1# 2# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# CDDL HEADER START 6# 7# The contents of this file are subject to the terms of the 8# Common Development and Distribution License (the "License"). 9# You may not use this file except in compliance with the License. 10# 11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 12# or http://www.opensolaris.org/os/licensing. 13# See the License for the specific language governing permissions 14# and limitations under the License. 15# 16# When distributing Covered Code, include this CDDL HEADER in each 17# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 18# If applicable, add the following below this CDDL HEADER, with the 19# fields enclosed by brackets "[]" replaced with your own identifying 20# information: Portions Copyright [yyyy] [name of copyright owner] 21# 22# CDDL HEADER END 23# 24#ident "%Z%%M% %I% %E% SMI" 25# 26# Device policy configuration file. When devices are opened the 27# additional access controls in this file are enforced. 28# 29# The format of this file is subject to change without notice. 30# 31# Default open privileges, must be first entry in the file. 32# 33 34* read_priv_set=none write_priv_set=none 35 36# 37# Kernel memory devices. 38# 39mm:allkmem read_priv_set=all write_priv_set=all 40mm:kmem read_priv_set=none write_priv_set=all 41mm:mem read_priv_set=none write_priv_set=all 42 43rtvc:rtvc* write_priv_set=none 44rtvc:rtvcctl* write_priv_set=sys_config 45# 46# Socket interface access permissions. 47# 48icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 49icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 50ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess 51ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess 52keysock read_priv_set=sys_ip_config write_priv_set=sys_ip_config 53ipsecah read_priv_set=sys_ip_config write_priv_set=sys_ip_config 54ipsecesp read_priv_set=sys_ip_config write_priv_set=sys_ip_config 55spdsock read_priv_set=sys_ip_config write_priv_set=sys_ip_config 56# 57# Raw network interface access permissions 58# 59ce read_priv_set=net_rawaccess write_priv_set=net_rawaccess 60eri read_priv_set=net_rawaccess write_priv_set=net_rawaccess 61ge read_priv_set=net_rawaccess write_priv_set=net_rawaccess 62hme read_priv_set=net_rawaccess write_priv_set=net_rawaccess 63ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess 64pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess 65qfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess 66aggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess 67vnic read_priv_set=net_rawaccess write_priv_set=net_rawaccess 68softmac read_priv_set=net_rawaccess write_priv_set=net_rawaccess 69# 70# Virtual network interface access permission 71# 72vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess 73# 74# Disk devices. 75# 76md:admin write_priv_set=sys_config 77fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config 78scsi_vhci:devctl write_priv_set=sys_devices 79# 80# Other devices that require a privilege to open. 81# 82envctrltwo read_priv_set=sys_config write_priv_set=sys_config 83random write_priv_set=sys_devices 84openeepr write_priv_set=all 85dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 86aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 87vnic:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 88# 89# IP Filter 90# 91ipf read_priv_set=sys_ip_config write_priv_set=sys_ip_config 92 93