author | Sebastien Roy <Sebastien.Roy@Sun.COM> |
Tue, 26 Aug 2008 19:16:34 -0400 | |
changeset 7408 | eff7960d93cd |
parent 6784 | 79a9dac325d9 |
child 8023 | faf256d5c16c |
permissions | -rw-r--r-- |
0 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
1676 | 5 |
* Common Development and Distribution License (the "License"). |
6 |
* You may not use this file except in compliance with the License. |
|
0 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
6073 | 22 |
* Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
0 | 23 |
* Use is subject to license terms. |
24 |
* |
|
25 |
INSERT COMMENT |
|
26 |
*/ |
|
27 |
||
28 |
# |
|
29 |
# Privileges can be added to this file at any location, not |
|
30 |
# necessarily at the end. For patches, it is probably best to |
|
31 |
# add the new privilege at the end; for ordinary releases privileges |
|
32 |
# should be ordered alphabetically. |
|
33 |
# |
|
34 |
||
35 |
privilege PRIV_CONTRACT_EVENT |
|
36 |
||
37 |
Allows a process to request critical events without limitation. |
|
38 |
Allows a process to request reliable delivery of all events on |
|
39 |
any event queue. |
|
40 |
||
6073 | 41 |
privilege PRIV_CONTRACT_IDENTITY |
6784 | 42 |
|
6073 | 43 |
Allows a process to set the service FMRI value of a process |
44 |
contract template. |
|
45 |
||
0 | 46 |
privilege PRIV_CONTRACT_OBSERVER |
47 |
||
48 |
Allows a process to observe contract events generated by |
|
49 |
contracts created and owned by users other than the process's |
|
50 |
effective user ID. |
|
51 |
Allows a process to open contract event endpoints belonging to |
|
52 |
contracts created and owned by users other than the process's |
|
53 |
effective user ID. |
|
54 |
||
55 |
privilege PRIV_CPC_CPU |
|
56 |
||
57 |
Allow a process to access per-CPU hardware performance counters. |
|
58 |
||
59 |
privilege PRIV_DTRACE_KERNEL |
|
60 |
||
61 |
Allows DTrace kernel-level tracing. |
|
62 |
||
63 |
privilege PRIV_DTRACE_PROC |
|
64 |
||
65 |
Allows DTrace process-level tracing. |
|
66 |
Allows process-level tracing probes to be placed and enabled in |
|
67 |
processes to which the user has permissions. |
|
68 |
||
69 |
privilege PRIV_DTRACE_USER |
|
70 |
||
71 |
Allows DTrace user-level tracing. |
|
72 |
Allows use of the syscall and profile DTrace providers to |
|
73 |
examine processes to which the user has permissions. |
|
74 |
||
75 |
privilege PRIV_FILE_CHOWN |
|
76 |
||
77 |
Allows a process to change a file's owner user ID. |
|
78 |
Allows a process to change a file's group ID to one other than |
|
79 |
the process' effective group ID or one of the process' |
|
80 |
supplemental group IDs. |
|
81 |
||
82 |
privilege PRIV_FILE_CHOWN_SELF |
|
83 |
||
84 |
Allows a process to give away its files; a process with this |
|
85 |
privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not |
|
86 |
in effect. |
|
87 |
||
88 |
privilege PRIV_FILE_DAC_EXECUTE |
|
89 |
||
90 |
Allows a process to execute an executable file whose permission |
|
91 |
bits or ACL do not allow the process execute permission. |
|
92 |
||
93 |
privilege PRIV_FILE_DAC_READ |
|
94 |
||
95 |
Allows a process to read a file or directory whose permission |
|
96 |
bits or ACL do not allow the process read permission. |
|
97 |
||
98 |
privilege PRIV_FILE_DAC_SEARCH |
|
99 |
||
100 |
Allows a process to search a directory whose permission bits or |
|
101 |
ACL do not allow the process search permission. |
|
102 |
||
103 |
privilege PRIV_FILE_DAC_WRITE |
|
104 |
||
105 |
Allows a process to write a file or directory whose permission |
|
106 |
bits or ACL do not allow the process write permission. |
|
107 |
In order to write files owned by uid 0 in the absence of an |
|
108 |
effective uid of 0 ALL privileges are required. |
|
109 |
||
1676 | 110 |
privilege PRIV_FILE_DOWNGRADE_SL |
111 |
||
112 |
Allows a process to set the sensitivity label of a file or |
|
113 |
directory to a sensitivity label that does not dominate the |
|
114 |
existing sensitivity label. |
|
115 |
This privilege is interpreted only if the system is configured |
|
116 |
with Trusted Extensions. |
|
117 |
||
0 | 118 |
basic privilege PRIV_FILE_LINK_ANY |
119 |
||
120 |
Allows a process to create hardlinks to files owned by a uid |
|
121 |
different from the process' effective uid. |
|
122 |
||
123 |
privilege PRIV_FILE_OWNER |
|
124 |
||
125 |
Allows a process which is not the owner of a file or directory |
|
126 |
to perform the following operations that are normally permitted |
|
127 |
only for the file owner: modify that file's access and |
|
128 |
modification times; remove or rename a file or directory whose |
|
129 |
parent directory has the ``save text image after execution'' |
|
130 |
(sticky) bit set; mount a ``namefs'' upon a file; modify |
|
131 |
permission bits or ACL except for the set-uid and set-gid |
|
132 |
bits. |
|
133 |
||
134 |
privilege PRIV_FILE_SETID |
|
135 |
||
136 |
Allows a process to change the ownership of a file or write to |
|
137 |
a file without the set-user-ID and set-group-ID bits being |
|
138 |
cleared. |
|
139 |
Allows a process to set the set-group-ID bit on a file or |
|
140 |
directory whose group is not the process' effective group or |
|
141 |
one of the process' supplemental groups. |
|
142 |
Allows a process to set the set-user-ID bit on a file with |
|
143 |
different ownership in the presence of PRIV_FILE_OWNER. |
|
144 |
Additional restrictions apply when creating or modifying a |
|
145 |
set-uid 0 file. |
|
146 |
||
1676 | 147 |
privilege PRIV_FILE_UPGRADE_SL |
148 |
||
149 |
Allows a process to set the sensitivity label of a file or |
|
150 |
directory to a sensitivity label that dominates the existing |
|
151 |
sensitivity label. |
|
152 |
This privilege is interpreted only if the system is configured |
|
153 |
with Trusted Extensions. |
|
154 |
||
5331 | 155 |
privilege PRIV_FILE_FLAG_SET |
156 |
||
157 |
Allows a process to set immutable, nounlink or appendonly |
|
158 |
file attributes. |
|
159 |
||
1862 | 160 |
privilege PRIV_GRAPHICS_ACCESS |
0 | 161 |
|
1862 | 162 |
Allows a process to make privileged ioctls to graphics devices. |
163 |
Typically only xserver process needs to have this privilege. |
|
164 |
A process with this privilege is also allowed to perform |
|
165 |
privileged graphics device mappings. |
|
0 | 166 |
|
1862 | 167 |
privilege PRIV_GRAPHICS_MAP |
0 | 168 |
|
1862 | 169 |
Allows a process to perform privileged mappings through a |
170 |
graphics device. |
|
0 | 171 |
|
172 |
privilege PRIV_IPC_DAC_READ |
|
173 |
||
174 |
Allows a process to read a System V IPC |
|
175 |
Message Queue, Semaphore Set, or Shared Memory Segment whose |
|
176 |
permission bits do not allow the process read permission. |
|
177 |
Allows a process to read remote shared memory whose |
|
178 |
permission bits do not allow the process read permission. |
|
179 |
||
180 |
privilege PRIV_IPC_DAC_WRITE |
|
181 |
||
182 |
Allows a process to write a System V IPC |
|
183 |
Message Queue, Semaphore Set, or Shared Memory Segment whose |
|
184 |
permission bits do not allow the process write permission. |
|
185 |
Allows a process to read remote shared memory whose |
|
186 |
permission bits do not allow the process write permission. |
|
187 |
Additional restrictions apply if the owner of the object has uid 0 |
|
188 |
and the effective uid of the current process is not 0. |
|
189 |
||
190 |
privilege PRIV_IPC_OWNER |
|
191 |
||
192 |
Allows a process which is not the owner of a System |
|
193 |
V IPC Message Queue, Semaphore Set, or Shared Memory Segment to |
|
194 |
remove, change ownership of, or change permission bits of the |
|
195 |
Message Queue, Semaphore Set, or Shared Memory Segment. |
|
196 |
Additional restrictions apply if the owner of the object has uid 0 |
|
197 |
and the effective uid of the current process is not 0. |
|
198 |
||
1676 | 199 |
privilege PRIV_NET_BINDMLP |
200 |
||
201 |
Allow a process to bind to a port that is configured as a |
|
202 |
multi-level port(MLP) for the process's zone. This privilege |
|
203 |
applies to both shared address and zone-specific address MLPs. |
|
204 |
See tnzonecfg(4) from the Trusted Extensions manual pages for |
|
205 |
information on configuring MLP ports. |
|
206 |
This privilege is interpreted only if the system is configured |
|
207 |
with Trusted Extensions. |
|
208 |
||
0 | 209 |
privilege PRIV_NET_ICMPACCESS |
210 |
||
211 |
Allows a process to send and receive ICMP packets. |
|
212 |
||
1676 | 213 |
privilege PRIV_NET_MAC_AWARE |
214 |
||
215 |
Allows a process to set NET_MAC_AWARE process flag by using |
|
216 |
setpflags(2). This privilege also allows a process to set |
|
217 |
SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET). |
|
218 |
The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket |
|
219 |
option both allow a local process to communicate with an |
|
220 |
unlabeled peer if the local process' label dominates the |
|
221 |
peer's default label, or if the local process runs in the |
|
222 |
global zone. |
|
223 |
This privilege is interpreted only if the system is configured |
|
224 |
with Trusted Extensions. |
|
225 |
||
0 | 226 |
privilege PRIV_NET_PRIVADDR |
227 |
||
228 |
Allows a process to bind to a privileged port |
|
229 |
number. The privilege port numbers are 1-1023 (the traditional |
|
230 |
UNIX privileged ports) as well as those ports marked as |
|
231 |
"udp/tcp_extra_priv_ports" with the exception of the ports |
|
232 |
reserved for use by NFS. |
|
233 |
||
234 |
privilege PRIV_NET_RAWACCESS |
|
235 |
||
236 |
Allows a process to have direct access to the network layer. |
|
237 |
||
238 |
unsafe privilege PRIV_PROC_AUDIT |
|
239 |
||
240 |
Allows a process to generate audit records. |
|
241 |
Allows a process to get its own audit pre-selection information. |
|
242 |
||
243 |
privilege PRIV_PROC_CHROOT |
|
244 |
||
245 |
Allows a process to change its root directory. |
|
246 |
||
247 |
privilege PRIV_PROC_CLOCK_HIGHRES |
|
248 |
||
249 |
Allows a process to use high resolution timers. |
|
250 |
||
251 |
basic privilege PRIV_PROC_EXEC |
|
252 |
||
253 |
Allows a process to call execve(). |
|
254 |
||
255 |
basic privilege PRIV_PROC_FORK |
|
256 |
||
257 |
Allows a process to call fork1()/forkall()/vfork() |
|
258 |
||
259 |
basic privilege PRIV_PROC_INFO |
|
260 |
||
261 |
Allows a process to examine the status of processes other |
|
262 |
than those it can send signals to. Processes which cannot |
|
263 |
be examined cannot be seen in /proc and appear not to exist. |
|
264 |
||
265 |
privilege PRIV_PROC_LOCK_MEMORY |
|
266 |
||
267 |
Allows a process to lock pages in physical memory. |
|
268 |
||
269 |
privilege PRIV_PROC_OWNER |
|
270 |
||
271 |
Allows a process to send signals to other processes, inspect |
|
272 |
and modify process state to other processes regardless of |
|
273 |
ownership. When modifying another process, additional |
|
274 |
restrictions apply: the effective privilege set of the |
|
275 |
attaching process must be a superset of the target process' |
|
276 |
effective, permitted and inheritable sets; the limit set must |
|
277 |
be a superset of the target's limit set; if the target process |
|
278 |
has any uid set to 0 all privilege must be asserted unless the |
|
279 |
effective uid is 0. |
|
280 |
Allows a process to bind arbitrary processes to CPUs. |
|
281 |
||
282 |
privilege PRIV_PROC_PRIOCNTL |
|
283 |
||
284 |
Allows a process to elevate its priority above its current level. |
|
285 |
Allows a process to change its scheduling class to any scheduling class, |
|
286 |
including the RT class. |
|
287 |
||
288 |
basic privilege PRIV_PROC_SESSION |
|
289 |
||
290 |
Allows a process to send signals or trace processes outside its |
|
291 |
session. |
|
292 |
||
293 |
unsafe privilege PRIV_PROC_SETID |
|
294 |
||
295 |
Allows a process to set its uids at will. |
|
296 |
Assuming uid 0 requires all privileges to be asserted. |
|
297 |
||
298 |
privilege PRIV_PROC_TASKID |
|
299 |
||
300 |
Allows a process to assign a new task ID to the calling process. |
|
301 |
||
302 |
privilege PRIV_PROC_ZONE |
|
303 |
||
304 |
Allows a process to trace or send signals to processes in |
|
305 |
other zones. |
|
306 |
||
307 |
privilege PRIV_SYS_ACCT |
|
308 |
||
309 |
Allows a process to enable and disable and manage accounting through |
|
310 |
acct(2), getacct(2), putacct(2) and wracct(2). |
|
311 |
||
312 |
privilege PRIV_SYS_ADMIN |
|
313 |
||
314 |
Allows a process to perform system administration tasks such |
|
315 |
as setting node and domain name and specifying nscd and coreadm |
|
316 |
settings. |
|
317 |
||
318 |
privilege PRIV_SYS_AUDIT |
|
319 |
||
320 |
Allows a process to start the (kernel) audit daemon. |
|
321 |
Allows a process to view and set audit state (audit user ID, |
|
322 |
audit terminal ID, audit sessions ID, audit pre-selection mask). |
|
323 |
Allows a process to turn off and on auditing. |
|
324 |
Allows a process to configure the audit parameters (cache and |
|
325 |
queue sizes, event to class mappings, policy options). |
|
326 |
||
327 |
privilege PRIV_SYS_CONFIG |
|
328 |
||
329 |
Allows a process to perform various system configuration tasks. |
|
330 |
Allows a process to add and remove swap devices; when adding a swap |
|
331 |
device, a process must also have sufficient privileges to read from |
|
332 |
and write to the swap device. |
|
333 |
||
334 |
privilege PRIV_SYS_DEVICES |
|
335 |
||
336 |
Allows a process to successfully call a kernel module that |
|
337 |
calls the kernel drv_priv(9F) function to check for allowed |
|
338 |
access. |
|
339 |
Allows a process to open the real console device directly. |
|
340 |
Allows a process to open devices that have been exclusively opened. |
|
341 |
||
342 |
privilege PRIV_SYS_IPC_CONFIG |
|
343 |
||
344 |
Allows a process to increase the size of a System V IPC Message |
|
345 |
Queue buffer. |
|
346 |
||
347 |
privilege PRIV_SYS_LINKDIR |
|
348 |
||
349 |
Allows a process to unlink and link directories. |
|
350 |
||
351 |
privilege PRIV_SYS_MOUNT |
|
352 |
||
353 |
Allows filesystem specific administrative procedures, such as |
|
354 |
filesystem configuration ioctls, quota calls and creation/deletion |
|
355 |
of snapshots. |
|
356 |
Allows a process to mount and unmount filesystems which would |
|
357 |
otherwise be restricted (i.e., most filesystems except |
|
358 |
namefs). |
|
359 |
A process performing a mount operation needs to have |
|
360 |
appropriate access to the device being mounted (read-write for |
|
361 |
"rw" mounts, read for "ro" mounts). |
|
362 |
A process performing any of the aforementioned |
|
363 |
filesystem operations needs to have read/write/owner |
|
364 |
access to the mount point. |
|
365 |
Only regular files and directories can serve as mount points |
|
366 |
for processes which do not have all zone privileges asserted. |
|
367 |
Unless a process has all zone privileges, the mount(2) |
|
368 |
system call will force the "nosuid" and "restrict" options, the |
|
369 |
latter only for autofs mountpoints. |
|
370 |
Regardless of privileges, a process running in a non-global zone may |
|
371 |
only control mounts performed from within said zone. |
|
372 |
Outside the global zone, the "nodevices" option is always forced. |
|
373 |
||
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
6784
diff
changeset
|
374 |
privilege PRIV_SYS_DL_CONFIG |
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
6784
diff
changeset
|
375 |
|
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
6784
diff
changeset
|
376 |
Allows a process to configure a system's datalink interfaces. |
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
6784
diff
changeset
|
377 |
|
3448 | 378 |
privilege PRIV_SYS_IP_CONFIG |
0 | 379 |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
6784
diff
changeset
|
380 |
Allows a process to configure a system's IP interfaces and routes. |
0 | 381 |
Allows a process to configure network parameters using ndd. |
382 |
Allows a process access to otherwise restricted information using ndd. |
|
3448 | 383 |
Allows a process to configure IPsec. |
384 |
Allows a process to pop anchored STREAMs modules with matching zoneid. |
|
385 |
||
386 |
privilege PRIV_SYS_NET_CONFIG |
|
387 |
||
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
6784
diff
changeset
|
388 |
Allows all that PRIV_SYS_IP_CONFIG and PRIV_SYS_DL_CONFIG allow. |
0 | 389 |
Allows a process to push the rpcmod STREAMs module. |
390 |
Allows a process to INSERT/REMOVE STREAMs modules on locations other |
|
391 |
than the top of the module stack. |
|
392 |
||
393 |
privilege PRIV_SYS_NFS |
|
394 |
||
395 |
Allows a process to perform Sun private NFS specific system calls. |
|
396 |
Allows a process to bind to ports reserved by NFS: ports 2049 (nfs) |
|
397 |
and port 4045 (lockd). |
|
398 |
||
399 |
privilege PRIV_SYS_RES_CONFIG |
|
400 |
||
401 |
Allows a process to create and delete processor sets, assign |
|
402 |
CPUs to processor sets and override the PSET_NOESCAPE property. |
|
403 |
Allows a process to change the operational status of CPUs in |
|
404 |
the system using p_online(2). |
|
405 |
Allows a process to configure resource pools and to bind |
|
406 |
processes to pools |
|
407 |
||
408 |
unsafe privilege PRIV_SYS_RESOURCE |
|
409 |
||
410 |
Allows a process to modify the resource limits specified |
|
411 |
by setrlimit(2) and setrctl(2) without restriction. |
|
412 |
Allows a process to exceed the per-user maximum number of |
|
413 |
processes. |
|
414 |
Allows a process to extend or create files on a filesystem that |
|
415 |
has less than minfree space in reserve. |
|
416 |
||
5331 | 417 |
privilege PRIV_SYS_SMB |
418 |
||
419 |
Allows a process to access the Sun private SMB kernel module. |
|
420 |
Allows a process to bind to ports reserved by NetBIOS and SMB: |
|
421 |
ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS |
|
422 |
Session Service and SMB-over-NBT) and 445 (SMB-over-TCP). |
|
423 |
||
0 | 424 |
privilege PRIV_SYS_SUSER_COMPAT |
425 |
||
426 |
Allows a process to successfully call a third party loadable module |
|
427 |
that calls the kernel suser() function to check for allowed access. |
|
428 |
This privilege exists only for third party loadable module |
|
429 |
compatibility and is not used by Solaris proper. |
|
430 |
||
431 |
privilege PRIV_SYS_TIME |
|
432 |
||
433 |
Allows a process to manipulate system time using any of the |
|
434 |
appropriate system calls: stime, adjtime, ntp_adjtime and |
|
435 |
the IA specific RTC calls. |
|
1676 | 436 |
|
437 |
privilege PRIV_SYS_TRANS_LABEL |
|
438 |
||
439 |
Allows a process to translate labels that are not dominated |
|
440 |
by the process' sensitivity label to and from an external |
|
441 |
string form. |
|
442 |
This privilege is interpreted only if the system is configured |
|
443 |
with Trusted Extensions. |
|
444 |
||
6784 | 445 |
privilege PRIV_VIRT_MANAGE |
446 |
||
447 |
Allows a process to manage virtualized environments such as |
|
448 |
xVM(5). |
|
449 |
||
1676 | 450 |
privilege PRIV_WIN_COLORMAP |
451 |
||
452 |
Allows a process to override colormap restrictions. |
|
453 |
Allows a process to install or remove colormaps. |
|
454 |
Allows a process to retrieve colormap cell entries allocated |
|
455 |
by other processes. |
|
456 |
This privilege is interpreted only if the system is configured |
|
457 |
with Trusted Extensions. |
|
458 |
||
459 |
privilege PRIV_WIN_CONFIG |
|
460 |
||
461 |
Allows a process to configure or destroy resources that are |
|
462 |
permanently retained by the X server. |
|
463 |
Allows a process to use SetScreenSaver to set the screen |
|
464 |
saver timeout value. |
|
465 |
Allows a process to use ChangeHosts to modify the display |
|
466 |
access control list. |
|
467 |
Allows a process to use GrabServer. |
|
468 |
Allows a process to use the SetCloseDownMode request which |
|
469 |
may retain window, pixmap, colormap, property, cursor, font, |
|
470 |
or graphic context resources. |
|
471 |
This privilege is interpreted only if the system is configured |
|
472 |
with Trusted Extensions. |
|
473 |
||
474 |
privilege PRIV_WIN_DAC_READ |
|
475 |
||
476 |
Allows a process to read from a window resource that it does |
|
477 |
not own (has a different user ID). |
|
478 |
This privilege is interpreted only if the system is configured |
|
479 |
with Trusted Extensions. |
|
480 |
||
481 |
privilege PRIV_WIN_DAC_WRITE |
|
482 |
||
483 |
Allows a process to write to or create a window resource that |
|
484 |
it does not own (has a different user ID). A newly created |
|
485 |
window property is created with the window's user ID. |
|
486 |
This privilege is interpreted only if the system is configured |
|
487 |
with Trusted Extensions. |
|
488 |
||
489 |
privilege PRIV_WIN_DEVICES |
|
490 |
||
491 |
Allows a process to perform operations on window input devices. |
|
492 |
Allows a process to get and set keyboard and pointer controls. |
|
493 |
Allows a process to modify pointer button and key mappings. |
|
494 |
This privilege is interpreted only if the system is configured |
|
495 |
with Trusted Extensions. |
|
496 |
||
497 |
privilege PRIV_WIN_DGA |
|
498 |
||
499 |
Allows a process to use the direct graphics access (DGA) X protocol |
|
500 |
extensions. Direct process access to the frame buffer is still |
|
501 |
required. Thus the process must have MAC and DAC privileges that |
|
502 |
allow access to the frame buffer, or the frame buffer must be |
|
503 |
allocated to the process. |
|
504 |
This privilege is interpreted only if the system is configured |
|
505 |
with Trusted Extensions. |
|
506 |
||
507 |
privilege PRIV_WIN_DOWNGRADE_SL |
|
508 |
||
509 |
Allows a process to set the sensitivity label of a window resource |
|
510 |
to a sensitivity label that does not dominate the existing |
|
511 |
sensitivity label. |
|
512 |
This privilege is interpreted only if the system is configured |
|
513 |
with Trusted Extensions. |
|
514 |
||
515 |
privilege PRIV_WIN_FONTPATH |
|
516 |
||
517 |
Allows a process to set a font path. |
|
518 |
This privilege is interpreted only if the system is configured |
|
519 |
with Trusted Extensions. |
|
520 |
||
521 |
privilege PRIV_WIN_MAC_READ |
|
522 |
||
523 |
Allows a process to read from a window resource whose sensitivity |
|
524 |
label is not equal to the process sensitivity label. |
|
525 |
This privilege is interpreted only if the system is configured |
|
526 |
with Trusted Extensions. |
|
527 |
||
528 |
privilege PRIV_WIN_MAC_WRITE |
|
529 |
||
530 |
Allows a process to create a window resource whose sensitivity |
|
531 |
label is not equal to the process sensitivity label. |
|
532 |
A newly created window property is created with the window's |
|
533 |
sensitivity label. |
|
534 |
This privilege is interpreted only if the system is configured |
|
535 |
with Trusted Extensions. |
|
536 |
||
537 |
privilege PRIV_WIN_SELECTION |
|
538 |
||
539 |
Allows a process to request inter-window data moves without the |
|
540 |
intervention of the selection confirmer. |
|
541 |
This privilege is interpreted only if the system is configured |
|
542 |
with Trusted Extensions. |
|
543 |
||
544 |
privilege PRIV_WIN_UPGRADE_SL |
|
545 |
||
546 |
Allows a process to set the sensitivity label of a window |
|
547 |
resource to a sensitivity label that dominates the existing |
|
548 |
sensitivity label. |
|
549 |
This privilege is interpreted only if the system is configured |
|
550 |
with Trusted Extensions. |
|
551 |
||
6784 | 552 |
privilege PRIV_XVM_CONTROL |
553 |
||
554 |
Allows a process access to the xVM(5) control devices for |
|
555 |
managing guest domains and the hypervisor. This privilege is |
|
556 |
used only if booted into xVM on x86 platforms. |
|
557 |
||
0 | 558 |
set PRIV_EFFECTIVE |
559 |
||
560 |
Set of privileges currently in effect. |
|
561 |
||
562 |
set PRIV_INHERITABLE |
|
563 |
||
564 |
Set of privileges that comes into effect on exec. |
|
565 |
||
566 |
set PRIV_PERMITTED |
|
567 |
||
568 |
Set of privileges that can be put into the effective set without |
|
569 |
restriction. |
|
570 |
||
571 |
set PRIV_LIMIT |
|
572 |
||
573 |
Set of privileges that determines the absolute upper bound of |
|
574 |
privileges this process and its off-spring can obtain. |