Labels on IPC objects

Edit online

All AIX® IPC facilities involve the creation and access of intermediary objects.

There are three different IPC facilities defined in AIX:
  • Message queues
  • Semaphores
  • Shared memory
All of these involve creating and accessing intermediary objects, called IPC objects, for interprocess communication. Each IPC object is protected by a set of attributes similar to the attributes that protect files. These attributes are:
  • The user ID and group ID of the object owner
  • The user ID and group ID of the object creator
  • The resource access mode, which is analogous to file access permission bits. Each object has read, write, and execute access for world, group, and object owner.
  • A sequence number to track resource usage
  • A key to identify the resource
As with other system objects, Trusted AIX extends these attributes with additional security attributes. On a Trusted AIX system, all IPC objects also have the following attributes:
  • A sensitivity label (SL)
  • An integrity label (TL)

You can use the settxattr command to view all of the security attributes of an IPC object. Reading an IPC object's attributes requires DAC READ and MAC READ access to the object.