setfilexsec(1M)setfilexsec(1M)NAMEsetfilexsec - set extended security attributes on a binary file
compartmentname] flags] privs] privs] privs] privs] filename
The command sets various extended security attributes of binary files.
The attributes currently include retained privileges, permitted privi‐
leges, compartment, and the privilege start flag. See privileges(5)
and execve(2) for a description of these attributes. The security
attributes are stored in a configuration file and maintain persistence
across reboot. The attributes are stored in a configuration file and
loaded when the system reboots.
The command recognizes the following options:
Sets the compartment name for the binary executable file.
Deletes any security information for the file from the configu‐
ration file and
Deletes any security information for the file given by
absolutepath from the configuration file only. This is
used to clear attributes of a deleted file.
Sets the security attribute flags.
The only defined flag is the privilege start flag.
The privilege_start flag must be either or If the value is
when the binary is executed, the process' effective privi‐
leges are set to the newly computed permitted privilege
set. If the value is when the binary file is executed, the
process' effective privileges are set to (no privileges).
If this option is not specified and the process start flag
is not already set for the binary file, the flag is set to
Adds or changes the minimum permitted privileges.
This must be a subset of the maximum permitted privileges.
Adds or changes the maximum permitted privileges.
This must be equal to or a superset of the minimum permit‐
ted privileges, minimum retained privileges, and maximum
Adds or changes the minimum retained privileges.
This must be a subset of the maximum retained privileges as
well as minimum permitted privileges.
Adds or changes the maximum retained privileges.
This must be equal to or a superset of the minimum retained
privileges. This set must also be a subset of the maximum
For the third form of the command, if any of the options are not speci‐
fied, takes the following action:
· If the binary's extended attributes are already set (for
example, through a previous invocation of the command), the
previous value for the option is used.
· If the binary's extended attributes are not set, they default
to null (i.e., empty sets for privileges and empty value for
privs This is a list of privileges seperated by comma See the
desciption of priv_list argument in priv_str_to_set(3).
This must be a valid compartment on the system or an
empty string (""). If it is an an empty string, the com‐
partment part of the security attributes are cleared.
The command recognizes the following operands:
filename A binary executable. Extended attributes set on
executable scripts are ignored by the kernel.
The caller must have the following authorization:
The command returns the following values:
The security attributes are updated successfully.
An error occurs.
An error can be caused by an invalid option, an invalid
argument, or insufficient permissions for the user to per‐
form the operation.
Example 1: Add a security attributes entry for the binary executable
for the first time:
setfilexsec-r cmptread \
-R policy,!changecmpt -p cmptread,cmptwrite \
-P policy -f start_nil -c web /web/java
The command has the following effect:
When a process performs a of the binary the process's attributes
are modified as follows:
· The retained privilege set includes at least and
· The retained privilege set does not include
· The permitted privilege set includes at least
· The permitted privilege set is equal to the policy privilege
set (depends on the inheritable set before the
· The process changes its compartment to
· Since the process is privilege-aware, the effective privilege
set is empty (and the application may raise the privileges in
the permitted privilege set at run time).
Example 2: Modify the minimum retained privilege set and flags for the
Because the flag is specified, the effective privilege set is
equal to the permitted privilege set (the application presumably
does not manipulate the privileges at run time).
Example 3: Delete all extended security attributes for the same binary:
If a binary file that has extended security attributes set is modified
or replaced, the attributes are no longer applied for that file, but
are still present in system tables. On reboot, the system would detect
that the file contents have changed using a simple checksum mechanism.
Upon detecting such a scenario, the attributes of the file are ignored
and an error message is issued corresponding to the file entry. For
proper operation, when a file is modified, run to remove the extended
attributes instead of relying on the checksum mechanism.
When replacing a binary, in order to retain the privileges on the
binary, run first to remove the prior privilege attributes, replace the
binary, and then run to re-assign attributes.
Note that the NFS protocol is not extended to support extended security
attributes. Hence the NFS mounted binaries should not be configured
with any extended security attributes.
SEE ALSOgetfilexsec(1M), exec(2), priv_str_to_set(3), privileges(5).