priv_defs revision 45916cd2fec6e79bca5dee0421bd39e3c2910d1e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
INSERT COMMENT
*/
#
#
effective user ID.
Allows a process to open contract event endpoints belonging to
contracts created and owned by users other than the process's
privilege PRIV_FILE_OWNER
Allows a process which is not the owner of a file or directory
to perform the following operations that are normally permitted
bits.
ioctls other than AGPIOC_INFO.
privilege PRIV_IPC_DAC_READ
Allows a process to read a System V IPC
Message Queue, Semaphore Set, or Shared Memory Segment whose
permission bits do not allow the process read permission.
Allows a process to read remote shared memory whose
permission bits do not allow the process read permission.
privilege PRIV_IPC_DAC_WRITE
Allows a process to write a System V IPC
Message Queue, Semaphore Set, or Shared Memory Segment whose
permission bits do not allow the process write permission.
Allows a process to read remote shared memory whose
permission bits do not allow the process write permission.
Additional restrictions apply if the owner of the object has uid 0
and the effective uid of the current process is not 0.
privilege PRIV_IPC_OWNER
Allows a process which is not the owner of a System
V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
remove, change ownership of, or change permission bits of the
Message Queue, Semaphore Set, or Shared Memory Segment.
Additional restrictions apply if the owner of the object has uid 0
and the effective uid of the current process is not 0.
privilege PRIV_NET_BINDMLP
Allow a process to bind to a port that is configured as a
effective, permitted and inheritable sets; the limit set must
namefs).
Allows a process to configure network parameters using ndd.
Allows a process access to otherwise restricted information using ndd.
Allows a process to push the rpcmod STREAMs module.
Allows a process to pop anchored STREAMs modules.
than the top of the module stack.
Allows a process to configure IPsec.
privilege PRIV_SYS_NFS
Allows a process to perform Sun private NFS specific system calls.
Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
and port 4045 (lockd).
privilege PRIV_SYS_RES_CONFIG
Allows a process to create and delete processor sets, assign
CPUs to processor sets and override the PSET_NOESCAPE property.
Allows a process to change the operational status of CPUs in
the system using p_online(2).
Allows a process to configure resource pools and to bind
processes to pools
unsafe privilege PRIV_SYS_RESOURCE
Allows a process to modify the resource limits specified
by setrlimit(2) and setrctl(2) without restriction.
Allows a process to exceed the per-user maximum number of
processes.
Allows a process to extend or create files on a filesystem that
has less than minfree space in reserve.
privilege PRIV_SYS_SUSER_COMPAT
Allows a process to successfully call a third party loadable module
that calls the kernel suser() function to check for allowed access.
This privilege exists only for third party loadable module
compatibility and is not used by Solaris proper.
privilege PRIV_SYS_TIME
Allows a process to manipulate system time using any of the
appropriate system calls: stime, adjtime, ntp_adjtime and
the IA specific RTC calls.
privilege PRIV_SYS_TRANS_LABEL
Allows a process to translate labels that are not dominated
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_DEVICES
Allows a process to perform operations on window input devices.
Allows a process to get and set keyboard and pointer controls.
Allows a process to modify pointer button and key mappings.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_DGA
Allows a process to use the direct graphics access (DGA) X protocol
extensions. Direct process access to the frame buffer is still
required. Thus the process must have MAC and DAC privileges that
allow access to the frame buffer, or the frame buffer must be
allocated to the process.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_DOWNGRADE_SL
Allows a process to set the sensitivity label of a window resource
to a sensitivity label that does not dominate the existing
sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_FONTPATH
Allows a process to set a font path.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_MAC_READ
Allows a process to read from a window resource whose sensitivity
label is not equal to the process sensitivity label.
This privilege is interpreted only if the system is configured
with Trusted Extensions.
privilege PRIV_WIN_MAC_WRITE
Allows a process to create a window resource whose sensitivity
label is not equal to the process sensitivity label.
A newly created window property is created with the window's