encodings(5). Otherwise, the default clearance is specified by the CLEARANCE property in policy.conf(5), which defaults to ADMIN_HIGH. Overriding values for individual users are specified in user_attr(5).

RETURN VALUES

The getuserrange() function returns NULL if the memory allocation fails. Otherwise, the function returns a structure which must be freed by the caller, as follows:

m_range_t *range;

m_label_free(range→lower_bound);
m_label_free(range→upper_bound);
free(range);

ERRORS

The getuserrange() function will fail if:

ENOMEM

The physical limits of the system are exceeded by size bytes of memory which cannot be allocated.

ATTRIBUTES

See attributes(7) for descriptions of the following attributes:

The getuserrange() function is Committed for systems that implement the Defense Intelligence Agency (DIA) MAC policy of label_encodings(5). Other policies might exist in a future release of Trusted Extensions that might make obsolete or supplement label_encodings.

SEE ALSO

free(3C), libtsol(3LIB), m_label_free(3TSOL), label_encodings(5), user_attr(5), attributes(7)


solaris/getuserrange.3tsol.txt · Last modified: 2023/07/19 08:58 by A User Not Logged in