Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

271

272

273

274

275

276

277

278

279

280

OSS SEEP Programming

This section provides the following OSS Security Event-Exit Process (SEEP) information:

• “OSS SEEP Management” (page 274)

• “OSS SEEP Consultation” (page 275)

• “OSS SEEP System and Library Calls” (page 276)

• “Final Result of the Operation” (page 277)

• “OSS SEEP Interprocess-Communication Messages” (page 279)

• “OSS SEEP Design” (page 283)

• “OSS SEEP-Related EMS Events” (page 283)

An OSS SEEP is a user-written process that participates in additional file-access authorization for

operations on Version 3 catalog filesets that are OSS SEEP-protected and the OSS SEEP is running.

The OSS name server passes requests to the OSS SEEP for file operations and the OSS SEEP returns

a ruling to the OSS name server for enforcement.

For an overview of OSS SEEP, see “Accessing OSS SEEP-Protected Files” (page 83).

OSS SEEP Management

Subsystem Control Facility (SCF) commands provide the interface for configuration of the OSS

SEEP. For details of the OSS SEEP-related SCF commands and attributes, see the Open System

Services Management and Operations Guide.

The OSS name server controls starting and stopping the OSS SEEP.

Starting an OSS SEEP

The OSS name server automatically starts the associated OSS SEEP with the configured

process-attribute values for each of the following conditions:

• When the OSS name server's SEEPENABLED attribute is set to ON, or changed from OFF to

ON, and an OSS SEEP-protected fileset is mounted under it

• During fileset mount, if all of these conditions are true:

The fileset is OSS SEEP-protected.◦

◦ The associated OSS name server’s SEEPENABLED attribute value is ON.

◦ The OSS SEEP is not already running.

• When the SEEPPROTECTED attribute of a mounted fileset is set or changed from OFF to ON,

if the OSS name server’s SEEPENABLED attribute is ON and the OSS SEEP is not already

running

• Upon receiving an OSS SEEP death message due to the OSS SEEP’s CPU failure or other

reasons

• During OSS name server takeover for either of the following conditions:

If the OSS SEEP goes down along with the primary OSS name server due to a CPU failure◦

◦ If the OSS SEEP needs to be started based on the current OSS SEEP state

The following is done for the OSS SEEP start:

1. Create the process for the OSS SEEP

2. Open the OSS SEEP, send the startup parameter message, and close the OSS SEEP

274 Managing OSS Security