1*7c478bd9Sstevel@tonic-gate# 2*7c478bd9Sstevel@tonic-gate# Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate# Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate# 5*7c478bd9Sstevel@tonic-gate# CDDL HEADER START 6*7c478bd9Sstevel@tonic-gate# 7*7c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 8*7c478bd9Sstevel@tonic-gate# Common Development and Distribution License, Version 1.0 only 9*7c478bd9Sstevel@tonic-gate# (the "License"). You may not use this file except in compliance 10*7c478bd9Sstevel@tonic-gate# with the License. 11*7c478bd9Sstevel@tonic-gate# 12*7c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 13*7c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 14*7c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 15*7c478bd9Sstevel@tonic-gate# and limitations under the License. 16*7c478bd9Sstevel@tonic-gate# 17*7c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 18*7c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 19*7c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 20*7c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 21*7c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 22*7c478bd9Sstevel@tonic-gate# 23*7c478bd9Sstevel@tonic-gate# CDDL HEADER END 24*7c478bd9Sstevel@tonic-gate# 25*7c478bd9Sstevel@tonic-gate#ident "%Z%%M% %I% %E% SMI" 26*7c478bd9Sstevel@tonic-gate# 27*7c478bd9Sstevel@tonic-gate# Device policy configuration file. When devices are opened the 28*7c478bd9Sstevel@tonic-gate# additional access controls in this file are enforced. 29*7c478bd9Sstevel@tonic-gate# 30*7c478bd9Sstevel@tonic-gate# The format of this file is subject to change without notice. 31*7c478bd9Sstevel@tonic-gate# 32*7c478bd9Sstevel@tonic-gate# Default open privileges, must be first entry in the file. 33*7c478bd9Sstevel@tonic-gate# 34*7c478bd9Sstevel@tonic-gate 35*7c478bd9Sstevel@tonic-gate* read_priv_set=none write_priv_set=none 36*7c478bd9Sstevel@tonic-gate 37*7c478bd9Sstevel@tonic-gate# 38*7c478bd9Sstevel@tonic-gate# Kernel memory devices. 39*7c478bd9Sstevel@tonic-gate# 40*7c478bd9Sstevel@tonic-gatemm:allkmem read_priv_set=all write_priv_set=all 41*7c478bd9Sstevel@tonic-gatemm:kmem read_priv_set=none write_priv_set=all 42*7c478bd9Sstevel@tonic-gatemm:mem read_priv_set=none write_priv_set=all 43*7c478bd9Sstevel@tonic-gate 44*7c478bd9Sstevel@tonic-gatesad:admin read_priv_set=sys_config write_priv_set=sys_config 45*7c478bd9Sstevel@tonic-gate 46*7c478bd9Sstevel@tonic-gate# 47*7c478bd9Sstevel@tonic-gate# Socket interface access permissions. 48*7c478bd9Sstevel@tonic-gate# 49*7c478bd9Sstevel@tonic-gateicmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 50*7c478bd9Sstevel@tonic-gateicmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 51*7c478bd9Sstevel@tonic-gateip read_priv_set=net_rawaccess write_priv_set=net_rawaccess 52*7c478bd9Sstevel@tonic-gateip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess 53*7c478bd9Sstevel@tonic-gatekeysock read_priv_set=sys_net_config write_priv_set=sys_net_config 54*7c478bd9Sstevel@tonic-gateipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config 55*7c478bd9Sstevel@tonic-gateipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config 56*7c478bd9Sstevel@tonic-gatespdsock read_priv_set=sys_net_config write_priv_set=sys_net_config 57*7c478bd9Sstevel@tonic-gate# 58*7c478bd9Sstevel@tonic-gate# Raw network interface access permissions 59*7c478bd9Sstevel@tonic-gate# 60*7c478bd9Sstevel@tonic-gatednet read_priv_set=net_rawaccess write_priv_set=net_rawaccess 61*7c478bd9Sstevel@tonic-gateelxl read_priv_set=net_rawaccess write_priv_set=net_rawaccess 62*7c478bd9Sstevel@tonic-gateibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess 63*7c478bd9Sstevel@tonic-gateiprb read_priv_set=net_rawaccess write_priv_set=net_rawaccess 64*7c478bd9Sstevel@tonic-gatepcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess 65*7c478bd9Sstevel@tonic-gatee1000g read_priv_set=net_rawaccess write_priv_set=net_rawaccess 66*7c478bd9Sstevel@tonic-gatespwr read_priv_set=net_rawaccess write_priv_set=net_rawaccess 67*7c478bd9Sstevel@tonic-gatedld read_priv_set=net_rawaccess write_priv_set=net_rawaccess 68*7c478bd9Sstevel@tonic-gate# 69*7c478bd9Sstevel@tonic-gate# Virtual network interface access permission 70*7c478bd9Sstevel@tonic-gate# 71*7c478bd9Sstevel@tonic-gatevni read_priv_set=net_rawaccess write_priv_set=net_rawaccess 72*7c478bd9Sstevel@tonic-gate# 73*7c478bd9Sstevel@tonic-gate# Disk devices. 74*7c478bd9Sstevel@tonic-gate# 75*7c478bd9Sstevel@tonic-gatemd:admin write_priv_set=sys_config 76*7c478bd9Sstevel@tonic-gatefssnap:ctl read_priv_set=sys_config write_priv_set=sys_config 77*7c478bd9Sstevel@tonic-gate# 78*7c478bd9Sstevel@tonic-gate# Other devices that require a privilege to open. 79*7c478bd9Sstevel@tonic-gate# 80*7c478bd9Sstevel@tonic-gaterandom write_priv_set=sys_devices 81*7c478bd9Sstevel@tonic-gateopeneepr write_priv_set=all 82*7c478bd9Sstevel@tonic-gatedld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 83*7c478bd9Sstevel@tonic-gateaggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 84*7c478bd9Sstevel@tonic-gate# 85*7c478bd9Sstevel@tonic-gate# IP Filter 86*7c478bd9Sstevel@tonic-gate# 87*7c478bd9Sstevel@tonic-gateipf read_priv_set=sys_net_config write_priv_set=sys_net_config 88*7c478bd9Sstevel@tonic-gatepfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess 89*7c478bd9Sstevel@tonic-gate 90