author | <gerald.jelinek@sun.com> |
Wed, 11 Feb 2009 09:33:05 -0700 | |
changeset 8759 | 8436cd998603 |
parent 8023 | faf256d5c16c |
child 9751 | 8e29565352fc |
permissions | -rw-r--r-- |
2712 | 1 |
<?xml version="1.0"?> |
2 |
||
3 |
<!-- |
|
4 |
CDDL HEADER START |
|
5 |
||
6 |
The contents of this file are subject to the terms of the |
|
7 |
Common Development and Distribution License (the "License"). |
|
8 |
You may not use this file except in compliance with the License. |
|
9 |
||
10 |
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
11 |
or http://www.opensolaris.org/os/licensing. |
|
12 |
See the License for the specific language governing permissions |
|
13 |
and limitations under the License. |
|
14 |
||
15 |
When distributing Covered Code, include this CDDL HEADER in each |
|
16 |
file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
17 |
If applicable, add the following below this CDDL HEADER, with the |
|
18 |
fields enclosed by brackets "[]" replaced with your own identifying |
|
19 |
information: Portions Copyright [yyyy] [name of copyright owner] |
|
20 |
||
21 |
CDDL HEADER END |
|
22 |
||
8759 | 23 |
Copyright 2009 Sun Microsystems, Inc. All rights reserved. |
2712 | 24 |
Use is subject to license terms. |
25 |
||
26 |
DO NOT EDIT THIS FILE. |
|
27 |
--> |
|
28 |
||
29 |
<!DOCTYPE brand PUBLIC "-//Sun Microsystems Inc//DTD Brands//EN" |
|
30 |
"file:///usr/share/lib/xml/dtd/brand.dtd.1"> |
|
31 |
||
32 |
<brand name="native"> |
|
33 |
<modname></modname> |
|
34 |
||
35 |
<initname>/sbin/init</initname> |
|
36 |
<login_cmd>/usr/bin/login -z %Z -f %u</login_cmd> |
|
4344
4cd49af6f951
6558487 zlogin should not call getpwnam() after zone_enter() during non-interactive zlogin -l
sl108498
parents:
3673
diff
changeset
|
37 |
<user_cmd>/usr/bin/getent passwd %u</user_cmd> |
2712 | 38 |
|
7089
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
39 |
<install>/usr/lib/brand/native/sw_support install %z %R</install> |
8759 | 40 |
<installopts>a:b:d:psuv</installopts> |
2712 | 41 |
<verify_cfg></verify_cfg> |
42 |
<verify_adm></verify_adm> |
|
7089
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
43 |
<postclone>/usr/lib/brand/native/sw_support postclone %z %R</postclone> |
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
44 |
<attach>/usr/lib/brand/native/sw_support attach %z %R</attach> |
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
45 |
<detach>/usr/lib/brand/native/sw_support detach %z %R</detach> |
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
46 |
<presnap>/usr/lib/brand/native/sw_support presnap %z %R</presnap> |
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
47 |
<postsnap>/usr/lib/brand/native/sw_support postsnap %z %R</postsnap> |
0461a2d76570
6553514 native zone svr4 pkg code should be moved into zone callbacks
gjelinek
parents:
6784
diff
changeset
|
48 |
<validatesnap>/usr/lib/brand/native/sw_support validatesnap %z %R</validatesnap> |
2712 | 49 |
|
50 |
<privilege set="default" name="contract_event" /> |
|
6073 | 51 |
<privilege set="default" name="contract_identity" /> |
2712 | 52 |
<privilege set="default" name="contract_observer" /> |
53 |
<privilege set="default" name="file_chown" /> |
|
54 |
<privilege set="default" name="file_chown_self" /> |
|
55 |
<privilege set="default" name="file_dac_execute" /> |
|
56 |
<privilege set="default" name="file_dac_read" /> |
|
57 |
<privilege set="default" name="file_dac_search" /> |
|
58 |
<privilege set="default" name="file_dac_write" /> |
|
59 |
<privilege set="default" name="file_owner" /> |
|
60 |
<privilege set="default" name="file_setid" /> |
|
61 |
<privilege set="default" name="ipc_dac_read" /> |
|
62 |
<privilege set="default" name="ipc_dac_write" /> |
|
63 |
<privilege set="default" name="ipc_owner" /> |
|
64 |
<privilege set="default" name="net_bindmlp" /> |
|
65 |
<privilege set="default" name="net_icmpaccess" /> |
|
66 |
<privilege set="default" name="net_mac_aware" /> |
|
8023
faf256d5c16c
PSARC/2006/475 Clearview: IP Observability Devices
Philip Kirk <Phil.Kirk@Sun.COM>
parents:
7089
diff
changeset
|
67 |
<privilege set="default" name="net_observability" /> |
2712 | 68 |
<privilege set="default" name="net_privaddr" /> |
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
69 |
<privilege set="default" name="net_rawaccess" ip-type="exclusive" /> |
2712 | 70 |
<privilege set="default" name="proc_chroot" /> |
71 |
<privilege set="default" name="sys_audit" /> |
|
72 |
<privilege set="default" name="proc_audit" /> |
|
2768
3c77434a8dbb
PSARC/2004/580 zone/project.max-locked-memory Resource Controls
sl108498
parents:
2712
diff
changeset
|
73 |
<privilege set="default" name="proc_lock_memory" /> |
2712 | 74 |
<privilege set="default" name="proc_owner" /> |
75 |
<privilege set="default" name="proc_setid" /> |
|
76 |
<privilege set="default" name="proc_taskid" /> |
|
77 |
<privilege set="default" name="sys_acct" /> |
|
78 |
<privilege set="default" name="sys_admin" /> |
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
79 |
<privilege set="default" name="sys_ip_config" ip-type="exclusive" /> |
2712 | 80 |
<privilege set="default" name="sys_mount" /> |
81 |
<privilege set="default" name="sys_nfs" /> |
|
82 |
<privilege set="default" name="sys_resource" /> |
|
83 |
||
84 |
<privilege set="prohibited" name="dtrace_kernel" /> |
|
85 |
<privilege set="prohibited" name="proc_zone" /> |
|
86 |
<privilege set="prohibited" name="sys_config" /> |
|
87 |
<privilege set="prohibited" name="sys_devices" /> |
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
88 |
<privilege set="prohibited" name="sys_ip_config" ip-type="shared" /> |
2712 | 89 |
<privilege set="prohibited" name="sys_linkdir" /> |
90 |
<privilege set="prohibited" name="sys_net_config" /> |
|
91 |
<privilege set="prohibited" name="sys_res_config" /> |
|
92 |
<privilege set="prohibited" name="sys_suser_compat" /> |
|
6784 | 93 |
<privilege set="prohibited" name="xvm_control" /> |
94 |
<privilege set="prohibited" name="virt_manage" /> |
|
2712 | 95 |
|
96 |
<privilege set="required" name="proc_exec" /> |
|
97 |
<privilege set="required" name="proc_fork" /> |
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
98 |
<privilege set="required" name="sys_ip_config" ip-type="exclusive" /> |
2712 | 99 |
<privilege set="required" name="sys_mount" /> |
100 |
</brand> |