This capability is intended to alleviate a security issue associated with dynamic loading. The user must have root authority to dynamically load, and a WLI administrator key must grant dlkm capability directly or through another authorized key.

1.2.4api

WLI permits an application to execute functions contained within the shared object library /opt/ wli/lib/libwliapi.so by granting api capability. This library provides functions to programmatically create, delete, and update policies described in Section 1.1 (page 9). The key signing the executable that invokes libwliapi.so functions must be granted api capability through wlicert. The executable is not required to have api capability.

The services provided by libwliapi are also provided by the wlipolicy command to users holding an authorized key. For an implementation example using libwliapi, see libwliapi example” (page 45).

1.2 Capabilities

11

Page 11
Image 11
HP UX Security Products and Features Software manual 4 api