17c478bd9Sstevel@tonic-gate/* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate/* 22134a1f4eSCasper H.S. Dik * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 2337294019SJerry Jelinek * Copyright 2015, Joyent, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * 257c478bd9Sstevel@tonic-gateINSERT COMMENT 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate# 297c478bd9Sstevel@tonic-gate# Privileges can be added to this file at any location, not 307c478bd9Sstevel@tonic-gate# necessarily at the end. For patches, it is probably best to 317c478bd9Sstevel@tonic-gate# add the new privilege at the end; for ordinary releases privileges 327c478bd9Sstevel@tonic-gate# should be ordered alphabetically. 337c478bd9Sstevel@tonic-gate# 347c478bd9Sstevel@tonic-gate 357c478bd9Sstevel@tonic-gateprivilege PRIV_CONTRACT_EVENT 367c478bd9Sstevel@tonic-gate 377c478bd9Sstevel@tonic-gate Allows a process to request critical events without limitation. 387c478bd9Sstevel@tonic-gate Allows a process to request reliable delivery of all events on 397c478bd9Sstevel@tonic-gate any event queue. 407c478bd9Sstevel@tonic-gate 417b209c2cSacruzprivilege PRIV_CONTRACT_IDENTITY 42b26a64aeSjohnlev 437b209c2cSacruz Allows a process to set the service FMRI value of a process 447b209c2cSacruz contract template. 457b209c2cSacruz 467c478bd9Sstevel@tonic-gateprivilege PRIV_CONTRACT_OBSERVER 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate Allows a process to observe contract events generated by 497c478bd9Sstevel@tonic-gate contracts created and owned by users other than the process's 507c478bd9Sstevel@tonic-gate effective user ID. 517c478bd9Sstevel@tonic-gate Allows a process to open contract event endpoints belonging to 527c478bd9Sstevel@tonic-gate contracts created and owned by users other than the process's 537c478bd9Sstevel@tonic-gate effective user ID. 547c478bd9Sstevel@tonic-gate 557c478bd9Sstevel@tonic-gateprivilege PRIV_CPC_CPU 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate Allow a process to access per-CPU hardware performance counters. 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gateprivilege PRIV_DTRACE_KERNEL 607c478bd9Sstevel@tonic-gate 617c478bd9Sstevel@tonic-gate Allows DTrace kernel-level tracing. 627c478bd9Sstevel@tonic-gate 637c478bd9Sstevel@tonic-gateprivilege PRIV_DTRACE_PROC 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gate Allows DTrace process-level tracing. 667c478bd9Sstevel@tonic-gate Allows process-level tracing probes to be placed and enabled in 677c478bd9Sstevel@tonic-gate processes to which the user has permissions. 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gateprivilege PRIV_DTRACE_USER 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate Allows DTrace user-level tracing. 727c478bd9Sstevel@tonic-gate Allows use of the syscall and profile DTrace providers to 737c478bd9Sstevel@tonic-gate examine processes to which the user has permissions. 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_CHOWN 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate Allows a process to change a file's owner user ID. 787c478bd9Sstevel@tonic-gate Allows a process to change a file's group ID to one other than 797c478bd9Sstevel@tonic-gate the process' effective group ID or one of the process' 807c478bd9Sstevel@tonic-gate supplemental group IDs. 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_CHOWN_SELF 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate Allows a process to give away its files; a process with this 857c478bd9Sstevel@tonic-gate privilege will run as if {_POSIX_CHOWN_RESTRICTED} is not 867c478bd9Sstevel@tonic-gate in effect. 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_DAC_EXECUTE 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate Allows a process to execute an executable file whose permission 917c478bd9Sstevel@tonic-gate bits or ACL do not allow the process execute permission. 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_DAC_READ 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate Allows a process to read a file or directory whose permission 967c478bd9Sstevel@tonic-gate bits or ACL do not allow the process read permission. 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_DAC_SEARCH 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate Allows a process to search a directory whose permission bits or 1017c478bd9Sstevel@tonic-gate ACL do not allow the process search permission. 1027c478bd9Sstevel@tonic-gate 1037c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_DAC_WRITE 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate Allows a process to write a file or directory whose permission 1067c478bd9Sstevel@tonic-gate bits or ACL do not allow the process write permission. 1077c478bd9Sstevel@tonic-gate In order to write files owned by uid 0 in the absence of an 1087c478bd9Sstevel@tonic-gate effective uid of 0 ALL privileges are required. 1097c478bd9Sstevel@tonic-gate 11045916cd2Sjpkprivilege PRIV_FILE_DOWNGRADE_SL 11145916cd2Sjpk 11245916cd2Sjpk Allows a process to set the sensitivity label of a file or 11345916cd2Sjpk directory to a sensitivity label that does not dominate the 11445916cd2Sjpk existing sensitivity label. 11545916cd2Sjpk This privilege is interpreted only if the system is configured 11645916cd2Sjpk with Trusted Extensions. 11745916cd2Sjpk 118634e26ecSCasper H.S. Dikprivilege PRIV_FILE_FLAG_SET 119634e26ecSCasper H.S. Dik 120634e26ecSCasper H.S. Dik Allows a process to set immutable, nounlink or appendonly 121634e26ecSCasper H.S. Dik file attributes. 122634e26ecSCasper H.S. Dik 1237c478bd9Sstevel@tonic-gatebasic privilege PRIV_FILE_LINK_ANY 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate Allows a process to create hardlinks to files owned by a uid 1267c478bd9Sstevel@tonic-gate different from the process' effective uid. 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_OWNER 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate Allows a process which is not the owner of a file or directory 1317c478bd9Sstevel@tonic-gate to perform the following operations that are normally permitted 1327c478bd9Sstevel@tonic-gate only for the file owner: modify that file's access and 1337c478bd9Sstevel@tonic-gate modification times; remove or rename a file or directory whose 1347c478bd9Sstevel@tonic-gate parent directory has the ``save text image after execution'' 1357c478bd9Sstevel@tonic-gate (sticky) bit set; mount a ``namefs'' upon a file; modify 1367c478bd9Sstevel@tonic-gate permission bits or ACL except for the set-uid and set-gid 1377c478bd9Sstevel@tonic-gate bits. 1387c478bd9Sstevel@tonic-gate 139134a1f4eSCasper H.S. Dikbasic privilege PRIV_FILE_READ 140134a1f4eSCasper H.S. Dik 141134a1f4eSCasper H.S. Dik Allows a process to read objects in the filesystem. 142134a1f4eSCasper H.S. Dik 1437c478bd9Sstevel@tonic-gateprivilege PRIV_FILE_SETID 1447c478bd9Sstevel@tonic-gate 1457c478bd9Sstevel@tonic-gate Allows a process to change the ownership of a file or write to 1467c478bd9Sstevel@tonic-gate a file without the set-user-ID and set-group-ID bits being 1477c478bd9Sstevel@tonic-gate cleared. 1487c478bd9Sstevel@tonic-gate Allows a process to set the set-group-ID bit on a file or 1497c478bd9Sstevel@tonic-gate directory whose group is not the process' effective group or 1507c478bd9Sstevel@tonic-gate one of the process' supplemental groups. 1517c478bd9Sstevel@tonic-gate Allows a process to set the set-user-ID bit on a file with 1527c478bd9Sstevel@tonic-gate different ownership in the presence of PRIV_FILE_OWNER. 1537c478bd9Sstevel@tonic-gate Additional restrictions apply when creating or modifying a 1547c478bd9Sstevel@tonic-gate set-uid 0 file. 1557c478bd9Sstevel@tonic-gate 15645916cd2Sjpkprivilege PRIV_FILE_UPGRADE_SL 15745916cd2Sjpk 15845916cd2Sjpk Allows a process to set the sensitivity label of a file or 15945916cd2Sjpk directory to a sensitivity label that dominates the existing 16045916cd2Sjpk sensitivity label. 16145916cd2Sjpk This privilege is interpreted only if the system is configured 16245916cd2Sjpk with Trusted Extensions. 16345916cd2Sjpk 164134a1f4eSCasper H.S. Dikbasic privilege PRIV_FILE_WRITE 165134a1f4eSCasper H.S. Dik 166134a1f4eSCasper H.S. Dik Allows a process to modify objects in the filesystem. 167134a1f4eSCasper H.S. Dik 16826f24838Scasperprivilege PRIV_GRAPHICS_ACCESS 1697c478bd9Sstevel@tonic-gate 17026f24838Scasper Allows a process to make privileged ioctls to graphics devices. 17126f24838Scasper Typically only xserver process needs to have this privilege. 17226f24838Scasper A process with this privilege is also allowed to perform 17326f24838Scasper privileged graphics device mappings. 1747c478bd9Sstevel@tonic-gate 17526f24838Scasperprivilege PRIV_GRAPHICS_MAP 1767c478bd9Sstevel@tonic-gate 17726f24838Scasper Allows a process to perform privileged mappings through a 17826f24838Scasper graphics device. 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gateprivilege PRIV_IPC_DAC_READ 1817c478bd9Sstevel@tonic-gate 1827c478bd9Sstevel@tonic-gate Allows a process to read a System V IPC 1837c478bd9Sstevel@tonic-gate Message Queue, Semaphore Set, or Shared Memory Segment whose 1847c478bd9Sstevel@tonic-gate permission bits do not allow the process read permission. 1857c478bd9Sstevel@tonic-gate Allows a process to read remote shared memory whose 1867c478bd9Sstevel@tonic-gate permission bits do not allow the process read permission. 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gateprivilege PRIV_IPC_DAC_WRITE 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate Allows a process to write a System V IPC 1917c478bd9Sstevel@tonic-gate Message Queue, Semaphore Set, or Shared Memory Segment whose 1927c478bd9Sstevel@tonic-gate permission bits do not allow the process write permission. 1937c478bd9Sstevel@tonic-gate Allows a process to read remote shared memory whose 1947c478bd9Sstevel@tonic-gate permission bits do not allow the process write permission. 1957c478bd9Sstevel@tonic-gate Additional restrictions apply if the owner of the object has uid 0 1967c478bd9Sstevel@tonic-gate and the effective uid of the current process is not 0. 1977c478bd9Sstevel@tonic-gate 1987c478bd9Sstevel@tonic-gateprivilege PRIV_IPC_OWNER 1997c478bd9Sstevel@tonic-gate 2007c478bd9Sstevel@tonic-gate Allows a process which is not the owner of a System 2017c478bd9Sstevel@tonic-gate V IPC Message Queue, Semaphore Set, or Shared Memory Segment to 2027c478bd9Sstevel@tonic-gate remove, change ownership of, or change permission bits of the 2037c478bd9Sstevel@tonic-gate Message Queue, Semaphore Set, or Shared Memory Segment. 2047c478bd9Sstevel@tonic-gate Additional restrictions apply if the owner of the object has uid 0 2057c478bd9Sstevel@tonic-gate and the effective uid of the current process is not 0. 2067c478bd9Sstevel@tonic-gate 207634e26ecSCasper H.S. Dikbasic privilege PRIV_NET_ACCESS 208634e26ecSCasper H.S. Dik 209634e26ecSCasper H.S. Dik Allows a process to open a TCP, UDP, SDP or SCTP network endpoint. 210634e26ecSCasper H.S. Dik 21145916cd2Sjpkprivilege PRIV_NET_BINDMLP 21245916cd2Sjpk 21345916cd2Sjpk Allow a process to bind to a port that is configured as a 21445916cd2Sjpk multi-level port(MLP) for the process's zone. This privilege 21545916cd2Sjpk applies to both shared address and zone-specific address MLPs. 216*bbf21555SRichard Lowe See tnzonecfg(5) from the Trusted Extensions manual pages for 21745916cd2Sjpk information on configuring MLP ports. 21845916cd2Sjpk This privilege is interpreted only if the system is configured 21945916cd2Sjpk with Trusted Extensions. 22045916cd2Sjpk 2217c478bd9Sstevel@tonic-gateprivilege PRIV_NET_ICMPACCESS 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate Allows a process to send and receive ICMP packets. 2247c478bd9Sstevel@tonic-gate 22545916cd2Sjpkprivilege PRIV_NET_MAC_AWARE 22645916cd2Sjpk 22745916cd2Sjpk Allows a process to set NET_MAC_AWARE process flag by using 22845916cd2Sjpk setpflags(2). This privilege also allows a process to set 22945916cd2Sjpk SO_MAC_EXEMPT socket option by using setsockopt(3SOCKET). 23045916cd2Sjpk The NET_MAC_AWARE process flag and the SO_MAC_EXEMPT socket 23145916cd2Sjpk option both allow a local process to communicate with an 23245916cd2Sjpk unlabeled peer if the local process' label dominates the 23345916cd2Sjpk peer's default label, or if the local process runs in the 23445916cd2Sjpk global zone. 23545916cd2Sjpk This privilege is interpreted only if the system is configured 23645916cd2Sjpk with Trusted Extensions. 23745916cd2Sjpk 2385d3b8cb7SBill Sommerfeldprivilege PRIV_NET_MAC_IMPLICIT 2395d3b8cb7SBill Sommerfeld 2405d3b8cb7SBill Sommerfeld Allows a process to set SO_MAC_IMPLICIT option by using 2415d3b8cb7SBill Sommerfeld setsockopt(3SOCKET). This allows a privileged process to 2425d3b8cb7SBill Sommerfeld transmit implicitly-labeled packets to a peer. 2435d3b8cb7SBill Sommerfeld This privilege is interpreted only if the system is configured 2445d3b8cb7SBill Sommerfeld with Trusted Extensions. 2455d3b8cb7SBill Sommerfeld 246b127ac41SPhilip Kirkprivilege PRIV_NET_OBSERVABILITY 247b127ac41SPhilip Kirk 248b127ac41SPhilip Kirk Allows a process to access /dev/lo0 and the devices in /dev/ipnet/ 249b127ac41SPhilip Kirk while not requiring them to need PRIV_NET_RAWACCESS. 250b127ac41SPhilip Kirk 2517c478bd9Sstevel@tonic-gateprivilege PRIV_NET_PRIVADDR 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate Allows a process to bind to a privileged port 2547c478bd9Sstevel@tonic-gate number. The privilege port numbers are 1-1023 (the traditional 2557c478bd9Sstevel@tonic-gate UNIX privileged ports) as well as those ports marked as 2567c478bd9Sstevel@tonic-gate "udp/tcp_extra_priv_ports" with the exception of the ports 2577c478bd9Sstevel@tonic-gate reserved for use by NFS. 2587c478bd9Sstevel@tonic-gate 2597c478bd9Sstevel@tonic-gateprivilege PRIV_NET_RAWACCESS 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate Allows a process to have direct access to the network layer. 2627c478bd9Sstevel@tonic-gate 2637c478bd9Sstevel@tonic-gateunsafe privilege PRIV_PROC_AUDIT 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate Allows a process to generate audit records. 2667c478bd9Sstevel@tonic-gate Allows a process to get its own audit pre-selection information. 2677c478bd9Sstevel@tonic-gate 2687c478bd9Sstevel@tonic-gateprivilege PRIV_PROC_CHROOT 2697c478bd9Sstevel@tonic-gate 2707c478bd9Sstevel@tonic-gate Allows a process to change its root directory. 2717c478bd9Sstevel@tonic-gate 2727c478bd9Sstevel@tonic-gateprivilege PRIV_PROC_CLOCK_HIGHRES 2737c478bd9Sstevel@tonic-gate 2747c478bd9Sstevel@tonic-gate Allows a process to use high resolution timers. 2757c478bd9Sstevel@tonic-gate 2767c478bd9Sstevel@tonic-gatebasic privilege PRIV_PROC_EXEC 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate Allows a process to call execve(). 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gatebasic privilege PRIV_PROC_FORK 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate Allows a process to call fork1()/forkall()/vfork() 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gatebasic privilege PRIV_PROC_INFO 2857c478bd9Sstevel@tonic-gate 2867c478bd9Sstevel@tonic-gate Allows a process to examine the status of processes other 2877c478bd9Sstevel@tonic-gate than those it can send signals to. Processes which cannot 2887c478bd9Sstevel@tonic-gate be examined cannot be seen in /proc and appear not to exist. 2897c478bd9Sstevel@tonic-gate 2907c478bd9Sstevel@tonic-gateprivilege PRIV_PROC_LOCK_MEMORY 2917c478bd9Sstevel@tonic-gate 2927c478bd9Sstevel@tonic-gate Allows a process to lock pages in physical memory. 2937c478bd9Sstevel@tonic-gate 29437294019SJerry Jelinekprivilege PRIV_PROC_MEMINFO 29537294019SJerry Jelinek 29637294019SJerry Jelinek Allows a process to access physical memory information. 29737294019SJerry Jelinek 2987c478bd9Sstevel@tonic-gateprivilege PRIV_PROC_OWNER 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate Allows a process to send signals to other processes, inspect 3017c478bd9Sstevel@tonic-gate and modify process state to other processes regardless of 3027c478bd9Sstevel@tonic-gate ownership. When modifying another process, additional 3037c478bd9Sstevel@tonic-gate restrictions apply: the effective privilege set of the 3047c478bd9Sstevel@tonic-gate attaching process must be a superset of the target process' 3057c478bd9Sstevel@tonic-gate effective, permitted and inheritable sets; the limit set must 3067c478bd9Sstevel@tonic-gate be a superset of the target's limit set; if the target process 3077c478bd9Sstevel@tonic-gate has any uid set to 0 all privilege must be asserted unless the 3087c478bd9Sstevel@tonic-gate effective uid is 0. 3097c478bd9Sstevel@tonic-gate Allows a process to bind arbitrary processes to CPUs. 3107c478bd9Sstevel@tonic-gate 31124d819e6SJerry Jelinekprivilege PRIV_PROC_PRIOUP 3127c478bd9Sstevel@tonic-gate 3137c478bd9Sstevel@tonic-gate Allows a process to elevate its priority above its current level. 31424d819e6SJerry Jelinek 31524d819e6SJerry Jelinekprivilege PRIV_PROC_PRIOCNTL 31624d819e6SJerry Jelinek 31724d819e6SJerry Jelinek Allows all that PRIV_PROC_PRIOUP allows. 3187c478bd9Sstevel@tonic-gate Allows a process to change its scheduling class to any scheduling class, 3197c478bd9Sstevel@tonic-gate including the RT class. 3207c478bd9Sstevel@tonic-gate 321d2a70789SRichard Lowebasic privilege PRIV_PROC_SECFLAGS 322d2a70789SRichard Lowe 323d2a70789SRichard Lowe Allows a process to manipulate the secflags of processes (subject to, 324d2a70789SRichard Lowe additionally, the ability to signal that process) 325d2a70789SRichard Lowe 3267c478bd9Sstevel@tonic-gatebasic privilege PRIV_PROC_SESSION 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate Allows a process to send signals or trace processes outside its 3297c478bd9Sstevel@tonic-gate session. 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gateunsafe privilege PRIV_PROC_SETID 3327c478bd9Sstevel@tonic-gate 3337c478bd9Sstevel@tonic-gate Allows a process to set its uids at will. 3347c478bd9Sstevel@tonic-gate Assuming uid 0 requires all privileges to be asserted. 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gateprivilege PRIV_PROC_TASKID 3377c478bd9Sstevel@tonic-gate 3387c478bd9Sstevel@tonic-gate Allows a process to assign a new task ID to the calling process. 3397c478bd9Sstevel@tonic-gate 3407c478bd9Sstevel@tonic-gateprivilege PRIV_PROC_ZONE 3417c478bd9Sstevel@tonic-gate 3427c478bd9Sstevel@tonic-gate Allows a process to trace or send signals to processes in 3437c478bd9Sstevel@tonic-gate other zones. 3447c478bd9Sstevel@tonic-gate 3457c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_ACCT 3467c478bd9Sstevel@tonic-gate 3477c478bd9Sstevel@tonic-gate Allows a process to enable and disable and manage accounting through 3487c478bd9Sstevel@tonic-gate acct(2), getacct(2), putacct(2) and wracct(2). 3497c478bd9Sstevel@tonic-gate 3507c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_ADMIN 3517c478bd9Sstevel@tonic-gate 3527c478bd9Sstevel@tonic-gate Allows a process to perform system administration tasks such 3537c478bd9Sstevel@tonic-gate as setting node and domain name and specifying nscd and coreadm 3547c478bd9Sstevel@tonic-gate settings. 3557c478bd9Sstevel@tonic-gate 3567c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_AUDIT 3577c478bd9Sstevel@tonic-gate 3587c478bd9Sstevel@tonic-gate Allows a process to start the (kernel) audit daemon. 3597c478bd9Sstevel@tonic-gate Allows a process to view and set audit state (audit user ID, 3607c478bd9Sstevel@tonic-gate audit terminal ID, audit sessions ID, audit pre-selection mask). 3617c478bd9Sstevel@tonic-gate Allows a process to turn off and on auditing. 3627c478bd9Sstevel@tonic-gate Allows a process to configure the audit parameters (cache and 3637c478bd9Sstevel@tonic-gate queue sizes, event to class mappings, policy options). 3647c478bd9Sstevel@tonic-gate 3657c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_CONFIG 3667c478bd9Sstevel@tonic-gate 3677c478bd9Sstevel@tonic-gate Allows a process to perform various system configuration tasks. 3687c478bd9Sstevel@tonic-gate Allows a process to add and remove swap devices; when adding a swap 3697c478bd9Sstevel@tonic-gate device, a process must also have sufficient privileges to read from 3707c478bd9Sstevel@tonic-gate and write to the swap device. 3717c478bd9Sstevel@tonic-gate 3727c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_DEVICES 3737c478bd9Sstevel@tonic-gate 3747c478bd9Sstevel@tonic-gate Allows a process to successfully call a kernel module that 3757c478bd9Sstevel@tonic-gate calls the kernel drv_priv(9F) function to check for allowed 3767c478bd9Sstevel@tonic-gate access. 3777c478bd9Sstevel@tonic-gate Allows a process to open the real console device directly. 3787c478bd9Sstevel@tonic-gate Allows a process to open devices that have been exclusively opened. 3797c478bd9Sstevel@tonic-gate 3807c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_IPC_CONFIG 3817c478bd9Sstevel@tonic-gate 3827c478bd9Sstevel@tonic-gate Allows a process to increase the size of a System V IPC Message 3837c478bd9Sstevel@tonic-gate Queue buffer. 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_LINKDIR 3867c478bd9Sstevel@tonic-gate 3877c478bd9Sstevel@tonic-gate Allows a process to unlink and link directories. 3887c478bd9Sstevel@tonic-gate 3897c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_MOUNT 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate Allows filesystem specific administrative procedures, such as 3927c478bd9Sstevel@tonic-gate filesystem configuration ioctls, quota calls and creation/deletion 3937c478bd9Sstevel@tonic-gate of snapshots. 3947c478bd9Sstevel@tonic-gate Allows a process to mount and unmount filesystems which would 3957c478bd9Sstevel@tonic-gate otherwise be restricted (i.e., most filesystems except 3967c478bd9Sstevel@tonic-gate namefs). 3977c478bd9Sstevel@tonic-gate A process performing a mount operation needs to have 3987c478bd9Sstevel@tonic-gate appropriate access to the device being mounted (read-write for 3997c478bd9Sstevel@tonic-gate "rw" mounts, read for "ro" mounts). 4007c478bd9Sstevel@tonic-gate A process performing any of the aforementioned 4017c478bd9Sstevel@tonic-gate filesystem operations needs to have read/write/owner 4027c478bd9Sstevel@tonic-gate access to the mount point. 4037c478bd9Sstevel@tonic-gate Only regular files and directories can serve as mount points 4047c478bd9Sstevel@tonic-gate for processes which do not have all zone privileges asserted. 4057c478bd9Sstevel@tonic-gate Unless a process has all zone privileges, the mount(2) 4067c478bd9Sstevel@tonic-gate system call will force the "nosuid" and "restrict" options, the 4077c478bd9Sstevel@tonic-gate latter only for autofs mountpoints. 4087c478bd9Sstevel@tonic-gate Regardless of privileges, a process running in a non-global zone may 4097c478bd9Sstevel@tonic-gate only control mounts performed from within said zone. 4107c478bd9Sstevel@tonic-gate Outside the global zone, the "nodevices" option is always forced. 4117c478bd9Sstevel@tonic-gate 4122b24ab6bSSebastien Royprivilege PRIV_SYS_IPTUN_CONFIG 4132b24ab6bSSebastien Roy 4142b24ab6bSSebastien Roy Allows a process to configure IP tunnel links. 4152b24ab6bSSebastien Roy 416eae72b5bSSebastien Royprivilege PRIV_SYS_DL_CONFIG 417eae72b5bSSebastien Roy 4182b24ab6bSSebastien Roy Allows a process to configure all classes of datalinks, including 4192b24ab6bSSebastien Roy configuration allowed by PRIV_SYS_IPTUN_CONFIG. 420eae72b5bSSebastien Roy 421f4b3ec61Sdh155122privilege PRIV_SYS_IP_CONFIG 4227c478bd9Sstevel@tonic-gate 423eae72b5bSSebastien Roy Allows a process to configure a system's IP interfaces and routes. 4247c478bd9Sstevel@tonic-gate Allows a process to configure network parameters using ndd. 4257c478bd9Sstevel@tonic-gate Allows a process access to otherwise restricted information using ndd. 426f4b3ec61Sdh155122 Allows a process to configure IPsec. 427f4b3ec61Sdh155122 Allows a process to pop anchored STREAMs modules with matching zoneid. 428f4b3ec61Sdh155122 429f4b3ec61Sdh155122privilege PRIV_SYS_NET_CONFIG 430f4b3ec61Sdh155122 431f53eecf5SJames Carlson Allows all that PRIV_SYS_IP_CONFIG, PRIV_SYS_DL_CONFIG, and 432f53eecf5SJames Carlson PRIV_SYS_PPP_CONFIG allow. 4337c478bd9Sstevel@tonic-gate Allows a process to push the rpcmod STREAMs module. 4347c478bd9Sstevel@tonic-gate Allows a process to INSERT/REMOVE STREAMs modules on locations other 4357c478bd9Sstevel@tonic-gate than the top of the module stack. 4367c478bd9Sstevel@tonic-gate 4377c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_NFS 4387c478bd9Sstevel@tonic-gate 4397c478bd9Sstevel@tonic-gate Allows a process to perform Sun private NFS specific system calls. 4407c478bd9Sstevel@tonic-gate Allows a process to bind to ports reserved by NFS: ports 2049 (nfs) 4417c478bd9Sstevel@tonic-gate and port 4045 (lockd). 4427c478bd9Sstevel@tonic-gate 443f53eecf5SJames Carlsonprivilege PRIV_SYS_PPP_CONFIG 444f53eecf5SJames Carlson 445f53eecf5SJames Carlson Allows a process to create and destroy PPP (sppp) interfaces. 446f53eecf5SJames Carlson Allows a process to configure PPP tunnels (sppptun). 447f53eecf5SJames Carlson 448bbf58fc5Sprivilege PRIV_SYS_RES_BIND 449bbf58fc5S 450bbf58fc5S Allows a process to bind processes to processor sets. 451bbf58fc5S 4527c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_RES_CONFIG 4537c478bd9Sstevel@tonic-gate 454bbf58fc5S Allows all that PRIV_SYS_RES_BIND allows. 4557c478bd9Sstevel@tonic-gate Allows a process to create and delete processor sets, assign 4567c478bd9Sstevel@tonic-gate CPUs to processor sets and override the PSET_NOESCAPE property. 4577c478bd9Sstevel@tonic-gate Allows a process to change the operational status of CPUs in 4587c478bd9Sstevel@tonic-gate the system using p_online(2). 4597c478bd9Sstevel@tonic-gate Allows a process to configure resource pools and to bind 4607c478bd9Sstevel@tonic-gate processes to pools 4617c478bd9Sstevel@tonic-gate 4627c478bd9Sstevel@tonic-gateunsafe privilege PRIV_SYS_RESOURCE 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate Allows a process to modify the resource limits specified 4657c478bd9Sstevel@tonic-gate by setrlimit(2) and setrctl(2) without restriction. 4667c478bd9Sstevel@tonic-gate Allows a process to exceed the per-user maximum number of 4677c478bd9Sstevel@tonic-gate processes. 4687c478bd9Sstevel@tonic-gate Allows a process to extend or create files on a filesystem that 4697c478bd9Sstevel@tonic-gate has less than minfree space in reserve. 4707c478bd9Sstevel@tonic-gate 471da6c28aaSamwprivilege PRIV_SYS_SMB 472da6c28aaSamw 473da6c28aaSamw Allows a process to access the Sun private SMB kernel module. 474da6c28aaSamw Allows a process to bind to ports reserved by NetBIOS and SMB: 475da6c28aaSamw ports 137 (NBNS), 138 (NetBIOS Datagram Service), 139 (NetBIOS 476da6c28aaSamw Session Service and SMB-over-NBT) and 445 (SMB-over-TCP). 477da6c28aaSamw 4787c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_SUSER_COMPAT 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate Allows a process to successfully call a third party loadable module 4817c478bd9Sstevel@tonic-gate that calls the kernel suser() function to check for allowed access. 4827c478bd9Sstevel@tonic-gate This privilege exists only for third party loadable module 4837c478bd9Sstevel@tonic-gate compatibility and is not used by Solaris proper. 4847c478bd9Sstevel@tonic-gate 4857c478bd9Sstevel@tonic-gateprivilege PRIV_SYS_TIME 4867c478bd9Sstevel@tonic-gate 4877c478bd9Sstevel@tonic-gate Allows a process to manipulate system time using any of the 4887c478bd9Sstevel@tonic-gate appropriate system calls: stime, adjtime, ntp_adjtime and 4897c478bd9Sstevel@tonic-gate the IA specific RTC calls. 49045916cd2Sjpk 49145916cd2Sjpkprivilege PRIV_SYS_TRANS_LABEL 49245916cd2Sjpk 49345916cd2Sjpk Allows a process to translate labels that are not dominated 49445916cd2Sjpk by the process' sensitivity label to and from an external 49545916cd2Sjpk string form. 49645916cd2Sjpk This privilege is interpreted only if the system is configured 49745916cd2Sjpk with Trusted Extensions. 49845916cd2Sjpk 499b26a64aeSjohnlevprivilege PRIV_VIRT_MANAGE 500b26a64aeSjohnlev 501b26a64aeSjohnlev Allows a process to manage virtualized environments such as 502*bbf21555SRichard Lowe xVM(7). 503b26a64aeSjohnlev 50445916cd2Sjpkprivilege PRIV_WIN_COLORMAP 50545916cd2Sjpk 50645916cd2Sjpk Allows a process to override colormap restrictions. 50745916cd2Sjpk Allows a process to install or remove colormaps. 50845916cd2Sjpk Allows a process to retrieve colormap cell entries allocated 50945916cd2Sjpk by other processes. 51045916cd2Sjpk This privilege is interpreted only if the system is configured 51145916cd2Sjpk with Trusted Extensions. 51245916cd2Sjpk 51345916cd2Sjpkprivilege PRIV_WIN_CONFIG 51445916cd2Sjpk 51545916cd2Sjpk Allows a process to configure or destroy resources that are 51645916cd2Sjpk permanently retained by the X server. 51745916cd2Sjpk Allows a process to use SetScreenSaver to set the screen 51845916cd2Sjpk saver timeout value. 51945916cd2Sjpk Allows a process to use ChangeHosts to modify the display 52045916cd2Sjpk access control list. 52145916cd2Sjpk Allows a process to use GrabServer. 52245916cd2Sjpk Allows a process to use the SetCloseDownMode request which 52345916cd2Sjpk may retain window, pixmap, colormap, property, cursor, font, 52445916cd2Sjpk or graphic context resources. 52545916cd2Sjpk This privilege is interpreted only if the system is configured 52645916cd2Sjpk with Trusted Extensions. 52745916cd2Sjpk 52845916cd2Sjpkprivilege PRIV_WIN_DAC_READ 52945916cd2Sjpk 53045916cd2Sjpk Allows a process to read from a window resource that it does 53145916cd2Sjpk not own (has a different user ID). 53245916cd2Sjpk This privilege is interpreted only if the system is configured 53345916cd2Sjpk with Trusted Extensions. 53445916cd2Sjpk 53545916cd2Sjpkprivilege PRIV_WIN_DAC_WRITE 53645916cd2Sjpk 53745916cd2Sjpk Allows a process to write to or create a window resource that 53845916cd2Sjpk it does not own (has a different user ID). A newly created 53945916cd2Sjpk window property is created with the window's user ID. 54045916cd2Sjpk This privilege is interpreted only if the system is configured 54145916cd2Sjpk with Trusted Extensions. 54245916cd2Sjpk 54345916cd2Sjpkprivilege PRIV_WIN_DEVICES 54445916cd2Sjpk 54545916cd2Sjpk Allows a process to perform operations on window input devices. 54645916cd2Sjpk Allows a process to get and set keyboard and pointer controls. 54745916cd2Sjpk Allows a process to modify pointer button and key mappings. 54845916cd2Sjpk This privilege is interpreted only if the system is configured 54945916cd2Sjpk with Trusted Extensions. 55045916cd2Sjpk 55145916cd2Sjpkprivilege PRIV_WIN_DGA 55245916cd2Sjpk 55345916cd2Sjpk Allows a process to use the direct graphics access (DGA) X protocol 55445916cd2Sjpk extensions. Direct process access to the frame buffer is still 55545916cd2Sjpk required. Thus the process must have MAC and DAC privileges that 55645916cd2Sjpk allow access to the frame buffer, or the frame buffer must be 55745916cd2Sjpk allocated to the process. 55845916cd2Sjpk This privilege is interpreted only if the system is configured 55945916cd2Sjpk with Trusted Extensions. 56045916cd2Sjpk 56145916cd2Sjpkprivilege PRIV_WIN_DOWNGRADE_SL 56245916cd2Sjpk 56345916cd2Sjpk Allows a process to set the sensitivity label of a window resource 56445916cd2Sjpk to a sensitivity label that does not dominate the existing 56545916cd2Sjpk sensitivity label. 56645916cd2Sjpk This privilege is interpreted only if the system is configured 56745916cd2Sjpk with Trusted Extensions. 56845916cd2Sjpk 56945916cd2Sjpkprivilege PRIV_WIN_FONTPATH 57045916cd2Sjpk 57145916cd2Sjpk Allows a process to set a font path. 57245916cd2Sjpk This privilege is interpreted only if the system is configured 57345916cd2Sjpk with Trusted Extensions. 57445916cd2Sjpk 57545916cd2Sjpkprivilege PRIV_WIN_MAC_READ 57645916cd2Sjpk 57745916cd2Sjpk Allows a process to read from a window resource whose sensitivity 57845916cd2Sjpk label is not equal to the process sensitivity label. 57945916cd2Sjpk This privilege is interpreted only if the system is configured 58045916cd2Sjpk with Trusted Extensions. 58145916cd2Sjpk 58245916cd2Sjpkprivilege PRIV_WIN_MAC_WRITE 58345916cd2Sjpk 58445916cd2Sjpk Allows a process to create a window resource whose sensitivity 58545916cd2Sjpk label is not equal to the process sensitivity label. 58645916cd2Sjpk A newly created window property is created with the window's 58745916cd2Sjpk sensitivity label. 58845916cd2Sjpk This privilege is interpreted only if the system is configured 58945916cd2Sjpk with Trusted Extensions. 59045916cd2Sjpk 59145916cd2Sjpkprivilege PRIV_WIN_SELECTION 59245916cd2Sjpk 59345916cd2Sjpk Allows a process to request inter-window data moves without the 59445916cd2Sjpk intervention of the selection confirmer. 59545916cd2Sjpk This privilege is interpreted only if the system is configured 59645916cd2Sjpk with Trusted Extensions. 59745916cd2Sjpk 59845916cd2Sjpkprivilege PRIV_WIN_UPGRADE_SL 59945916cd2Sjpk 60045916cd2Sjpk Allows a process to set the sensitivity label of a window 60145916cd2Sjpk resource to a sensitivity label that dominates the existing 60245916cd2Sjpk sensitivity label. 60345916cd2Sjpk This privilege is interpreted only if the system is configured 60445916cd2Sjpk with Trusted Extensions. 60545916cd2Sjpk 606b26a64aeSjohnlevprivilege PRIV_XVM_CONTROL 607b26a64aeSjohnlev 608*bbf21555SRichard Lowe Allows a process access to the xVM(7) control devices for 609b26a64aeSjohnlev managing guest domains and the hypervisor. This privilege is 610b26a64aeSjohnlev used only if booted into xVM on x86 platforms. 611b26a64aeSjohnlev 6127c478bd9Sstevel@tonic-gateset PRIV_EFFECTIVE 6137c478bd9Sstevel@tonic-gate 6147c478bd9Sstevel@tonic-gate Set of privileges currently in effect. 6157c478bd9Sstevel@tonic-gate 6167c478bd9Sstevel@tonic-gateset PRIV_INHERITABLE 6177c478bd9Sstevel@tonic-gate 6187c478bd9Sstevel@tonic-gate Set of privileges that comes into effect on exec. 6197c478bd9Sstevel@tonic-gate 6207c478bd9Sstevel@tonic-gateset PRIV_PERMITTED 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate Set of privileges that can be put into the effective set without 6237c478bd9Sstevel@tonic-gate restriction. 6247c478bd9Sstevel@tonic-gate 6257c478bd9Sstevel@tonic-gateset PRIV_LIMIT 6267c478bd9Sstevel@tonic-gate 6277c478bd9Sstevel@tonic-gate Set of privileges that determines the absolute upper bound of 6287c478bd9Sstevel@tonic-gate privileges this process and its off-spring can obtain. 629