Capability
A capability is a resource to which a site controls access, using the standard access control mechanisms. The ability to execute vector instructions is a capability object. Only sites with a vector processor have such an object.
Contents
Naming rules
The only valid name for a capability object is VECTOR.
Types of access
The capability class supports the following types of access:
| Use | Gives a process the right to make use of the vector processor |
| Control | Gives you the right to change the protection and ownership elements of the object |
Template profile
The capability class provides the following template profile:
| Template name | Owner UIC | Protection code |
|---|---|---|
| DEFAULT | [SYSTEM] | S:U,O:U,G:U,W:U |
Modifications to the VECTOR template take effect the next time you boot the system. If you want to change the elements of the VECTOR object after the system is booted, you must modify the object directly. For example:
$ SET SECURITY/CLASS=CAPABILITY/PROTECTION=(S:U,O:U,G:U,W) VECTOR
Kinds of auditing performed
The operating system can audit the following type of event:
| Event audited | When audit occurs |
|---|---|
| Access | The first time after image activation that the process uses a vector instruction |
Permanence of the object
The capability object's security profile needs to be reset each time the system starts up.
