Next: API extensions
Up: Design
Previous: Permissions
Control Requirements
Table 43:
Control requirements for manipulating semaphores.
|
CONTROL REQUIREMENT(S) |
CALL(S) |
CLASS |
PERM |
SSID |
TSID |
semget, |
sem |
create |
current |
sem |
semget_secure |
sem |
associate |
current |
sem |
semsid |
sem |
getattr |
current |
sem |
semop (sem_op==0) |
sem |
read |
current |
sem |
semop (sem_op!=0) |
sem |
write |
current |
sem |
semctl.SEM_STAT, |
sem |
getattr |
current |
sem |
IPC_STAT |
sem |
associate |
current |
sem |
semctl.IPC_GETNCNT, |
sem |
getattr |
current |
sem |
IPC_GETPID, |
|
|
|
|
IPC_GETZCNT |
|
|
|
|
semctl.IPC_SET |
sem |
setattr |
current |
sem |
semctl.IPC_RMID |
sem |
destroy |
current |
sem |
semctl.IPC_GETALL, |
sem |
read |
current |
sem |
IPC_GETVAL |
|
|
|
|
semctl.IPC_SETALL, |
sem |
write |
current |
sem |
IPC_SETVAL |
|
|
|
|
semctl.SEM_INFO, |
system |
ipc_info |
current |
kernel |
IPC_INFO |
|
|
|
|
|
Table 44:
Control requirements for manipulating message queues.
|
CONTROL REQUIREMENT(S) |
CALL(S) |
CLASS |
PERM |
SSID |
TSID |
msgget, |
msgq |
create |
current |
msgq |
msgget_secure |
msgq |
associate |
current |
msgq |
msgsid |
msgq |
getattr |
current |
msgq |
msgsnd, |
msgq |
write |
current |
msgq |
msgsnd_secure |
msg |
send |
current |
msg |
|
msgq |
enqueue |
msg |
msgq |
msgrcv, |
msgq |
read |
current |
msgq |
msgrcv_secure |
msg |
receive |
current |
msg |
msgctl.MSG_STAT, |
msgq |
getattr |
current |
msgq |
IPC_STAT |
msgq |
associate |
current |
msgq |
msgctl.IPC_SET |
msgq |
setattr |
current |
msgq |
msgctl.IPC_RMID |
msgq |
destroy |
current |
msgq |
msgctl.MSG_INFO, |
system |
ipc_info |
current |
kernel |
IPC_INFO |
|
|
|
|
|
Table 45:
Control requirements for manipulating shared memory.
|
CONTROL REQUIREMENT(S) |
CALL(S) |
CLASS |
PERM |
SSID |
TSID |
shmget, |
shm |
create |
current |
shm |
shmget_secure |
shm |
associate |
current |
shm |
shmsid |
shm |
getattr |
current |
shm |
shmat (SHM_RDONLY) |
shm |
read |
current |
shm |
shmat (!SHM_RDONLY) |
shm |
read |
current |
shm |
|
shm |
write |
current |
shm |
shmctl.SHM_STAT, |
shm |
getattr |
current |
shm |
IPC_STAT |
shm |
associate |
current |
shm |
shmctl.IPC_SET |
shm |
setattr |
current |
shm |
shmctl.IPC_RMID |
shm |
destroy |
current |
shm |
shmctl.SHM_LOCK, |
shm |
lock |
current |
shm |
SHM_UNLOCK |
|
|
|
|
shmctl.SHM_INFO, |
system |
ipc_info |
current |
kernel |
IPC_INFO |
|
|
|
|
|
The control requirements for the System V IPC system calls are shown
in Table 43, Table 44, and
Table 45. For the most part these are obvious
extensions of the standard Linux permission bits.
Unlike for the file system open call, semget,
msgget, shmget and their _secure variants can not
validate the requested read or write permissions since these
system calls may also be used to obtain an id for use in the
semctl, msgctl, and shmctl calls which may
require neither read nor write permission to be
successful. The read and write permissions are checked
when making system calls which perform the actual data operations.
The message queue object employs the read and
write permission to determine if a specific process may utilize
a specific queue for receiving or sending messages, respectively. In
contrast the message object employs send and
receive permissions to determine if a given process is allowed to
receive or send a given message. The enqueue permission is used
to determine if a given message is permitted to ``pass through'' the
given queue.
Next: API extensions
Up: Design
Previous: Permissions