Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   10987 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

getprocxsec(1M)						       getprocxsec(1M)

NAME
       getprocxsec - display security attributes of a process

SYNOPSIS

DESCRIPTION
       The  command  displays  security	 attributes  associated with a running
       process.	 These attributes include the permitted privilege set,	effec‐
       tive  privilege	set, retained privilege set, euid, and the compartment
       name.  See privileges(5) and compartments(5).

       Each process has a permitted privilege set,  effective  privilege  set,
       and  retained  privilege	 set.	If the compartmentalization feature is
       enabled, it also has a compartment.  When a  process  is	 created,  the
       child  process  inherits	 these	attributes  from  the  parent.	When a
       process executes a binary, these attributes can be changed.   See  set‐
       filexsec(1M)  and getfilexsec(1M) for information on how these extended
       attributes can be manipulated at execution time.

       For compatibility, the kernel handles processes with effective  uid  of
       zero in special ways.  If the compartmentalization feature is disabled,
       these processes are treated as though they have	all  root  replacement
       privileges.  If, on the other hand, the compartmentalization feature is
       enabled, these processes are treated as though they have all  the  root
       replacement privileges except those configured as disallowed privileges
       for the compartment.

   Options
       recognizes the following options:

	      Displays the compartment name of the process.
		   If compartments are not enabled, nothing  is	 reported  for
		   this	 option.   If compartments are enabled, all the kernel
		   processes would be reported as running in "RESERVED CMPT" .

	      Displays the implementation effective privilege set.

	      Displays the full form of the lists.

	      Displays the implementation permitted privilege set.

	      Display the implementation retained privilege set.

       If none of the above options are specified, the default is

   Operands
       recognizes the following operand:

	      pid  The process ID of the process whose	attributes  are	 being
		   displayed.	If pid is displays attributes of this process.
		   If pid is it displays attributes of	the  process'  parent.
		   If  pid  is	not  specified,	 it  defaults  to this process
		   (equivalent to

   Security Restrictions
       The specified process must be visible to the user invoking this command
       or the user must have the privilege.

RETURN VALUE
       returns the following values:

	      Successful completion.
		   The attributes are displayed.

	      An error occurred.
		   An  error can be caused by an invalid option or because the
		   specified process is not visible to the user.

EXAMPLES
       Example 1: Display the privilege sets and compartment  of  the  current
       process:

       Sample output:

	      effective= BASIC
	      permitted= BASIC
	      retained= BASIC
	      cmpt= init
	      euid= zero

       Example	2:  Display  the  privilege sets and compartment of the parent
       process:

       Sample output:

	      effective= BASIC
	      permitted= BASIC
	      retained= BASIC
	      cmpt= init
	      euid= zero

       Example 3: Display the full privilege sets and compartment of an	 arbi‐
       trary process:

       Sample output:

	      effective= FORK EXEC SESSION LINKANY
	      permitted= FORK EXEC SESSION LINKANY
	      retained= FORK EXEC SESSION LINKANY
	      cmpt= web
	      euid= non-zero

SEE ALSO
       getfilexsec(1M), setfilexsec(1M), compartments(5), privileges(5).

							       getprocxsec(1M)

Vote for polarhome