| PRIV_ACCOUNTING | Allows a process to control the process
accounting system. |
| PRIV_AUDCONTROL | Allows a process to start, modify, and
stop the auditing system. |
| PRIV_CHANGECMPT | Grants a process the ability to change
its compartment. |
| PRIV_CHANGEFILEXSEC | Allows a process to grant privileges to
binaries. |
PRIV_CHOWN | Allows a process to access
the chown() system calls. |
| PRIV_CHROOT | Allows a process to change its root directory. |
| PRIV_CHSUBJIDENT | Allows a process to change its UIDs, GIDs,
and group lists. Also allows a process to leave the suid or sgid bits set on the file when the chown() system call is used. |
| PRIV_CMPTREAD | Allows a process to open a file or directory
for reading, executing, or searching, bypassing compartment rules
that otherwise would not permit these operations. |
| PRIV_CMPTWRITE | Allows a process to write to a file or
directory, bypassing compartment rules that otherwise would not permit
this operation. |
| PRIV_COMMALLOWED | Allows a process to override compartment
rules in the IPC and networking subsystems. |
| PRIV_DACREAD | Allows a process to override all discretionary
read, execute, and search access restrictions. |
| PRIV_DACWRITE | Allows a process to override all discretionary
write access restrictions. |
| PRIV_DEVOPS | Allows a process to do device-specific
administrative operations, such as tape or disk formatting. |
| PRIV_DLKM | Allows a process to load a kernel module, get information
about a loaded kernel module, and change global search paths for a
dynamically loadable kernel module. |
| PRIV_FSINTEGRITY | Allows a process to perform disk operations
such as removing or modifying the size or boundaries of disk partitions,
or to import and export an LVM volume group across the system. |
| PRIV_LIMIT | Allows a process to set resource and priority
limits beyond the maximum limit values. |
PRIV_LOCKRDONLY | Allows a process to use the lockf() system call to lock files opened with read-only
permission. |
| PRIV_MKNOD | Allows a process to create character or
block special files using the mknod() system
call. |
PRIV_MLOCK | Allows a process to access
the plock system call. |
| PRIV_MOUNT | Allows a process to mount and unmount
a file system using the mount() and umount() system calls. |
PRIV_MPCTL | Allows a process to change
processor binding, locality domain binding, or launch policy. |
| PRIV_NETADMIN | Allows a process to perform network administrative
operations including configuring the network routing tables and querying
interface information. |
PRIV_NETPRIVPORT | Allows a process to bind
to a privileged port. By default, port numbers 0-1023 are privileged
ports. |
PRIV_NETPROMISCUOUS | Allows a process to configure
an interface to listen in promiscuous mode. |
PRIV_NETRAWACCESS | Allows a process to access
the raw internet network protocols. |
PRIV_OBJSUID | Allows a process to set the suid or sgid bits on any file if
the process has the OWNER privilege. It also allows a process to change
the ownership of a file without clearing the suid or sgid bits, provided that the process is
allowed to change the ownership of the file. |
PRIV_OWNER | Allows a process to override
all restrictions with respect to UID matching the owner of the file
or resource. |
PRIV_PSET | Allows a process to change the
system pset configuration. |
PRIV_REBOOT | Allows a process to perform
reboot operations. |
PRIV_RTPRIO | Allows a process to access
the rtprio() system call. |
| PRIV_RTPSET | Allows a process to control RTE
psets. |
PRIV_RTSCHED | Allows a process to set POSIX.4
real-time priorities. |
PRIV_RULESCONFIG | Allows a process to add and
modify compartment rules on the system. |
PRIV_SELFAUDIT | Allows a process to generate auditing
records for itself using audwrite() system call. |
PRIV_SERIALIZE | Allows a process to use the serialize() system call force a target process to run
serially with other processes marked for serialization. |
| PRIV_SPUCTL | Allows a process to do certain administrative
operations in the Instant Capacity product. |
PRIV_SYSATTR | Allows a process to manage
system attributes, including the setting of tunables, modifying the
host name, domain name, and user quotas. |
PRIV_SYSNFS | Allows a process to perform
NFS operations like exporting a file system, the getfh() system call, NFS file locking, revoking NFS authentication, and
creating an NFS kernel daemon thread. |
| PRIV_TRIALMODE | Allows a process to log trial mode information
to the syslog file. |
Printable version
