A capability is a resource to which a site controls access,using the standard access control mechanisms. The ability to executevector instructions is a capability object. Only sites with a vectorprocessor have such an object.
NamingRules
The only valid name for a capability object is VECTOR.
Typesof Access
The capability class supports the following types of access:
Use
Gives a process the rightto make use of the vector processor
Control
Gives you the right to change the protectionand ownership elements of the object
Template Profile
The capability class provides the following template profile:
Template Name
Owner UIC
Protection Code
DEFAULT
[SYSTEM]
S:U,O:U,G:U,W:U
Modifications to the VECTOR template take effect the nexttime you boot the system. If you want to change the elements ofthe VECTOR object after the system is booted, you must modify theobject directly. For example:
$ SET SECURITY/CLASS=CAPABILITY/PROTECTION=(S:U,O:U,G:U,W) VECTOR
Kinds of Auditing Performed
The operating system can audit the following type of event:
Event Audited
When Audit Occurs
Access
The first time after image activationthat the process uses a vector instruction
Permanence of the Object
The capability object's security profile needs to be reseteach time the system starts up.