377 * The global zone needs PRIV_PROC_FORK so that it can fork() when it |
377 * The global zone needs PRIV_PROC_FORK so that it can fork() when it |
378 * issues db ops in non-global zones, PRIV_SYS_CONFIG to post |
378 * issues db ops in non-global zones, PRIV_SYS_CONFIG to post |
379 * sysevents, and PRIV_SYS_DL_CONFIG to initialize link properties in |
379 * sysevents, and PRIV_SYS_DL_CONFIG to initialize link properties in |
380 * dlmgmt_upcall_linkprop_init(). |
380 * dlmgmt_upcall_linkprop_init(). |
381 * |
381 * |
382 * We remove all privileges from the permitted (and thus effective) |
382 * We remove non-basic privileges from the permitted (and thus |
383 * set in the non-global zone. When executing in a non-global zone, |
383 * effective) set. When executing in a non-global zone, dlmgmtd |
384 * dlmgmtd only needs to read and write to files that it already owns. |
384 * only needs to read and write to files that it already owns. |
385 */ |
385 */ |
386 priv_emptyset(pset); |
386 priv_basicset(pset); |
|
387 (void) priv_delset(pset, PRIV_PROC_EXEC); |
|
388 (void) priv_delset(pset, PRIV_PROC_INFO); |
|
389 (void) priv_delset(pset, PRIV_PROC_SESSION); |
|
390 (void) priv_delset(pset, PRIV_FILE_LINK_ANY); |
387 if (zoneid == GLOBAL_ZONEID) { |
391 if (zoneid == GLOBAL_ZONEID) { |
388 ptype = PRIV_EFFECTIVE; |
392 ptype = PRIV_EFFECTIVE; |
389 if (priv_addset(pset, PRIV_PROC_FORK) == -1 || |
393 if (priv_addset(pset, PRIV_SYS_CONFIG) == -1 || |
390 priv_addset(pset, PRIV_SYS_CONFIG) == -1 || |
|
391 priv_addset(pset, PRIV_SYS_DL_CONFIG) == -1) |
394 priv_addset(pset, PRIV_SYS_DL_CONFIG) == -1) |
392 err = errno; |
395 err = errno; |
393 } else { |
396 } else { |
|
397 (void) priv_delset(pset, PRIV_PROC_FORK); |
394 ptype = PRIV_PERMITTED; |
398 ptype = PRIV_PERMITTED; |
395 } |
399 } |
396 if (err == 0 && setppriv(PRIV_SET, ptype, pset) == -1) |
400 if (err == 0 && setppriv(PRIV_SET, ptype, pset) == -1) |
397 err = errno; |
401 err = errno; |
398 done: |
402 done: |