1# 2# Copyright 2005 Sun Microsystems, Inc. All rights reserved. 3# Use is subject to license terms. 4# 5# CDDL HEADER START 6# 7# The contents of this file are subject to the terms of the 8# Common Development and Distribution License, Version 1.0 only 9# (the "License"). You may not use this file except in compliance 10# with the License. 11# 12# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 13# or http://www.opensolaris.org/os/licensing. 14# See the License for the specific language governing permissions 15# and limitations under the License. 16# 17# When distributing Covered Code, include this CDDL HEADER in each 18# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 19# If applicable, add the following below this CDDL HEADER, with the 20# fields enclosed by brackets "[]" replaced with your own identifying 21# information: Portions Copyright [yyyy] [name of copyright owner] 22# 23# CDDL HEADER END 24# 25#ident "%Z%%M% %I% %E% SMI" 26# 27# Device policy configuration file. When devices are opened the 28# additional access controls in this file are enforced. 29# 30# The format of this file is subject to change without notice. 31# 32# Default open privileges, must be first entry in the file. 33# 34 35* read_priv_set=none write_priv_set=none 36 37# 38# Kernel memory devices. 39# 40mm:allkmem read_priv_set=all write_priv_set=all 41mm:kmem read_priv_set=none write_priv_set=all 42mm:mem read_priv_set=none write_priv_set=all 43 44sad:admin read_priv_set=sys_config write_priv_set=sys_config 45 46rtvc:rtvc* write_priv_set=none 47rtvc:rtvcctl* write_priv_set=sys_config 48# 49# Socket interface access permissions. 50# 51icmp read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 52icmp6 read_priv_set=net_icmpaccess write_priv_set=net_icmpaccess 53ip read_priv_set=net_rawaccess write_priv_set=net_rawaccess 54ip6 read_priv_set=net_rawaccess write_priv_set=net_rawaccess 55keysock read_priv_set=sys_net_config write_priv_set=sys_net_config 56ipsecah read_priv_set=sys_net_config write_priv_set=sys_net_config 57ipsecesp read_priv_set=sys_net_config write_priv_set=sys_net_config 58spdsock read_priv_set=sys_net_config write_priv_set=sys_net_config 59# 60# Raw network interface access permissions 61# 62ce read_priv_set=net_rawaccess write_priv_set=net_rawaccess 63dmfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess 64eri read_priv_set=net_rawaccess write_priv_set=net_rawaccess 65ge read_priv_set=net_rawaccess write_priv_set=net_rawaccess 66hme read_priv_set=net_rawaccess write_priv_set=net_rawaccess 67ibd read_priv_set=net_rawaccess write_priv_set=net_rawaccess 68le read_priv_set=net_rawaccess write_priv_set=net_rawaccess 69pcelx read_priv_set=net_rawaccess write_priv_set=net_rawaccess 70qfe read_priv_set=net_rawaccess write_priv_set=net_rawaccess 71dld read_priv_set=net_rawaccess write_priv_set=net_rawaccess 72# 73# Virtual network interface access permission 74# 75vni read_priv_set=net_rawaccess write_priv_set=net_rawaccess 76# 77# Disk devices. 78# 79md:admin write_priv_set=sys_config 80fssnap:ctl read_priv_set=sys_config write_priv_set=sys_config 81scsi_vhci:devctl write_priv_set=sys_devices 82# 83# Other devices that require a privilege to open. 84# 85envctrltwo read_priv_set=sys_config write_priv_set=sys_config 86random write_priv_set=sys_devices 87openeepr write_priv_set=all 88dld:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 89aggr:ctl read_priv_set=sys_net_config write_priv_set=sys_net_config 90# 91# IP Filter 92# 93ipf read_priv_set=sys_net_config write_priv_set=sys_net_config 94pfil read_priv_set=net_rawaccess write_priv_set=net_rawaccess 95 96