Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/os/priv_defs
          +++ new/usr/src/uts/common/os/priv_defs
↓ open down ↓ 300 lines elided ↑ open up ↑
 301  301          and modify process state to other processes regardless of
 302  302          ownership.  When modifying another process, additional
 303  303          restrictions apply:  the effective privilege set of the
 304  304          attaching process must be a superset of the target process'
 305  305          effective, permitted and inheritable sets; the limit set must
 306  306          be a superset of the target's limit set; if the target process
 307  307          has any uid set to 0 all privilege must be asserted unless the
 308  308          effective uid is 0.
 309  309          Allows a process to bind arbitrary processes to CPUs.
 310  310  
 311      -privilege PRIV_PROC_PRIOUP
      311 +# XXX: This is made default merely for test purposes.  DO NOT LEAVE HERE
      312 +default privilege PRIV_PROC_PRIOUP
 312  313  
 313  314          Allows a process to elevate its priority above its current level.
 314  315  
 315  316  privilege PRIV_PROC_PRIOCNTL
 316  317  
 317  318          Allows all that PRIV_PROC_PRIOUP allows.
 318  319          Allows a process to change its scheduling class to any scheduling class,
 319  320          including the RT class.
 320  321  
 321  322  basic privilege PRIV_PROC_SESSION
↓ open down ↓ 302 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX