upstream/illumos/illumos-gate: usr/src/uts/common/os/priv

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	5	* Common Development and Distribution License (the "License").
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	6	* You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	/*
6073 47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 5331 diff changeset	22	* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	23	* Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	INSERT COMMENT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29	# Privileges can be added to this file at any location, not
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30	# necessarily at the end. For patches, it is probably best to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	# add the new privilege at the end; for ordinary releases privileges
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	# should be ordered alphabetically.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	privilege PRIV_CONTRACT_EVENT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	Allows a process to request critical events without limitation.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	Allows a process to request reliable delivery of all events on
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	any event queue.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40
6073 47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 5331 diff changeset	41	privilege PRIV_CONTRACT_IDENTITY
6784 79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	42
6073 47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 5331 diff changeset	43	Allows a process to set the service FMRI value of a process
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 5331 diff changeset	44	contract template.
47f6aa7a8077 PSARC 2008/046 Process Contract Decorations acruz parents: 5331 diff changeset	45
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	privilege PRIV_CONTRACT_OBSERVER
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	47
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	48	Allows a process to observe contract events generated by
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49	contracts created and owned by users other than the process's
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50	effective user ID.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	Allows a process to open contract event endpoints belonging to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52	contracts created and owned by users other than the process's
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53	effective user ID.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	privilege PRIV_CPC_CPU
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57	Allow a process to access per-CPU hardware performance counters.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	privilege PRIV_DTRACE_KERNEL
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	Allows DTrace kernel-level tracing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63	privilege PRIV_DTRACE_PROC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	Allows DTrace process-level tracing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66	Allows process-level tracing probes to be placed and enabled in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67	processes to which the user has permissions.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	privilege PRIV_DTRACE_USER
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71	Allows DTrace user-level tracing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	Allows use of the syscall and profile DTrace providers to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	examine processes to which the user has permissions.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	privilege PRIV_FILE_CHOWN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	Allows a process to change a file's owner user ID.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	Allows a process to change a file's group ID to one other than
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	the process' effective group ID or one of the process'
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	supplemental group IDs.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	privilege PRIV_FILE_CHOWN_SELF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	Allows a process to give away its files; a process with this
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	in effect.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	privilege PRIV_FILE_DAC_EXECUTE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90	Allows a process to execute an executable file whose permission
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	bits or ACL do not allow the process execute permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	privilege PRIV_FILE_DAC_READ
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	Allows a process to read a file or directory whose permission
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96	bits or ACL do not allow the process read permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98	privilege PRIV_FILE_DAC_SEARCH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	Allows a process to search a directory whose permission bits or
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	ACL do not allow the process search permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	privilege PRIV_FILE_DAC_WRITE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	Allows a process to write a file or directory whose permission
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106	bits or ACL do not allow the process write permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	In order to write files owned by uid 0 in the absence of an
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	effective uid of 0 ALL privileges are required.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	110	privilege PRIV_FILE_DOWNGRADE_SL
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	111
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	112	Allows a process to set the sensitivity label of a file or
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	113	directory to a sensitivity label that does not dominate the
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	114	existing sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	115	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	116	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	117
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	basic privilege PRIV_FILE_LINK_ANY
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	Allows a process to create hardlinks to files owned by a uid
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121	different from the process' effective uid.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	privilege PRIV_FILE_OWNER
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	Allows a process which is not the owner of a file or directory
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126	to perform the following operations that are normally permitted
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	only for the file owner: modify that file's access and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	modification times; remove or rename a file or directory whose
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	parent directory has the ``save text image after execution''
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130	(sticky) bit set; mount a ``namefs'' upon a file; modify
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	permission bits or ACL except for the set-uid and set-gid
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132	bits.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	privilege PRIV_FILE_SETID
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136	Allows a process to change the ownership of a file or write to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	a file without the set-user-ID and set-group-ID bits being
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138	cleared.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	Allows a process to set the set-group-ID bit on a file or
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	directory whose group is not the process' effective group or
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	one of the process' supplemental groups.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142	Allows a process to set the set-user-ID bit on a file with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143	different ownership in the presence of PRIV_FILE_OWNER.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	Additional restrictions apply when creating or modifying a
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145	set-uid 0 file.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	147	privilege PRIV_FILE_UPGRADE_SL
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	148
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	149	Allows a process to set the sensitivity label of a file or
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	150	directory to a sensitivity label that dominates the existing
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	151	sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	152	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	153	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	154
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	155	privilege PRIV_FILE_FLAG_SET
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	156
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	157	Allows a process to set immutable, nounlink or appendonly
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	158	file attributes.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	159
1862 5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	160	privilege PRIV_GRAPHICS_ACCESS
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161
1862 5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	162	Allows a process to make privileged ioctls to graphics devices.
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	163	Typically only xserver process needs to have this privilege.
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	164	A process with this privilege is also allowed to perform
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	165	privileged graphics device mappings.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	166
1862 5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	167	privilege PRIV_GRAPHICS_MAP
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	168
1862 5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	169	Allows a process to perform privileged mappings through a
5dbf296c1e57 PSARC/2006/218 GART privilege updates casper parents: 1676 diff changeset	170	graphics device.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	171
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172	privilege PRIV_IPC_DAC_READ
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	Allows a process to read a System V IPC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	Message Queue, Semaphore Set, or Shared Memory Segment whose
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	permission bits do not allow the process read permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	Allows a process to read remote shared memory whose
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	permission bits do not allow the process read permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180	privilege PRIV_IPC_DAC_WRITE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182	Allows a process to write a System V IPC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	Message Queue, Semaphore Set, or Shared Memory Segment whose
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	permission bits do not allow the process write permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185	Allows a process to read remote shared memory whose
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	permission bits do not allow the process write permission.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187	Additional restrictions apply if the owner of the object has uid 0
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188	and the effective uid of the current process is not 0.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190	privilege PRIV_IPC_OWNER
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	Allows a process which is not the owner of a System
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193	V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	194	remove, change ownership of, or change permission bits of the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	Message Queue, Semaphore Set, or Shared Memory Segment.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196	Additional restrictions apply if the owner of the object has uid 0
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197	and the effective uid of the current process is not 0.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	199	privilege PRIV_NET_BINDMLP
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	200
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	201	Allow a process to bind to a port that is configured as a
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	202	multi-level port(MLP) for the process's zone. This privilege
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	203	applies to both shared address and zone-specific address MLPs.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	204	See tnzonecfg(4) from the Trusted Extensions manual pages for
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	205	information on configuring MLP ports.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	206	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	207	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	208
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209	privilege PRIV_NET_ICMPACCESS
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211	Allows a process to send and receive ICMP packets.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	213	privilege PRIV_NET_MAC_AWARE
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	214
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	215	Allows a process to set NET_MAC_AWARE process flag by using
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	216	setpflags(2). This privilege also allows a process to set
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	217	SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	218	The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	219	option both allow a local process to communicate with an
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	220	unlabeled peer if the local process' label dominates the
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	221	peer's default label, or if the local process runs in the
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	222	global zone.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	223	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	224	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	225
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	privilege PRIV_NET_PRIVADDR
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228	Allows a process to bind to a privileged port
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229	number. The privilege port numbers are 1-1023 (the traditional
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	UNIX privileged ports) as well as those ports marked as
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	231	"udp/tcp_extra_priv_ports" with the exception of the ports
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232	reserved for use by NFS.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	233
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234	privilege PRIV_NET_RAWACCESS
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	236	Allows a process to have direct access to the network layer.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	237
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	238	unsafe privilege PRIV_PROC_AUDIT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	240	Allows a process to generate audit records.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241	Allows a process to get its own audit pre-selection information.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243	privilege PRIV_PROC_CHROOT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245	Allows a process to change its root directory.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	privilege PRIV_PROC_CLOCK_HIGHRES
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249	Allows a process to use high resolution timers.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251	basic privilege PRIV_PROC_EXEC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	Allows a process to call execve().
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255	basic privilege PRIV_PROC_FORK
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257	Allows a process to call fork1()/forkall()/vfork()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259	basic privilege PRIV_PROC_INFO
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	Allows a process to examine the status of processes other
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	than those it can send signals to. Processes which cannot
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263	be examined cannot be seen in /proc and appear not to exist.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	privilege PRIV_PROC_LOCK_MEMORY
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267	Allows a process to lock pages in physical memory.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269	privilege PRIV_PROC_OWNER
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	Allows a process to send signals to other processes, inspect
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	and modify process state to other processes regardless of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	273	ownership. When modifying another process, additional
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	274	restrictions apply: the effective privilege set of the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275	attaching process must be a superset of the target process'
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276	effective, permitted and inheritable sets; the limit set must
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277	be a superset of the target's limit set; if the target process
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278	has any uid set to 0 all privilege must be asserted unless the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279	effective uid is 0.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	Allows a process to bind arbitrary processes to CPUs.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	privilege PRIV_PROC_PRIOCNTL
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	Allows a process to elevate its priority above its current level.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	Allows a process to change its scheduling class to any scheduling class,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	including the RT class.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288	basic privilege PRIV_PROC_SESSION
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	Allows a process to send signals or trace processes outside its
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	session.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	unsafe privilege PRIV_PROC_SETID
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295	Allows a process to set its uids at will.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	Assuming uid 0 requires all privileges to be asserted.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	privilege PRIV_PROC_TASKID
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	Allows a process to assign a new task ID to the calling process.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302	privilege PRIV_PROC_ZONE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	Allows a process to trace or send signals to processes in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305	other zones.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307	privilege PRIV_SYS_ACCT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309	Allows a process to enable and disable and manage accounting through
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	310	acct(2), getacct(2), putacct(2) and wracct(2).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	privilege PRIV_SYS_ADMIN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	313
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	314	Allows a process to perform system administration tasks such
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	315	as setting node and domain name and specifying nscd and coreadm
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	316	settings.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	317
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	318	privilege PRIV_SYS_AUDIT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	319
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	320	Allows a process to start the (kernel) audit daemon.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	321	Allows a process to view and set audit state (audit user ID,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	322	audit terminal ID, audit sessions ID, audit pre-selection mask).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	323	Allows a process to turn off and on auditing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	324	Allows a process to configure the audit parameters (cache and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	325	queue sizes, event to class mappings, policy options).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	326
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	327	privilege PRIV_SYS_CONFIG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	328
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	329	Allows a process to perform various system configuration tasks.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	330	Allows a process to add and remove swap devices; when adding a swap
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	331	device, a process must also have sufficient privileges to read from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	332	and write to the swap device.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	333
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	334	privilege PRIV_SYS_DEVICES
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	335
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	336	Allows a process to successfully call a kernel module that
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	337	calls the kernel drv_priv(9F) function to check for allowed
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	338	access.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	339	Allows a process to open the real console device directly.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	340	Allows a process to open devices that have been exclusively opened.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	341
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	342	privilege PRIV_SYS_IPC_CONFIG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	343
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	344	Allows a process to increase the size of a System V IPC Message
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	345	Queue buffer.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	346
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	347	privilege PRIV_SYS_LINKDIR
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	348
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	349	Allows a process to unlink and link directories.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	350
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	351	privilege PRIV_SYS_MOUNT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	352
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	353	Allows filesystem specific administrative procedures, such as
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	354	filesystem configuration ioctls, quota calls and creation/deletion
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	355	of snapshots.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	356	Allows a process to mount and unmount filesystems which would
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	357	otherwise be restricted (i.e., most filesystems except
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	358	namefs).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	359	A process performing a mount operation needs to have
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	360	appropriate access to the device being mounted (read-write for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	361	"rw" mounts, read for "ro" mounts).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	362	A process performing any of the aforementioned
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	363	filesystem operations needs to have read/write/owner
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	364	access to the mount point.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	365	Only regular files and directories can serve as mount points
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	366	for processes which do not have all zone privileges asserted.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	367	Unless a process has all zone privileges, the mount(2)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	368	system call will force the "nosuid" and "restrict" options, the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	369	latter only for autofs mountpoints.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	370	Regardless of privileges, a process running in a non-global zone may
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	only control mounts performed from within said zone.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372	Outside the global zone, the "nodevices" option is always forced.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	373
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	374	privilege PRIV_SYS_DL_CONFIG
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	375
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	376	Allows a process to configure a system's datalink interfaces.
eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	377
3448 aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 1862 diff changeset	378	privilege PRIV_SYS_IP_CONFIG
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	380	Allows a process to configure a system's IP interfaces and routes.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	Allows a process to configure network parameters using ndd.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382	Allows a process access to otherwise restricted information using ndd.
3448 aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 1862 diff changeset	383	Allows a process to configure IPsec.
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 1862 diff changeset	384	Allows a process to pop anchored STREAMs modules with matching zoneid.
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 1862 diff changeset	385
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 1862 diff changeset	386	privilege PRIV_SYS_NET_CONFIG
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 1862 diff changeset	387
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 6784 diff changeset	388	Allows all that PRIV_SYS_IP_CONFIG and PRIV_SYS_DL_CONFIG allow.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389	Allows a process to push the rpcmod STREAMs module.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	Allows a process to INSERT/REMOVE STREAMs modules on locations other
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	391	than the top of the module stack.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	392
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	393	privilege PRIV_SYS_NFS
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	394
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	395	Allows a process to perform Sun private NFS specific system calls.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	396	Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	397	and port 4045 (lockd).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	398
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	399	privilege PRIV_SYS_RES_CONFIG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	400
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	401	Allows a process to create and delete processor sets, assign
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	402	CPUs to processor sets and override the PSET_NOESCAPE property.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	403	Allows a process to change the operational status of CPUs in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	404	the system using p_online(2).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	405	Allows a process to configure resource pools and to bind
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	406	processes to pools
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	407
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	408	unsafe privilege PRIV_SYS_RESOURCE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	409
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	410	Allows a process to modify the resource limits specified
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	411	by setrlimit(2) and setrctl(2) without restriction.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	412	Allows a process to exceed the per-user maximum number of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	413	processes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	414	Allows a process to extend or create files on a filesystem that
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	415	has less than minfree space in reserve.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	416
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	417	privilege PRIV_SYS_SMB
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	418
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	419	Allows a process to access the Sun private SMB kernel module.
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	420	Allows a process to bind to ports reserved by NetBIOS and SMB:
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	421	ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	422	Session Service and SMB-over-NBT) and 445 (SMB-over-TCP).
3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 3448 diff changeset	423
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	424	privilege PRIV_SYS_SUSER_COMPAT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	425
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	426	Allows a process to successfully call a third party loadable module
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	427	that calls the kernel suser() function to check for allowed access.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	428	This privilege exists only for third party loadable module
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	429	compatibility and is not used by Solaris proper.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	430
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	431	privilege PRIV_SYS_TIME
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	432
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	433	Allows a process to manipulate system time using any of the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	434	appropriate system calls: stime, adjtime, ntp_adjtime and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	435	the IA specific RTC calls.
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	436
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	437	privilege PRIV_SYS_TRANS_LABEL
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	438
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	439	Allows a process to translate labels that are not dominated
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	440	by the process' sensitivity label to and from an external
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	441	string form.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	442	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	443	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	444
6784 79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	445	privilege PRIV_VIRT_MANAGE
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	446
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	447	Allows a process to manage virtualized environments such as
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	448	xVM(5).
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	449
1676 37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	450	privilege PRIV_WIN_COLORMAP
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	451
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	452	Allows a process to override colormap restrictions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	453	Allows a process to install or remove colormaps.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	454	Allows a process to retrieve colormap cell entries allocated
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	455	by other processes.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	456	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	457	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	458
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	459	privilege PRIV_WIN_CONFIG
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	460
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	461	Allows a process to configure or destroy resources that are
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	462	permanently retained by the X server.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	463	Allows a process to use SetScreenSaver to set the screen
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	464	saver timeout value.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	465	Allows a process to use ChangeHosts to modify the display
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	466	access control list.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	467	Allows a process to use GrabServer.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	468	Allows a process to use the SetCloseDownMode request which
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	469	may retain window, pixmap, colormap, property, cursor, font,
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	470	or graphic context resources.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	471	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	472	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	473
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	474	privilege PRIV_WIN_DAC_READ
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	475
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	476	Allows a process to read from a window resource that it does
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	477	not own (has a different user ID).
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	478	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	479	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	480
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	481	privilege PRIV_WIN_DAC_WRITE
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	482
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	483	Allows a process to write to or create a window resource that
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	484	it does not own (has a different user ID). A newly created
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	485	window property is created with the window's user ID.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	486	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	487	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	488
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	489	privilege PRIV_WIN_DEVICES
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	490
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	491	Allows a process to perform operations on window input devices.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	492	Allows a process to get and set keyboard and pointer controls.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	493	Allows a process to modify pointer button and key mappings.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	494	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	495	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	496
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	497	privilege PRIV_WIN_DGA
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	498
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	499	Allows a process to use the direct graphics access (DGA) X protocol
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	500	extensions. Direct process access to the frame buffer is still
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	501	required. Thus the process must have MAC and DAC privileges that
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	502	allow access to the frame buffer, or the frame buffer must be
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	503	allocated to the process.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	504	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	505	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	506
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	507	privilege PRIV_WIN_DOWNGRADE_SL
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	508
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	509	Allows a process to set the sensitivity label of a window resource
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	510	to a sensitivity label that does not dominate the existing
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	511	sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	512	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	513	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	514
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	515	privilege PRIV_WIN_FONTPATH
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	516
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	517	Allows a process to set a font path.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	518	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	519	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	520
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	521	privilege PRIV_WIN_MAC_READ
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	522
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	523	Allows a process to read from a window resource whose sensitivity
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	524	label is not equal to the process sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	525	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	526	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	527
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	528	privilege PRIV_WIN_MAC_WRITE
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	529
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	530	Allows a process to create a window resource whose sensitivity
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	531	label is not equal to the process sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	532	A newly created window property is created with the window's
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	533	sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	534	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	535	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	536
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	537	privilege PRIV_WIN_SELECTION
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	538
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	539	Allows a process to request inter-window data moves without the
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	540	intervention of the selection confirmer.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	541	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	542	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	543
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	544	privilege PRIV_WIN_UPGRADE_SL
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	545
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	546	Allows a process to set the sensitivity label of a window
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	547	resource to a sensitivity label that dominates the existing
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	548	sensitivity label.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	549	This privilege is interpreted only if the system is configured
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	550	with Trusted Extensions.
37f4a3e2bd99 PSARC/2002/762 Layered Trusted Solaris jpk parents: 0 diff changeset	551
6784 79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	552	privilege PRIV_XVM_CONTROL
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	553
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	554	Allows a process access to the xVM(5) control devices for
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	555	managing guest domains and the hypervisor. This privilege is
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	556	used only if booted into xVM on x86 platforms.
79a9dac325d9 PSARC 2008/289 Least Privilege for xVM johnlev parents: 6073 diff changeset	557
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	558	set PRIV_EFFECTIVE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	559
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	560	Set of privileges currently in effect.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	561
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	562	set PRIV_INHERITABLE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	563
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	564	Set of privileges that comes into effect on exec.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	565
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	566	set PRIV_PERMITTED
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	567
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	568	Set of privileges that can be put into the effective set without
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	569	restriction.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	570
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	571	set PRIV_LIMIT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	572
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	573	Set of privileges that determines the absolute upper bound of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	574	privileges this process and its off-spring can obtain.

author	Sebastien Roy <Sebastien.Roy@Sun.COM>
	Tue, 26 Aug 2008 19:16:34 -0400
changeset 7408	eff7960d93cd
parent 6784	79a9dac325d9
child 8023	faf256d5c16c
permissions	-rw-r--r--