/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2015, Joyent, Inc. All rights reserved.
*
INSERT COMMENT
*/
#
#
effective user ID.
Allows a process to open contract event endpoints belonging to
contracts created and owned by users other than the process's
privilege PRIV_FILE_OWNER
Allows a process which is not the owner of a file or directory
to perform the following operations that are normally permitted
bits.
applies to both shared address and zone-specific address MLPs.
See tnzonecfg(4) from the Trusted Extensions manual pages for
information on configuring MLP ports.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_NET_ICMPACCESS
Allows a process to send and receive ICMP packets.
privilege PRIV_NET_MAC_AWARE
Allows a process to set NET_MAC_AWARE process flag by using
setpflags(2). This privilege also allows a process to set
SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
option both allow a local process to communicate with an
peer's default label, or if the local process runs in the
global zone.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_NET_MAC_IMPLICIT
Allows a process to set SO_MAC_IMPLICIT option by using
setsockopt(3SOCKET). This allows a privileged process to
transmit implicitly-labeled packets to a peer.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_NET_OBSERVABILITY
while not requiring them to need PRIV_NET_RAWACCESS.
privilege PRIV_NET_PRIVADDR
Allows a process to bind to a privileged port
number. The privilege port numbers are 1-1023 (the traditional
UNIX privileged ports) as well as those ports marked as
"udp/tcp_extra_priv_ports" with the exception of the ports
reserved for use by NFS.
privilege PRIV_NET_RAWACCESS
Allows a process to have direct access to the network layer.
unsafe privilege PRIV_PROC_AUDIT
Allows a process to generate audit records.
Allows a process to get its own audit pre-selection information.
privilege PRIV_PROC_CHROOT
Allows a process to change its root directory.
privilege PRIV_PROC_CLOCK_HIGHRES
Allows a process to use high resolution timers.
basic privilege PRIV_PROC_EXEC
Allows a process to call execve().
basic privilege PRIV_PROC_FORK
Allows a process to call fork1()/forkall()/vfork()
basic privilege PRIV_PROC_INFO
Allows a process to examine the status of processes other
than those it can send signals to. Processes which cannot
be examined cannot be seen in /proc and appear not to exist.
privilege PRIV_PROC_LOCK_MEMORY
Allows a process to lock pages in physical memory.
privilege PRIV_PROC_MEMINFO
Allows a process to access physical memory information.
privilege PRIV_PROC_OWNER
Allows a process to send signals to other processes, inspect
and modify process state to other processes regardless of
ownership. When modifying another process, additional
restrictions apply: the effective privilege set of the
attaching process must be a superset of the target process'
has any uid set to 0 all privilege must be asserted unless the
effective uid is 0.
Allows a process to bind arbitrary processes to CPUs.
privilege PRIV_PROC_PRIOUP
Allows a process to elevate its priority above its current level.
privilege PRIV_PROC_PRIOCNTL
Allows all that PRIV_PROC_PRIOUP allows.
Allows a process to change its scheduling class to any scheduling class,
including the RT class.
basic privilege PRIV_PROC_SECFLAGS
Allows a process to manipulate the secflags of processes (subject to,
additionally, the ability to signal that process)
basic privilege PRIV_PROC_SESSION
Allows a process to send signals or trace processes outside its
session.
unsafe privilege PRIV_PROC_SETID
Allows a process to set its uids at will.
Assuming uid 0 requires all privileges to be asserted.
privilege PRIV_PROC_TASKID
Allows a process to assign a new task ID to the calling process.
privilege PRIV_PROC_ZONE
Allows a process to trace or send signals to processes in
other zones.
privilege PRIV_SYS_ACCT
Allows a process to enable and disable and manage accounting through
acct(2), getacct(2), putacct(2) and wracct(2).
privilege PRIV_SYS_ADMIN
Allows a process to perform system administration tasks such
as setting node and domain name and specifying nscd and coreadm
settings.
privilege PRIV_SYS_AUDIT
Allows a process to start the (kernel) audit daemon.
Allows a process to view and set audit state (audit user ID,
audit terminal ID, audit sessions ID, audit pre-selection mask).
Allows a process to turn off and on auditing.
Allows a process to configure the audit parameters (cache and
queue sizes, event to class mappings, policy options).
privilege PRIV_SYS_CONFIG
Allows a process to perform various system configuration tasks.
Allows a process to add and remove swap devices; when adding a swap
device, a process must also have sufficient privileges to read from
and write to the swap device.
privilege PRIV_SYS_DEVICES
Allows a process to successfully call a kernel module that
calls the kernel drv_priv(9F) function to check for allowed
access.
Allows a process to open the real console device directly.
Allows a process to open devices that have been exclusively opened.
privilege PRIV_SYS_IPC_CONFIG
Allows a process to increase the size of a System V IPC Message
Queue buffer.
privilege PRIV_SYS_LINKDIR
Allows a process to unlink and link directories.
privilege PRIV_SYS_MOUNT
Allows filesystem specific administrative procedures, such as
of snapshots.
Allows a process to mount and unmount filesystems which would
otherwise be restricted (i.e., most filesystems except
namefs).
A process performing a mount operation needs to have
appropriate access to the device being mounted (read-write for
"rw" mounts, read for "ro" mounts).
A process performing any of the aforementioned
access to the mount point.
Only regular files and directories can serve as mount points
for processes which do not have all zone privileges asserted.
Unless a process has all zone privileges, the mount(2)
system call will force the "nosuid" and "restrict" options, the
latter only for autofs mountpoints.
Regardless of privileges, a process running in a non-global zone may
only control mounts performed from within said zone.
Outside the global zone, the "nodevices" option is always forced.
privilege PRIV_SYS_IPTUN_CONFIG
Allows a process to configure IP tunnel links.
privilege PRIV_SYS_DL_CONFIG
Allows a process to configure all classes of datalinks, including
configuration allowed by PRIV_SYS_IPTUN_CONFIG.
privilege PRIV_SYS_IP_CONFIG
string form.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_VIRT_MANAGE
Allows a process to manage virtualized environments such as
xVM(5).
privilege PRIV_WIN_COLORMAP
Allows a process to override colormap restrictions.
Allows a process to install or remove colormaps.
Allows a process to retrieve colormap cell entries allocated
by other processes.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_CONFIG
Allows a process to configure or destroy resources that are
permanently retained by the X server.
Allows a process to use SetScreenSaver to set the screen
saver timeout value.
Allows a process to use ChangeHosts to modify the display
access control list.
Allows a process to use GrabServer.
Allows a process to use the SetCloseDownMode request which
may retain window, pixmap, colormap, property, cursor, font,
or graphic context resources.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_DAC_READ
Allows a process to read from a window resource that it does
not own (has a different user ID).
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_DAC_WRITE
Allows a process to write to or create a window resource that
it does not own (has a different user ID). A newly created
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_SELECTION
Allows a process to request inter-window data moves without the
intervention of the selection confirmer.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_UPGRADE_SL
Allows a process to set the sensitivity label of a window
resource to a sensitivity label that dominates the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_XVM_CONTROL
Allows a process access to the xVM(5) control devices for
managing guest domains and the hypervisor. This privilege is
used only if booted into xVM on x86 platforms.
set PRIV_EFFECTIVE
Set of privileges currently in effect.
set PRIV_INHERITABLE
Set of privileges that comes into effect on exec.
set PRIV_PERMITTED
Set of privileges that can be put into the effective set without
restriction.
set PRIV_LIMIT
Set of privileges that determines the absolute upper bound of
privileges this process and its off-spring can obtain.