Lines Matching refs:to
4 * The contents of this file are subject to the terms of the
29 # Privileges can be added to this file at any location, not
30 # necessarily at the end. For patches, it is probably best to
37 Allows a process to request critical events without limitation.
38 Allows a process to request reliable delivery of all events on
43 Allows a process to set the service FMRI value of a process
48 Allows a process to observe contract events generated by
51 Allows a process to open contract event endpoints belonging to
57 Allow a process to access per-CPU hardware performance counters.
66 Allows process-level tracing probes to be placed and enabled in
67 processes to which the user has permissions.
72 Allows use of the syscall and profile DTrace providers to
73 examine processes to which the user has permissions.
77 Allows a process to change a file's owner user ID.
78 Allows a process to change a file's group ID to one other than
84 Allows a process to give away its files; a process with this
90 Allows a process to execute an executable file whose permission
95 Allows a process to read a file or directory whose permission
100 Allows a process to search a directory whose permission bits or
105 Allows a process to write a file or directory whose permission
107 In order to write files owned by uid 0 in the absence of an
112 Allows a process to set the sensitivity label of a file or
113 directory to a sensitivity label that does not dominate the
120 Allows a process to set immutable, nounlink or appendonly
125 Allows a process to create hardlinks to files owned by a uid
131 to perform the following operations that are normally permitted
141 Allows a process to read objects in the filesystem.
145 Allows a process to change the ownership of a file or write to
148 Allows a process to set the set-group-ID bit on a file or
151 Allows a process to set the set-user-ID bit on a file with
158 Allows a process to set the sensitivity label of a file or
159 directory to a sensitivity label that dominates the existing
166 Allows a process to modify objects in the filesystem.
170 Allows a process to make privileged ioctls to graphics devices.
171 Typically only xserver process needs to have this privilege.
172 A process with this privilege is also allowed to perform
177 Allows a process to perform privileged mappings through a
182 Allows a process to read a System V IPC
185 Allows a process to read remote shared memory whose
190 Allows a process to write a System V IPC
193 Allows a process to read remote shared memory whose
201 V IPC Message Queue, Semaphore Set, or Shared Memory Segment to
209 Allows a process to open a TCP, UDP, SDP or SCTP network endpoint.
213 Allow a process to bind to a port that is configured as a
215 applies to both shared address and zone-specific address MLPs.
223 Allows a process to send and receive ICMP packets.
227 Allows a process to set NET_MAC_AWARE process flag by using
228 setpflags(2). This privilege also allows a process to set
231 option both allow a local process to communicate with an
240 Allows a process to set SO_MAC_IMPLICIT option by using
241 setsockopt(3SOCKET). This allows a privileged process to
242 transmit implicitly-labeled packets to a peer.
248 Allows a process to access /dev/lo0 and the devices in /dev/ipnet/
249 while not requiring them to need PRIV_NET_RAWACCESS.
253 Allows a process to bind to a privileged port
261 Allows a process to have direct access to the network layer.
265 Allows a process to generate audit records.
266 Allows a process to get its own audit pre-selection information.
270 Allows a process to change its root directory.
274 Allows a process to use high resolution timers.
278 Allows a process to call execve().
282 Allows a process to call fork1()/forkall()/vfork()
286 Allows a process to examine the status of processes other
287 than those it can send signals to. Processes which cannot
288 be examined cannot be seen in /proc and appear not to exist.
292 Allows a process to lock pages in physical memory.
296 Allows a process to send signals to other processes, inspect
297 and modify process state to other processes regardless of
303 has any uid set to 0 all privilege must be asserted unless the
305 Allows a process to bind arbitrary processes to CPUs.
309 Allows a process to elevate its priority above its current level.
314 Allows a process to change its scheduling class to any scheduling class,
319 Allows a process to send signals or trace processes outside its
324 Allows a process to set its uids at will.
325 Assuming uid 0 requires all privileges to be asserted.
329 Allows a process to assign a new task ID to the calling process.
333 Allows a process to trace or send signals to processes in
338 Allows a process to enable and disable and manage accounting through
343 Allows a process to perform system administration tasks such
349 Allows a process to start the (kernel) audit daemon.
350 Allows a process to view and set audit state (audit user ID,
352 Allows a process to turn off and on auditing.
353 Allows a process to configure the audit parameters (cache and
354 queue sizes, event to class mappings, policy options).
358 Allows a process to perform various system configuration tasks.
359 Allows a process to add and remove swap devices; when adding a swap
360 device, a process must also have sufficient privileges to read from
361 and write to the swap device.
365 Allows a process to successfully call a kernel module that
366 calls the kernel drv_priv(9F) function to check for allowed
368 Allows a process to open the real console device directly.
369 Allows a process to open devices that have been exclusively opened.
373 Allows a process to increase the size of a System V IPC Message
378 Allows a process to unlink and link directories.
385 Allows a process to mount and unmount filesystems which would
388 A process performing a mount operation needs to have
389 appropriate access to the device being mounted (read-write for
392 filesystem operations needs to have read/write/owner
393 access to the mount point.
405 Allows a process to configure IP tunnel links.
409 Allows a process to configure all classes of datalinks, including
414 Allows a process to configure a system's IP interfaces and routes.
415 Allows a process to configure network parameters using ndd.
416 Allows a process access to otherwise restricted information using ndd.
417 Allows a process to configure IPsec.
418 Allows a process to pop anchored STREAMs modules with matching zoneid.
424 Allows a process to push the rpcmod STREAMs module.
425 Allows a process to INSERT/REMOVE STREAMs modules on locations other
430 Allows a process to perform Sun private NFS specific system calls.
431 Allows a process to bind to ports reserved by NFS: ports 2049 (nfs)
436 Allows a process to create and destroy PPP (sppp) interfaces.
437 Allows a process to configure PPP tunnels (sppptun).
441 Allows a process to bind processes to processor sets.
446 Allows a process to create and delete processor sets, assign
447 CPUs to processor sets and override the PSET_NOESCAPE property.
448 Allows a process to change the operational status of CPUs in
450 Allows a process to configure resource pools and to bind
451 processes to pools
455 Allows a process to modify the resource limits specified
457 Allows a process to exceed the per-user maximum number of
459 Allows a process to extend or create files on a filesystem that
464 Allows a process to access the Sun private SMB kernel module.
465 Allows a process to bind to ports reserved by NetBIOS and SMB:
471 Allows a process to successfully call a third party loadable module
472 that calls the kernel suser() function to check for allowed access.
478 Allows a process to manipulate system time using any of the
484 Allows a process to translate labels that are not dominated
485 by the process' sensitivity label to and from an external
492 Allows a process to manage virtualized environments such as
497 Allows a process to override colormap restrictions.
498 Allows a process to install or remove colormaps.
499 Allows a process to retrieve colormap cell entries allocated
506 Allows a process to configure or destroy resources that are
508 Allows a process to use SetScreenSaver to set the screen
510 Allows a process to use ChangeHosts to modify the display
512 Allows a process to use GrabServer.
513 Allows a process to use the SetCloseDownMode request which
521 Allows a process to read from a window resource that it does
528 Allows a process to write to or create a window resource that
536 Allows a process to perform operations on window input devices.
537 Allows a process to get and set keyboard and pointer controls.
538 Allows a process to modify pointer button and key mappings.
544 Allows a process to use the direct graphics access (DGA) X protocol
545 extensions. Direct process access to the frame buffer is still
547 allow access to the frame buffer, or the frame buffer must be
548 allocated to the process.
554 Allows a process to set the sensitivity label of a window resource
555 to a sensitivity label that does not dominate the existing
562 Allows a process to set a font path.
568 Allows a process to read from a window resource whose sensitivity
569 label is not equal to the process sensitivity label.
575 Allows a process to create a window resource whose sensitivity
576 label is not equal to the process sensitivity label.
584 Allows a process to request inter-window data moves without the
591 Allows a process to set the sensitivity label of a window
592 resource to a sensitivity label that dominates the existing
599 Allows a process access to the xVM(5) control devices for