getprocxsec(1M)getprocxsec(1M)NAMEgetprocxsec - display security attributes of a process
SYNOPSISDESCRIPTION
The command displays security attributes associated with a running
process. These attributes include the permitted privilege set, effec‐
tive privilege set, retained privilege set, euid, and the compartment
name. See privileges(5) and compartments(5).
Each process has a permitted privilege set, effective privilege set,
and retained privilege set. If the compartmentalization feature is
enabled, it also has a compartment. When a process is created, the
child process inherits these attributes from the parent. When a
process executes a binary, these attributes can be changed. See set‐
filexsec(1M) and getfilexsec(1M) for information on how these extended
attributes can be manipulated at execution time.
For compatibility, the kernel handles processes with effective uid of
zero in special ways. If the compartmentalization feature is disabled,
these processes are treated as though they have all root replacement
privileges. If, on the other hand, the compartmentalization feature is
enabled, these processes are treated as though they have all the root
replacement privileges except those configured as disallowed privileges
for the compartment.
Options
recognizes the following options:
Displays the compartment name of the process.
If compartments are not enabled, nothing is reported for
this option. If compartments are enabled, all the kernel
processes would be reported as running in "RESERVED CMPT" .
Displays the implementation effective privilege set.
Displays the full form of the lists.
Displays the implementation permitted privilege set.
Display the implementation retained privilege set.
If none of the above options are specified, the default is
Operands
recognizes the following operand:
pid The process ID of the process whose attributes are being
displayed. If pid is displays attributes of this process.
If pid is it displays attributes of the process' parent.
If pid is not specified, it defaults to this process
(equivalent to
Security Restrictions
The specified process must be visible to the user invoking this command
or the user must have the privilege.
RETURN VALUE
returns the following values:
Successful completion.
The attributes are displayed.
An error occurred.
An error can be caused by an invalid option or because the
specified process is not visible to the user.
EXAMPLES
Example 1: Display the privilege sets and compartment of the current
process:
Sample output:
effective= BASIC
permitted= BASIC
retained= BASIC
cmpt= init
euid= zero
Example 2: Display the privilege sets and compartment of the parent
process:
Sample output:
effective= BASIC
permitted= BASIC
retained= BASIC
cmpt= init
euid= zero
Example 3: Display the full privilege sets and compartment of an arbi‐
trary process:
Sample output:
effective= FORK EXEC SESSION LINKANY
permitted= FORK EXEC SESSION LINKANY
retained= FORK EXEC SESSION LINKANY
cmpt= web
euid= non-zero
SEE ALSOgetfilexsec(1M), setfilexsec(1M), compartments(5), privileges(5).
getprocxsec(1M)