Copyright 2007 Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
list_devices [-s] [-U uid] [-z zonename] [-a [-w]] -l | -n | -u [device] | [-l | -n | -u] -c dev-class
list_devices [-s] -d dev-type
The list_devices utility lists the allocatable devices in the system according to specified qualifications.
The device and all device special files associated with the device are listed. The device argument is optional and, if it is not present, all relevant devices are listed. If dev-class is present, devices belonging to the specified dev-class are listed. There is no default dev-class.
The following options are supported: -l [-c dev-class | device]
Lists the pathnames of the device special files associated with the device that are allocatable to the current process. If dev-class is specified, lists only the files associated with all devices of the specified device class. If device is specified, lists only the files associated with the specified device.
Lists the pathnames of the device special files associated with the device that are allocatable to the current process but are not currently allocated. If dev-class is specified, lists only the files associated with all devices of the specified device class. If device is specified, lists only the files associated with the specified device.
Silent. Suppresses any diagnostic output.
Lists the pathnames of device special files associated with the device that are allocated to the owner of the current process. If dev-class is specified, lists only the files associated with all devices of the specified device class. If device is specified, lists only the files associated with the specified device.
Uses the user ID uid instead of the real user ID of the current process when performing the list_devices operation. Only a user with the solaris.device.revoke authorization can use this option.
The following options are supported when the system is configured with Trusted Extensions: -a
Lists attributes like authorizations, cleaning programs and labels associated with a device. The list is a single line of semicolon (;) separated key=value pairs for each device in the format:
device=device-name;type=device-type;\e auths=auths;clean=device-exec;\e device-attributes;\e files=device-listwhere device-attributes is the contents of the reserved1 field of device_allocate(4). The field is colon (:) separated.) See device_allocate(4) for a description of these attributes and their format. The -a output has the following keys: auths
Specifies the list of authorizations. The value is auths is described in device_allocate(4).
Specifies the device cleaning script. The value is device-exec as described in device_allocate(4).
Specifies the device name. The value is device-name as described in device_allocate(4).
Specifies the device file paths. The value is device-list as described in device_maps(4).
Specifies the device type. The value is device-type as described in device_allocate(4).
Displays the system-supplied default attributes for the device types managed by device allocation. If dev-type is specified, it lists the default attributes for only that device type.
This option can be used with -a to list the current owner of the device as the key value pair owner=value. value is the uid of the current owner of the device. If the device is unallocated, value is /FREE. If the device is in error state, value is /ERROR. This option also suppresses any diagnostic output.
When specified with the -l option, lists only those non-allocated devices whose label range includes the label of the zonename, and of the allocated devices, only those that are allocated at the same label as that of zonename. When specified with the -n option, lists only those non-allocated devices whose label range includes the label of the zonename. When specified with the -u option, lists only those devices that are allocated at the same label as that of zonename.
Example 1 Listing All Devices
The following example lists all devices available to the caller for allocation:
% list_devices -l device: audio type: audio \e files: /dev/audio /dev/audioctl /dev/sound/0 /dev/sound/0ctl
Example 2 Listing Attributes of All Devices
On a system configured with Trusted Extensions, the following example lists attributes of all devices available to the caller for allocation:
% list_devices -al device=audio1;type=audio;\e auths=solaris.device.allocate;\e clean=/etc/security/lib/audio_clean;\e minlabel=admin_low:maxlabel=admin_high;\e files=/dev/audio1 /dev/audio1ctl /dev/sound/1 /dev/sound/1ctl
Example 3 Listing Attributes Including the Device Owner
On a system configured with Trusted Extensions, the following example lists attributes including the device owner of all devices allocated to the user:
% list_devices -auw device=audio2;type=audio;auths=solaris.device.allocate;\e clean=/etc/security/lib/audio_clean;\e minlabel=admin_low:maxlabel=admin_high:zone=public;\e owner=1234;\e files=/dev/audio2 /dev/audio2ctl /dev/sound/2 /dev/sound/2ctl
The following exit values are returned: 0
Successful completion.
No entry for the specified device.
An error occurred.
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE ATTRIBUTE VALUE |
| Interface Stability See below. |
The invocation is Uncommitted. The options are Uncommitted. The output from the -a and -w options is Uncommitted. All other output is Not-an-Interface.
allocate(1), deallocate(1), bsmconv(1M), dminfo(1M), mkdevalloc(1M), mkdevmaps(1M), device_allocate(4), device_maps(4), attributes(5)
Controlling Access to Devices
The functionality described in this man page is available only if Solaris Auditing has been enabled. See bsmconv(1M) for more information.
On systems configured with Trusted Extensions, the functionality is enabled by default.
/etc/security/dev, mkdevalloc(1M), and mkdevmaps(1M) might not be supported in a future release of the Solaris Operating Environment.