6253N/A#

6238N/A# Copyright 2005 Sun Microsystems, Inc. All rights reserved.

6253N/A# Use is subject to license terms.

6253N/A#

6279N/A# CDDL HEADER START

6330N/A#

6330N/A# The contents of this file are subject to the terms of the

6253N/A# Common Development and Distribution License, Version 1.0 only

6238N/A# (the "License"). You may not use this file except in compliance

6330N/A# with the License.

6238N/A#

6253N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

# or http://www.opensolaris.org/os/licensing.

# See the License for the specific language governing permissions

# and limitations under the License.

#

# When distributing Covered Code, include this CDDL HEADER in each

# file and include the License file at usr/src/OPENSOLARIS.LICENSE.

# If applicable, add the following below this CDDL HEADER, with the

# fields enclosed by brackets "[]" replaced with your own identifying

# information: Portions Copyright [yyyy] [name of copyright owner]

#

# CDDL HEADER END

#

#ident "%Z%%M% %I% %E% SMI"

#

# Device policy configuration file. When devices are opened the

# additional access controls in this file are enforced.

#

# The format of this file is subject to change without notice.

#

# Default open privileges, must be first entry in the file.

#

* read_priv_set=none write_priv_set=none

#

# Kernel memory devices.

#

mm:allkmem read_priv_set=all write_priv_set=all

mm:kmem read_priv_set=none write_priv_set=all

mm:mem read_priv_set=none write_priv_set=all

sad:admin read_priv_set=sys_config write_priv_set=sys_config

rtvc:rtvc* write_priv_set=none

rtvc:rtvcctl* write_priv_set=sys_config

#

# Socket interface access permissions.

#

icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess

icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess

ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess

ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess

keysock read_priv_set=sys_net_config write_priv_set=sys_net_config

ipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config

ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config

spdsock read_priv_set=sys_net_config write_priv_set=sys_net_config

#

# Raw network interface access permissions

#

ce read_priv_set=net_rawaccess write_priv_set=net_rawaccess

dmfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess

eri read_priv_set=net_rawaccess write_priv_set=net_rawaccess

ge read_priv_set=net_rawaccess write_priv_set=net_rawaccess

hme read_priv_set=net_rawaccess write_priv_set=net_rawaccess

ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess

le read_priv_set=net_rawaccess write_priv_set=net_rawaccess

pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess

qfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess

dld read_priv_set=net_rawaccess write_priv_set=net_rawaccess

#

# Virtual network interface access permission

#

vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess

#

# Disk devices.

#

md:admin write_priv_set=sys_config

fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config

scsi_vhci:devctl write_priv_set=sys_devices

#

# Other devices that require a privilege to open.

#

envctrltwo read_priv_set=sys_config write_priv_set=sys_config

random write_priv_set=sys_devices

openeepr write_priv_set=all

dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config

aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config

#

# IP Filter

#

ipf read_priv_set=sys_net_config write_priv_set=sys_net_config

pfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess