device_policy revision 7c478bd95313f5f23a4c958a745db2134aa03244
561N/A#
561N/A# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
943N/A# Use is subject to license terms.
561N/A#
561N/A# CDDL HEADER START
919N/A#
919N/A# The contents of this file are subject to the terms of the
919N/A# Common Development and Distribution License, Version 1.0 only
919N/A# (the "License"). You may not use this file except in compliance
919N/A# with the License.
919N/A#
919N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
919N/A# or http://www.opensolaris.org/os/licensing.
919N/A# See the License for the specific language governing permissions
919N/A# and limitations under the License.
919N/A#
919N/A# When distributing Covered Code, include this CDDL HEADER in each
919N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
919N/A# If applicable, add the following below this CDDL HEADER, with the
919N/A# fields enclosed by brackets "[]" replaced with your own identifying
919N/A# information: Portions Copyright [yyyy] [name of copyright owner]
919N/A#
561N/A# CDDL HEADER END
561N/A#
561N/A#ident "%Z%%M% %I% %E% SMI"
561N/A#
561N/A# Device policy configuration file. When devices are opened the
561N/A# additional access controls in this file are enforced.
970N/A#
970N/A# The format of this file is subject to change without notice.
970N/A#
970N/A# Default open privileges, must be first entry in the file.
561N/A#
1043N/A
561N/A* read_priv_set=none write_priv_set=none
911N/A
1043N/A#
1043N/A# Kernel memory devices.
911N/A#
561N/Amm:allkmem read_priv_set=all write_priv_set=all
561N/Amm:kmem read_priv_set=none write_priv_set=all
mm:mem read_priv_set=none write_priv_set=all
sad:admin read_priv_set=sys_config write_priv_set=sys_config
rtvc:rtvc* write_priv_set=none
rtvc:rtvcctl* write_priv_set=sys_config
#
# Socket interface access permissions.
#
icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess
ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess
keysock read_priv_set=sys_net_config write_priv_set=sys_net_config
ipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config
ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config
spdsock read_priv_set=sys_net_config write_priv_set=sys_net_config
#
# Raw network interface access permissions
#
ce read_priv_set=net_rawaccess write_priv_set=net_rawaccess
dmfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
eri read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ge read_priv_set=net_rawaccess write_priv_set=net_rawaccess
hme read_priv_set=net_rawaccess write_priv_set=net_rawaccess
ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess
le read_priv_set=net_rawaccess write_priv_set=net_rawaccess
pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess
qfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess
dld read_priv_set=net_rawaccess write_priv_set=net_rawaccess
#
# Virtual network interface access permission
#
vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess
#
# Disk devices.
#
md:admin write_priv_set=sys_config
fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config
#
# Other devices that require a privilege to open.
#
envctrltwo read_priv_set=sys_config write_priv_set=sys_config
random write_priv_set=sys_devices
openeepr write_priv_set=all
dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config
#
# IP Filter
#
ipf read_priv_set=sys_net_config write_priv_set=sys_net_config
pfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess