next up previous contents
Next: API extensions Up: Design Previous: Permissions   Contents


Control Requirements


Table 43: Control requirements for manipulating semaphores.
  CONTROL REQUIREMENT(S)
CALL(S) CLASS PERM SSID TSID
semget, sem create current sem
semget_secure sem associate current sem
semsid sem getattr current sem
semop (sem_op==0) sem read current sem
semop (sem_op!=0) sem write current sem
semctl.SEM_STAT, sem getattr current sem
IPC_STAT sem associate current sem
semctl.IPC_GETNCNT, sem getattr current sem
IPC_GETPID,      
IPC_GETZCNT      
semctl.IPC_SET sem setattr current sem
semctl.IPC_RMID sem destroy current sem
semctl.IPC_GETALL, sem read current sem
IPC_GETVAL      
semctl.IPC_SETALL, sem write current sem
IPC_SETVAL      
semctl.SEM_INFO, system ipc_info current kernel
IPC_INFO      



Table 44: Control requirements for manipulating message queues.
  CONTROL REQUIREMENT(S)
CALL(S) CLASS PERM SSID TSID
msgget, msgq create current msgq
msgget_secure msgq associate current msgq
msgsid msgq getattr current msgq
msgsnd, msgq write current msgq
msgsnd_secure msg send current msg
  msgq enqueue msg msgq
msgrcv, msgq read current msgq
msgrcv_secure msg receive current msg
msgctl.MSG_STAT, msgq getattr current msgq
IPC_STAT msgq associate current msgq
msgctl.IPC_SET msgq setattr current msgq
msgctl.IPC_RMID msgq destroy current msgq
msgctl.MSG_INFO, system ipc_info current kernel
IPC_INFO      



Table 45: Control requirements for manipulating shared memory.
  CONTROL REQUIREMENT(S)
CALL(S) CLASS PERM SSID TSID
shmget, shm create current shm
shmget_secure shm associate current shm
shmsid shm getattr current shm
shmat (SHM_RDONLY) shm read current shm
shmat (!SHM_RDONLY) shm read current shm
  shm write current shm
shmctl.SHM_STAT, shm getattr current shm
IPC_STAT shm associate current shm
shmctl.IPC_SET shm setattr current shm
shmctl.IPC_RMID shm destroy current shm
shmctl.SHM_LOCK, shm lock current shm
SHM_UNLOCK      
shmctl.SHM_INFO, system ipc_info current kernel
IPC_INFO      


The control requirements for the System V IPC system calls are shown in Table 43, Table 44, and Table 45. For the most part these are obvious extensions of the standard Linux permission bits.

Unlike for the file system open call, semget, msgget, shmget and their _secure variants can not validate the requested read or write permissions since these system calls may also be used to obtain an id for use in the semctl, msgctl, and shmctl calls which may require neither read nor write permission to be successful. The read and write permissions are checked when making system calls which perform the actual data operations.

The message queue object employs the read and write permission to determine if a specific process may utilize a specific queue for receiving or sending messages, respectively. In contrast the message object employs send and receive permissions to determine if a given process is allowed to receive or send a given message. The enqueue permission is used to determine if a given message is permitted to ``pass through'' the given queue.


next up previous contents
Next: API extensions Up: Design Previous: Permissions   Contents