1 12/17/75  Using the Access Isolation Mechanism
 2 
 3 This segment contains notes and suggestions for users who plan to use the
 4 Access Isolation mechanism.
 5 
 6 
 7 Segment Restrictions: A process cannot write into any segment whose access
 8 class is not equal to the authorization of the process. Since some commands and
 9 subsystems create permanent data segments (in the user's home directory and
10 elsewhere), with the expectation that they can always write into them, some
11 care must be taken when logging in greater then system_low.
12 
13 
14 Directory Restrictions: Since the Access Isolation rules do not permit an
15 upgraded process (one whose authorization is greater than system_low) to create
16 subdirectories under directories whose access classes are less than its
17 authorization, and since your home directory (probably) is system_low, you must
18 plan ahead and create empty, upgraded subdirectories, at the authorizations you
19 wish to work at, before you actually login at those authorizations (or new_proc
20 to them). If you just login an upgraded process without having created a place
21 to work, you will find that the only directory in which you can create segments
22 in your process directory...not very useful for permanent work.
23 See the info file for the create_dir command for information on how to create
24 empty, upgraded directories.
25 
26 
27 Quota Restrictions: Upgraded directories must have terminal quotas.
28 To move more records of quota to an upgraded directory requires that the
29 authorization of the process be equal to the access class of the parent of the
30 upgraded directory. Thus, if you run out of quota while in a upgraded
31 directory, you are stuck. You must new_proc down to the level of its parent,
32 move more records of quota, and then new_proc back up. The only way to regain
33 quota which has been moved to the upgraded directory is to (1) delete it, or
34 (2) get the System Security Administrator to move it back using the
35 priv_move_quota command.
36 
37 
38 Mail Restrictions: In order to send and receive mail at various
39 authorizations, the access class of your ring 1 mailbox (User.mbx) must be
40 raised to your maximum authorization. This is automatically performed whenever
41 a mailbox is created; thus, the easiest way to raise the access class is to
42 delete it and re-create it. Alternatively, the System Security
43 Administrator may execute the reclassify_sys_seg command to change its access
44 class.
45 
46 
47 Command Restrictions: Some commands do not work at all in an upgraded process,
48 therefore, you must change your start_up.ec to avoid the following commands:
49     accept_messages
50     check_info_segs
51     estimate_bill
52     print_motd
53   You must be careful when using other commands. Some will work in a limited
54 fashion when running at greater than system_low. The following is a partial
55 list of the commands and their restrictions. These commands all create a
56 segment in your home directory, named User.suffix. The ones which allow you to
57 specify an alternative segment (abbrev and memo) can be used fully in an
58 upgraded process by specifying a segment whose access class is the same as the
59 authorization of the process.
60     abbrev (cannot add or delete abbreviations)
61     debug (cannot set or reset breaks)
62     probe (cannot set or reset breaks)
63     memo (cannot add, delete or repeat memos)
64 
65 
66 Subroutine Restrictions: Some subroutines and I/O modules will not work in all
67 cases in an upgraded process. For example, the vfile_ I/O module requires write
68 permission to a file when it is opened for shared use, even if it is only
69 opened for reading.