Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

271

272

273

274

275

276

277

278

279

280

lchmod(2) – ee-oss-op-chmodaccess(2) – ee-oss-op-access*

lchown(2) – ee-oss-op-chownacl(2) – ee-oss-op-acl**

link(2) – ee-oss-op-linkbind(2) – ee-oss-op-bind

mkdir(2) – ee-oss-op-mkdirchdir(2) – ee-oss-op-chdir

mkfifo(3) – ee-oss-op-mkfifochmod(2) – ee-oss-op-chmod

mknod(2) – ee-oss-op-mknodchown(2) – ee-oss-op-chown

open(2) – ee-oss-op-open or

ee-oss-op-open64

chroot(2) – ee-oss-op-chroot

open64(2) – ee-oss-op-open64connect(2) – ee-oss-op-connect

opendir(3) – ee-oss-op-opendircreat(2) – ee-oss-op-open or

ee-oss-op-open64

PROCESS_SPAWN_ – ee-oss-op-execcreat64(2) – ee-oss-op-open64

remove(3) – ee-oss-op-rmdir or

ee-oss-op-unlink

execl(2) – ee-oss-op-exec

rename(2) – ee-oss-op-renameexecle(2) – ee-oss-op-exec

rename_oss(2) – ee-oss-op-renameexeclp(2) – ee-oss-op-exec

rmdir(2) – ee-oss-op-rmdirexecv(2) – ee-oss-op-exec

symlink(2) – ee-oss-op-symlinkexecve(2) – ee-oss-op-exec

tdm_execve(2) – ee-oss-op-execexecvp(2) – ee-oss-op-exec

tdm_execvep(2) – ee-oss-op-execFILE_OPEN_ – ee-oss-op-fileopen

tdm_spawn(2) – ee-oss-op-execfchmod(2) – ee-oss-op-chmod

tdm_spawnp(2) – ee-oss-op-execfchown(2) – ee-oss-op-chown

unlink(2) – ee-oss-op-unlinkfopen(3) – ee-oss-op-open or

ee-oss-op-open64

utime(2) – ee-oss-op-utimefopen64(3) – ee-oss-op-open64

* OSS SEEP consultation for access types other than F_OK

** OSS SEEP consultation only for ACL_SET

Final Result of the Operation

After receiving the OSS SEEP’s result for an authorization request, the OSS name server either

continues with the standard security evaluation or immediately responds to the request with a

security error.

The following decision table illustrates the final results of operations for the acl(ACL_SET),

chown(2), fchown(2), lchown(2), chmod(2), fchmod(2), lchmod(2), chdir(2), and

opendir(3) system and library calls.

Final ResultSOA MemberDirectory Search

Denial

Standard OSS

Permissions

Result

POSIX ACL ResultOSS SEEP Result

SuccessN/AN/AN/AYESYES

Failure (because

ACL result of NO)

NON/AN/ANOYES

Success (because

SOA member

YESN/AN/ANOYES

overrules ACL result

of NO)

SuccessN/AN/AN/ANoneYES

Failure (because

OSS SEEP result of

NO)

NON/AN/AN/ANO

OSS SEEP Programming 277