getprocxsec(1M)getprocxsec(1M)NAMEgetprocxsec - display security attributes of a process
The command displays security attributes associated with a running
process. These attributes include the permitted privilege set, effec‐
tive privilege set, retained privilege set, euid, and the compartment
name. See privileges(5) and compartments(5).
Each process has a permitted privilege set, effective privilege set,
and retained privilege set. If the compartmentalization feature is
enabled, it also has a compartment. When a process is created, the
child process inherits these attributes from the parent. When a
process executes a binary, these attributes can be changed. See set‐
filexsec(1M) and getfilexsec(1M) for information on how these extended
attributes can be manipulated at execution time.
For compatibility, the kernel handles processes with effective uid of
zero in special ways. If the compartmentalization feature is disabled,
these processes are treated as though they have all root replacement
privileges. If, on the other hand, the compartmentalization feature is
enabled, these processes are treated as though they have all the root
replacement privileges except those configured as disallowed privileges
for the compartment.
recognizes the following options:
Displays the compartment name of the process.
If compartments are not enabled, nothing is reported for
this option. If compartments are enabled, all the kernel
processes would be reported as running in "RESERVED CMPT" .
Displays the implementation effective privilege set.
Displays the full form of the lists.
Displays the implementation permitted privilege set.
Display the implementation retained privilege set.
If none of the above options are specified, the default is
recognizes the following operand:
pid The process ID of the process whose attributes are being
displayed. If pid is displays attributes of this process.
If pid is it displays attributes of the process' parent.
If pid is not specified, it defaults to this process
The specified process must be visible to the user invoking this command
or the user must have the privilege.
returns the following values:
The attributes are displayed.
An error occurred.
An error can be caused by an invalid option or because the
specified process is not visible to the user.
Example 1: Display the privilege sets and compartment of the current
Example 2: Display the privilege sets and compartment of the parent
Example 3: Display the full privilege sets and compartment of an arbi‐
effective= FORK EXEC SESSION LINKANY
permitted= FORK EXEC SESSION LINKANY
retained= FORK EXEC SESSION LINKANY
SEE ALSOgetfilexsec(1M), setfilexsec(1M), compartments(5), privileges(5).