priv_defs revision f53eecf557986dac6ededb388fedd6ca63be0350
5fbced719b71e659322b4ce3e4a39c9b039674c7Bob Halley * CDDL HEADER START
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington * The contents of this file are subject to the terms of the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence * Common Development and Distribution License (the "License").
599a98b25ca10c501bdf3368eab2a2a951130949Mark Andrews * You may not use this file except in compliance with the License.
5fbced719b71e659322b4ce3e4a39c9b039674c7Bob Halley * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence * or http://www.opensolaris.org/os/licensing.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * See the License for the specific language governing permissions
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * and limitations under the License.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * When distributing Covered Code, include this CDDL HEADER in each
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * If applicable, add the following below this CDDL HEADER, with the
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * fields enclosed by brackets "[]" replaced with your own identifying
15a44745412679c30a6d022733925af70a38b715David Lawrence * information: Portions Copyright [yyyy] [name of copyright owner]
e85ffb301b294d70ddc1d90234788403666bb944David Lawrence * CDDL HEADER END
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson * Use is subject to license terms.
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob AusteinINSERT COMMENT
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson# Privileges can be added to this file at any location, not
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson# necessarily at the end. For patches, it is probably best to
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence# add the new privilege at the end; for ordinary releases privileges
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson Allows a process to request critical events without limitation.
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson Allows a process to request reliable delivery of all events on
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson Allows a process to set the service FMRI value of a process
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to observe contract events generated by
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence contracts created and owned by users other than the process's
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence effective user ID.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to open contract event endpoints belonging to
b897c52f865b2fc4e220e2110b874e59c716456bBob Halley contracts created and owned by users other than the process's
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allow a process to access per-CPU hardware performance counters.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows process-level tracing probes to be placed and enabled in
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows use of the syscall and profile DTrace providers to
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews examine processes to which the user has permissions.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows a process to change a file's owner user ID.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows a process to change a file's group ID to one other than
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews the process' effective group ID or one of the process'
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows a process to give away its files; a process with this
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews Allows a process to execute an executable file whose permission
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews bits or ACL do not allow the process execute permission.
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews Allows a process to read a file or directory whose permission
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews bits or ACL do not allow the process read permission.
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews Allows a process to search a directory whose permission bits or
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews ACL do not allow the process search permission.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows a process to write a file or directory whose permission
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews bits or ACL do not allow the process write permission.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews In order to write files owned by uid 0 in the absence of an
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence effective uid of 0 ALL privileges are required.
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence Allows a process to set the sensitivity label of a file or
8959ca20706f210127d0af1df769fb945c92baeaMark Andrews directory to a sensitivity label that does not dominate the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews This privilege is interpreted only if the system is configured
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows a process to create hardlinks to files owned by a uid
f6161d8b90541b52946ae845bc8e2bec2647d6cbMark Andrewsprivilege PRIV_FILE_OWNER
f6161d8b90541b52946ae845bc8e2bec2647d6cbMark Andrews Allows a process which is not the owner of a file or directory
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews to perform the following operations that are normally permitted
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews only for the file owner: modify that file's access and
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews modification times; remove or rename a file or directory whose
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews parent directory has the ``save text image after execution''
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews (sticky) bit set; mount a ``namefs'' upon a file; modify
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews permission bits or ACL except for the set-uid and set-gid
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to change the ownership of a file or write to
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence a file without the set-user-ID and set-group-ID bits being
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to set the set-group-ID bit on a file or
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence directory whose group is not the process' effective group or
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to set the set-user-ID bit on a file with
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence different ownership in the presence of PRIV_FILE_OWNER.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Additional restrictions apply when creating or modifying a
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to set the sensitivity label of a file or
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence directory to a sensitivity label that dominates the existing
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
86cbec9012b1db3f85789155c38d10c63a96156fAndreas Gustafsson Allows a process to set immutable, nounlink or appendonly
2da2220fe7af2c45724b50b0187523b1fab0cf08Rob Austein Allows a process to make privileged ioctls to graphics devices.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Typically only xserver process needs to have this privilege.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence A process with this privilege is also allowed to perform
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to perform privileged mappings through a
5a48c9f76003a649e16de34fe6206e3b67b97afbBob Halley Message Queue, Semaphore Set, or Shared Memory Segment whose
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence permission bits do not allow the process read permission.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to read remote shared memory whose
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence permission bits do not allow the process read permission.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Message Queue, Semaphore Set, or Shared Memory Segment whose
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence permission bits do not allow the process write permission.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to read remote shared memory whose
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence permission bits do not allow the process write permission.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Additional restrictions apply if the owner of the object has uid 0
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence and the effective uid of the current process is not 0.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process which is not the owner of a System
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence remove, change ownership of, or change permission bits of the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Message Queue, Semaphore Set, or Shared Memory Segment.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Additional restrictions apply if the owner of the object has uid 0
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence and the effective uid of the current process is not 0.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allow a process to bind to a port that is configured as a
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence multi-level port(MLP) for the process's zone. This privilege
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence applies to both shared address and zone-specific address MLPs.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence See tnzonecfg(4) from the Trusted Extensions manual pages for
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence information on configuring MLP ports.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence with Trusted Extensions.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_NET_ICMPACCESS
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to send and receive ICMP packets.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_NET_MAC_AWARE
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to set NET_MAC_AWARE process flag by using
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence setpflags(2). This privilege also allows a process to set
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET).
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence option both allow a local process to communicate with an
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence unlabeled peer if the local process' label dominates the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence peer's default label, or if the local process runs in the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence with Trusted Extensions.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_NET_OBSERVABILITY
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence while not requiring them to need PRIV_NET_RAWACCESS.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_NET_PRIVADDR
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to bind to a privileged port
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence number. The privilege port numbers are 1-1023 (the traditional
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence UNIX privileged ports) as well as those ports marked as
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence "udp/tcp_extra_priv_ports" with the exception of the ports
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence reserved for use by NFS.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_NET_RAWACCESS
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to have direct access to the network layer.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceunsafe privilege PRIV_PROC_AUDIT
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to generate audit records.
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence Allows a process to get its own audit pre-selection information.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_PROC_CHROOT
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to change its root directory.
5a48c9f76003a649e16de34fe6206e3b67b97afbBob Halleyprivilege PRIV_PROC_CLOCK_HIGHRES
3d17258ff6c22bee15e3197d0e61a7ecaba7ed86Mark Andrews Allows a process to use high resolution timers.
6292befae7d18aa1918c958d284dec4957ea31c3Mark Andrewsbasic privilege PRIV_PROC_EXEC
3d17258ff6c22bee15e3197d0e61a7ecaba7ed86Mark Andrews Allows a process to call execve().
3d17258ff6c22bee15e3197d0e61a7ecaba7ed86Mark Andrewsbasic privilege PRIV_PROC_FORK
8959ca20706f210127d0af1df769fb945c92baeaMark Andrews Allows a process to call fork1()/forkall()/vfork()
21abfe71f960bb892e34fc16f6222151c3f7ce99Mark Andrewsbasic privilege PRIV_PROC_INFO
21abfe71f960bb892e34fc16f6222151c3f7ce99Mark Andrews Allows a process to examine the status of processes other
797d71e5bfaae7cc93ee53907bb988741931928eMark Andrews than those it can send signals to. Processes which cannot
797d71e5bfaae7cc93ee53907bb988741931928eMark Andrews be examined cannot be seen in /proc and appear not to exist.
797d71e5bfaae7cc93ee53907bb988741931928eMark Andrewsprivilege PRIV_PROC_LOCK_MEMORY
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to lock pages in physical memory.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_PROC_OWNER
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to send signals to other processes, inspect
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence and modify process state to other processes regardless of
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence ownership. When modifying another process, additional
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence restrictions apply: the effective privilege set of the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence attaching process must be a superset of the target process'
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence effective, permitted and inheritable sets; the limit set must
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence be a superset of the target's limit set; if the target process
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence has any uid set to 0 all privilege must be asserted unless the
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence effective uid is 0.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to bind arbitrary processes to CPUs.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_PROC_PRIOCNTL
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to elevate its priority above its current level.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to change its scheduling class to any scheduling class,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence including the RT class.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrencebasic privilege PRIV_PROC_SESSION
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to send signals or trace processes outside its
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceunsafe privilege PRIV_PROC_SETID
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to set its uids at will.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Assuming uid 0 requires all privileges to be asserted.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_PROC_TASKID
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to assign a new task ID to the calling process.
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrenceprivilege PRIV_PROC_ZONE
4b598d8ae578861d5f3fc1333c9f84c9c9c8be7cDavid Lawrence Allows a process to trace or send signals to processes in
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafssonprivilege PRIV_SYS_ACCT
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to enable and disable and manage accounting through
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence acct(2), getacct(2), putacct(2) and wracct(2).
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_ADMIN
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to perform system administration tasks such
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews as setting node and domain name and specifying nscd and coreadm
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_AUDIT
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to start the (kernel) audit daemon.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to view and set audit state (audit user ID,
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews audit terminal ID, audit sessions ID, audit pre-selection mask).
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to turn off and on auditing.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to configure the audit parameters (cache and
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews queue sizes, event to class mappings, policy options).
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_CONFIG
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to perform various system configuration tasks.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to add and remove swap devices; when adding a swap
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews device, a process must also have sufficient privileges to read from
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews and write to the swap device.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsprivilege PRIV_SYS_DEVICES
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to successfully call a kernel module that
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews calls the kernel drv_priv(9F) function to check for allowed
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to open the real console device directly.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to open devices that have been exclusively opened.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_IPC_CONFIG
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to increase the size of a System V IPC Message
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Queue buffer.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_LINKDIR
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to unlink and link directories.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_MOUNT
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows filesystem specific administrative procedures, such as
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews filesystem configuration ioctls, quota calls and creation/deletion
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews of snapshots.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to mount and unmount filesystems which would
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews otherwise be restricted (i.e., most filesystems except
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews A process performing a mount operation needs to have
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews appropriate access to the device being mounted (read-write for
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews "rw" mounts, read for "ro" mounts).
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews A process performing any of the aforementioned
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews filesystem operations needs to have read/write/owner
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews access to the mount point.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Only regular files and directories can serve as mount points
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews for processes which do not have all zone privileges asserted.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Unless a process has all zone privileges, the mount(2)
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews system call will force the "nosuid" and "restrict" options, the
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews latter only for autofs mountpoints.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Regardless of privileges, a process running in a non-global zone may
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews only control mounts performed from within said zone.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Outside the global zone, the "nodevices" option is always forced.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_DL_CONFIG
7d5dd6b570812327bcd1ada96a5065e22d0981e5Mark Andrews Allows a process to configure a system's datalink interfaces.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to configure a system's IP interfaces and routes.
7d5dd6b570812327bcd1ada96a5065e22d0981e5Mark Andrews Allows a process to configure network parameters using ndd.
144a3203a6e1827d78fb046e92b15ece82e6e378Mark Andrews Allows a process access to otherwise restricted information using ndd.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to configure IPsec.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to pop anchored STREAMs modules with matching zoneid.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_SYS_NET_CONFIG
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows all that PRIV_SYS_IP_CONFIG, PRIV_SYS_DL_CONFIG, and
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence PRIV_SYS_PPP_CONFIG allow.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to push the rpcmod STREAMs module.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Allows a process to INSERT/REMOVE STREAMs modules on locations other
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews than the top of the module stack.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrewsprivilege PRIV_SYS_NFS
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to perform Sun private NFS specific system calls.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
5a6e6c2c9b2f6cf426aa2a682aa800765e26d540Andreas Gustafsson and port 4045 (lockd).
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_SYS_PPP_CONFIG
541ed6feaf687e97990ad19748faeec744158559David Lawrence Allows a process to create and destroy PPP (sppp) interfaces.
599a98b25ca10c501bdf3368eab2a2a951130949Mark Andrews Allows a process to configure PPP tunnels (sppptun).
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrewsprivilege PRIV_SYS_RES_CONFIG
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to create and delete processor sets, assign
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence CPUs to processor sets and override the PSET_NOESCAPE property.
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to change the operational status of CPUs in
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews the system using p_online(2).
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews Allows a process to configure resource pools and to bind
0295f63b67bb09cd4d00dd1d9c2238c37beefed8Mark Andrews processes to pools
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceunsafe privilege PRIV_SYS_RESOURCE
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to modify the resource limits specified
599a98b25ca10c501bdf3368eab2a2a951130949Mark Andrews by setrlimit(2) and setrctl(2) without restriction.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to exceed the per-user maximum number of
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to extend or create files on a filesystem that
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence has less than minfree space in reserve.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_SYS_SMB
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence Allows a process to access the Sun private SMB kernel module.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to bind to ports reserved by NetBIOS and SMB:
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence Session Service and SMB-over-NBT) and 445 (SMB-over-TCP).
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrenceprivilege PRIV_SYS_SUSER_COMPAT
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to successfully call a third party loadable module
7877ad5db24dbad945afc670b2010c70d0d7e2f5Mark Andrews that calls the kernel suser() function to check for allowed access.
14731fe09a82ff330f999236ad40571de033d523Mark Andrews This privilege exists only for third party loadable module
14731fe09a82ff330f999236ad40571de033d523Mark Andrews compatibility and is not used by Solaris proper.
14731fe09a82ff330f999236ad40571de033d523Mark Andrewsprivilege PRIV_SYS_TIME
14731fe09a82ff330f999236ad40571de033d523Mark Andrews Allows a process to manipulate system time using any of the
14731fe09a82ff330f999236ad40571de033d523Mark Andrews appropriate system calls: stime, adjtime, ntp_adjtime and
14731fe09a82ff330f999236ad40571de033d523Mark Andrews the IA specific RTC calls.
14731fe09a82ff330f999236ad40571de033d523Mark Andrewsprivilege PRIV_SYS_TRANS_LABEL
14731fe09a82ff330f999236ad40571de033d523Mark Andrews Allows a process to translate labels that are not dominated
14731fe09a82ff330f999236ad40571de033d523Mark Andrews by the process' sensitivity label to and from an external
14731fe09a82ff330f999236ad40571de033d523Mark Andrews This privilege is interpreted only if the system is configured
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to manage virtualized environments such as
10e873cb368b0ed17a328e5421a0411eb90da0cbMark Andrews Allows a process to override colormap restrictions.
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews Allows a process to install or remove colormaps.
b2e221a37027fd6b909894451a29366162c91d7eMark Andrews Allows a process to retrieve colormap cell entries allocated
c61c6db1cea02006815184845fcf1b633b28163dMark Andrews This privilege is interpreted only if the system is configured
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews Allows a process to configure or destroy resources that are
e107074f370ee86275bd64ab8bcaa429fec1c7e2Mark Andrews Allows a process to use SetScreenSaver to set the screen
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to use ChangeHosts to modify the display
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to use the SetCloseDownMode request which
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence may retain window, pixmap, colormap, property, cursor, font,
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
c968a9ca37964ae0bdc5d452ad784ec93bd04c57David Lawrence Allows a process to read from a window resource that it does
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to write to or create a window resource that
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence it does not own (has a different user ID). A newly created
541ed6feaf687e97990ad19748faeec744158559David Lawrence window property is created with the window's user ID.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence with Trusted Extensions.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_WIN_DEVICES
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to perform operations on window input devices.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to get and set keyboard and pointer controls.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence Allows a process to modify pointer button and key mappings.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence This privilege is interpreted only if the system is configured
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrence with Trusted Extensions.
f4a7d04843eb62c92f2d4ff338da49ae86e3279bDavid Lawrenceprivilege PRIV_WIN_DGA