1# 2# Copyright 2006 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# CDDL HEADER START 6# 7# The contents of this file are subject to the terms of the 8# Common Development and Distribution License (the "License"). 9# You may not use this file except in compliance with the License. 10# 11# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 12# or http://www.opensolaris.org/os/licensing. 13# See the License for the specific language governing permissions 14# and limitations under the License. 15# 16# When distributing Covered Code, include this CDDL HEADER in each 17# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 18# If applicable, add the following below this CDDL HEADER, with the 19# fields enclosed by brackets "[]" replaced with your own identifying 20# information: Portions Copyright [yyyy] [name of copyright owner] 21# 22# CDDL HEADER END 23# 24#ident "%Z%%M% %I% %E% SMI" 25# 26# Device policy configuration file. When devices are opened the 27# additional access controls in this file are enforced. 28# 29# The format of this file is subject to change without notice. 30# 31# Default open privileges, must be first entry in the file. 32# 33 34* read_priv_set=none write_priv_set=none 35 36# 37# Kernel memory devices. 38# 39mm:allkmem read_priv_set=all write_priv_set=all 40mm:kmem read_priv_set=none write_priv_set=all 41mm:mem read_priv_set=none write_priv_set=all 42 43sad:admin read_priv_set=sys_config write_priv_set=sys_config 44 45rtvc:rtvc* write_priv_set=none 46rtvc:rtvcctl* write_priv_set=sys_config 47# 48# Socket interface access permissions. 49# 50icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 51icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 52ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess 53ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess 54keysock read_priv_set=sys_net_config write_priv_set=sys_net_config 55ipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config 56ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config 57spdsock read_priv_set=sys_net_config write_priv_set=sys_net_config 58# 59# Raw network interface access permissions 60# 61ce read_priv_set=net_rawaccess write_priv_set=net_rawaccess 62dmfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess 63eri read_priv_set=net_rawaccess write_priv_set=net_rawaccess 64ge read_priv_set=net_rawaccess write_priv_set=net_rawaccess 65hme read_priv_set=net_rawaccess write_priv_set=net_rawaccess 66ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess 67le read_priv_set=net_rawaccess write_priv_set=net_rawaccess 68pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess 69qfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess 70aggr read_priv_set=net_rawaccess write_priv_set=net_rawaccess 71# 72# Virtual network interface access permission 73# 74vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess 75# 76# Disk devices. 77# 78md:admin write_priv_set=sys_config 79fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config 80scsi_vhci:devctl write_priv_set=sys_devices 81# 82# Other devices that require a privilege to open. 83# 84envctrltwo read_priv_set=sys_config write_priv_set=sys_config 85random write_priv_set=sys_devices 86openeepr write_priv_set=all 87dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 88aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 89# 90# IP Filter 91# 92ipf read_priv_set=sys_net_config write_priv_set=sys_net_config 93pfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess 94 95