Table of Contents
Advertisement
getprocxsec(1M)
NAME
getprocxsec - display security attributes of a process
SYNOPSIS
getprocxsec
DESCRIPTION
The
getprocxsec
These attributes include the permitted privilege set, effective privilege set, retained privilege set, euid, and
the compartment name. See privileges(5) and compartments (5).
Each process has a permitted privilege set, effective privilege set, and retained privilege set. If the com-
partmentalization feature is enabled, it also has a compartment. When a process is created, the child pro-
cess inherits these attributes from the parent. When a process executes a binary, these attributes can be
changed. See setfilexsec(1M) and getfilexsec(1M) for information on how these extended attributes can be
manipulated at execution time.
For compatibility, the kernel handles processes with effective uid of zero in special ways. If the compart-
g
mentalization feature is disabled, these processes are treated as though they have all root replacement
privileges. If, on the other hand, the compartmentalization feature is enabled, these processes are treated
as though they have all the root replacement privileges except those configured as disallowed privileges for
the compartment.
Options
getprocxsec
-c
-e
-f
-p
-r
If none of the above options are specified, the default is
Operands
getprocxsec
pid
Security Restrictions
The specified process must be visible to the user invoking this command or the user must have the
MALLOWED
RETURN VALUE
getprocxsec
Successful completion. The attributes are displayed.
0
>0
An error occurred. An error can be caused by an invalid option or because the specified process
is not visible to the user.
EXAMPLES
Example 1
Display the privilege sets and compartment of the current process:
# getprocxsec
Sample output:
effective= BASIC
permitted= BASIC
retained= BASIC
cmpt= init
330
Hewlett-Packard Company
[
-c
] [
-e
] [
-f
] [
-p
] [
command displays various security attributes associated with a running process.
recognizes the following options:
Displays the compartment name of the process. If compartments are not enabled, nothing
is reported for this option.
Displays the implementation effective privilege set.
Displays the full form of the lists.
Displays the implementation permitted privilege set.
Display the implementation retained privilege set.
recognizes the following operand:
The process ID of the process whose attributes are being displayed. If pid is
procxsec
displays attributes of this process. If pid is
process' parent. If pid is not specified, it defaults to this process (equivalent to
privilege.
returns the following values:
-r
] [
pid
]
.
-perc -1
− 1 −
HP-UX 11i Version 2: December 2007 Update
getprocxsec(1M)
,
-1
get-
-2
, it displays attributes of the
).
-1
COM-
Advertisement
Table of Contents
