secpol_resmgr_attach()

Attach a path to the pathname space with permissions set via a security policy

Synopsis:

#include <secpol/secpol.h>
#include <sys/iofunc.h>
#include <sys/resmgr.h>
#include <sys/dispatch.h>
int secpol_resmgr_attach(secpol_file_t *handle,
                         struct _dispatch *dpp,
                         struct _resmgr_attr *attr,
                         const char *path,
                         enum _file_type file_type,
                         unsigned flags,
                         const struct _resmgr_connect_funcs *connect_funcs,
                         const struct _resmgr_io_funcs *io_funcs,
                         iofunc_attr_t *iofunc_attr,
                         bool *perms_set)

Arguments:

handle
Handle to the security policy file. Usually NULL, which specifies that the default security policy file is used (either the system default or one set using secpol_open()).
dpp
A dispatch handle (see resmgr_attach() in the C Library Reference).
attr
A resource manager attribute (see resmgr_attach()).
path
The path to attach to. Unlike resmgr_attach(), this value cannot be NULL.
file_type
The file type (see resmgr_attach()).
flags
Flags that control the pathname resolution (see resmgr_attach()).
connect_funcs
Structure that defines connect functions (see resmgr_attach()).
io_funcs
Structure that defines connect I/O functions (see resmgr_attach()).
iofunc_attr
Attribute structure that is passed as the handle parameter of resmgr_attach(). It contains the ownership, permissions, and ACLs for the mount point and may be updated by secpol_resmgr_attach().
perms_set
If non-NULL, set to true if permissions were altered; otherwise, set to false.

Library:

libsecpol

Description:

The secpol_resmgr_attach() function performs the same operation as resmgr_attach() but also allows you to set permissions, ownership, and ACLs based on a security policy. It provides a way for a system integrator to set permissions for a server without adding command line parameters.

Most parameters have the same meaning as the corresponding resmgr_attach() ones.

If iofunc_attr has a mount structure, and mount->dev is 0, then secpol_resmgr_attach() issues a resmgr_devino() call for mount->dev and attr->inode.

If there is no security policy file, secpol_resmgr_attach() behaves the same as resmgr_attach().

You can use a security policy file to configure mount points only, without using any other security policies functionality.

Testing a secpol_resmgr_attach() call

To test the use of secpol_resmgr_attach(), create a file with a sample mount_point policy. For example, create a file policy.txt that has the following content. Replace /dev/mountpoint with the path that your resource manager uses:
mount_point 1000:1001 { u::rw g::r u:99:rw } /dev/mountpoint;

Use the following command to compile the file:

secpolcompile -o policy.bin policy.txt

Put the compiled policy on your target (at filepath) and use the following command to create a process manager symlink to it, which allows it to be accessed at the path /proc/boot/secpol.bin:

ln -sPf <filepath> /proc/boot/secpol.bin

Run your resource manager and use getfacl to look at the ownership and permissions of your mount point, which should be the ones specified in the policy.

If the call to secpol_resmgr_attach() fails instead, it might be because your resource manager prevents the use of ACLs. You can confirm this by removing u:99:rw in the example policy above and trying again. You can't use ACLs when the mount member of your iofunc_attr_t structure is set to an iofunc_mount_t structure rather than left as NULL. To fix this issue, the conf member of the mount structure should include the flag IOFUNC_PC_ACL (go to "The iofunc_mount_t mount structure" in Getting Started with the QNX OS). Because there is rarely, if ever, a reason to disable the use of ACLs with resource manager mount points, setting IOFUNC_PC_ACL allows their use with no further action required by you.

Returns:

A unique link ID associated with this attach, or -1 on failure.

The returned ID is needed to detach the pathname at a later time using resmgr_detach(). It is also passed to all connect and I/O message handlers in the resource manager context structure (ctp) created by resmgr_context_alloc().

On failure, errno is set to ENOTSUP if the policy includes ACLs and the resource manager does not allow them.

For other possible errors, see resmgr_attach().

Page updated: