Process manager abilities

The io-pkt manager uses general and custom process manager abilities to protect the privileged operations required by networking components.

For an overview of process manager abilities, see Process privileges in the “Processes” chapter of the QNX Neutrino Programmer's Guide, and the entries for procmgr_ability() and iofunc_ability_check() in the C Library Reference.

General abilities

The general abilities govern which process operations io-pkt can do. Once io-pkt is up and running, you can use the qnx.kern.droproot sysctl command to tell it to stop running as root and run instead as the user that you specified with the -U option. At this point, io-pkt keeps the abilities that it needs and relinquishes the rest, but you can specify some additional abilities to retain if your networking driver needs them. On the command line, you can issue the sysctl command like this:

sysctl -w qnx.kern.droproot=value

The value is a hexadecimal number whose bits indicate which abilities io-pkt should keep, or 0 if you want io-pkt to continue to run as root. The QNX_DROPROOT_* flags are defined in <sys/iopkt_ability.h>:

Constant Value Keep this ability
QNX_DROPROOT_STD 0x0001 Drop root without keeping any additional abilities (keep the “standard” ones listed below)
QNX_DROPROOT_INTERRUPT 0x0002 PROCMGR_AID_INTERRUPT
QNX_DROPROOT_CONNECTION 0x0004 PROCMGR_AID_CONNECTION
QNX_DROPROOT_TIMER 0x0008 PROCMGR_AID_TIMER
QNX_DROPROOT_PROT_EXEC 0x0010 PROCMGR_AID_PROT_EXEC
QNX_DROPROOT_PATHSPACE 0x0020 Not used; io-pkt keeps PROCMGR_AID_PATHSPACE by default
QNX_DROPROOT_QNET 0x0040 PROCMGR_AID_QNET
QNX_DROPROOT_PUBLIC_CHANNEL 0x0080 PROCMGR_AID_PUBLIC_CHANNEL

By default, io-pkt retains the following abilities:

Custom abilities

In addition to using the general abilities, io-pkt sets up and uses some custom abilities to govern specific networking operations:

The names of the abilities are defined in <sys/iopkt_ability.h>:

Constant Value Description
_IOPKT_ABILITY_NW_BIND_PRIVPORT network/bind/privport Controls the ability to bind a privileged port; required by rresvport()
_IOPKT_ABILITY_NW_INTERFACE_GETPRIV network/interface/getpriv Checks if retrieving privileged information from the device via ioctl() is permitted
_IOPKT_ABILITY_NW_INTERFACE_SETPRIV network/interface/setpriv Checks if setting privileged parameters on the device via ioctl() is permitted
_IOPKT_ABILITY_NW_ROUTE_SET network/route/set Mediates if routing related operations are permitted
_IOPKT_ABILITY_NW_SOCKET_RAWSOCK network/socket/rawsock Controls who can allocate and use raw sockets; required by utilities such as ping and ping6